User file _matching
Hassan, Hazem (Nokia - EG/Cairo)
hazem.hassan at nokia.com
Thu Mar 11 14:44:36 CET 2021
Hi ,
I want to make a different matching-criteria :
Working Scenario :
98:86:5d:90:c2:82 Cleartext-Password := "pass"
Alc-Subsc-Prof-Str = "three_services_1G",
Alc-SLA-Prof-Str = "Internet_1G",
Alc-Subsc-ID-Str = "sub-3",
Framed-IP-Address = 100.0.0.6,
Framed-IP-Netmask = 255.255.255.0,
2 2021/03/11 11:16:29.479 UTC MINOR: DEBUG #2001 management RADIUS
"RADIUS: Transmit
Access-Request(1) 80.194.79.79:1812 id 251 len 289 vrid 4095 pol bng-aaa-pol
USER NAME [1] 17 98:86:5d:90:c2:82
3 2021/03/11 11:16:29.480 UTC MINOR: DEBUG #2001 management RADIUS
"RADIUS: Receive
Access-Accept(2) id 251 len 193 from 80.194.79.79:1812 vrid 4095 pol bng-aaa-pol
VSA [26] 19 Nokia(6527)
SUBSC PROF STR [12] 17 three_services_1G
VSA [26] 13 Nokia(6527)
SLA PROF STR [13] 11 Internet_1G
VSA [26] 7 Nokia(6527)
SUBSC ID STR [11] 5 sub-3
FRAMED IP ADDRESS [8] 4 100.0.0.6
FRAMED IP NETMASK [9] 4 255.255.255.0
FRAMED ROUTE [22] 22 192.168.6.0/24 0.0.0.0
VSA [26] 6 Nokia(6527)
Non-Working Scenario : trying to send the access-request with different format "option-82 circuit-id"
2 2021/03/11 13:18:39.936 UTC MINOR: DEBUG #2001 management RADIUS
"RADIUS: Transmit
Access-Request(1) 80.194.79.79:1812 id 245 len 302 vrid 4095 pol bng-aaa-pol
USER NAME [1] 30 OLT51 eth 1/1/03/01/8/14/1/100
PASSWORD [2] 16 W3EtVOTVYeWJ7NruhPh2ek
NAS IP ADDRESS [4] 4 10.113.139.50
VSA [26] 52 DSL(3561)
AGENT CIRCUIT ID [1] 30 OLT51 eth 1/1/03/01/8/14/1/100
AGENT REMOTE ID [2] 18 ONU 8 Testing DHCP
3 2021/03/11 13:18:40.938 UTC MINOR: DEBUG #2001 management RADIUS
"RADIUS: Receive
Access-Reject(3) id 245 len 20 from 80.194.79.79:1812 vrid 4095 pol bng-aaa-pol
Output from debug mode:
(2) Received Access-Request Id 161 from 10.113.139.50:64509 to 80.194.79.79:1812 length 302
(2) User-Name = "OLT51 eth 1/1/03/01/8/14/1/100"
(2) User-Password = "Nokia"
(2) NAS-IP-Address = 10.113.139.50
(2) ADSL-Agent-Circuit-Id = 0x4f4c5435312065746820312f312f30332f30312f382f31342f312f313030
(2) ADSL-Agent-Remote-Id = 0x4f4e5520382054657374696e672044484350
(2) NAS-Port-Type = Ethernet
(2) NAS-Port-Id = "lag-2:11"
(2) NAS-Identifier = "BNG-SR1"
(2) Alc-Client-Hardware-Addr = "98:86:5d:90:c2:82"
(2) Alc-ToServer-Dhcp-Options = 0x3501013d070198865d90c282370b0103060c0f1c2b364278795234011e4f4c5435312065746820312f312f30332f30312f382f31342f312f31303002124f4e5520382054657374696e672044484350ff
(2) Acct-Session-Id = "785EB0000360B7604A1C96"
(2) Alc-SAP-Session-Index = 1
(2) # Executing section authorize from file /etc/raddb/sites-enabled/default
(2) authorize {
(2) policy filter_username {
(2) if (&User-Name) {
(2) if (&User-Name) -> TRUE
(2) if (&User-Name) {
(2) if (&User-Name =~ / /) {
(2) if (&User-Name =~ / /) -> TRUE
(2) if (&User-Name =~ / /) {
(2) update request {
(2) &Module-Failure-Message += 'Rejected: User-Name contains whitespace'
(2) } # update request = noop
(2) [reject] = reject
(2) } # if (&User-Name =~ / /) = reject
(2) } # if (&User-Name) = reject
(2) } # policy filter_username = reject
(2) } # authorize = reject
(2) Using Post-Auth-Type Reject
(2) # Executing group from file /etc/raddb/sites-enabled/default
(2) Post-Auth-Type REJECT {
(2) attr_filter.access_reject: EXPAND %{User-Name}
(2) attr_filter.access_reject: --> OLT51 eth 1/1/03/01/8/14/1/100
(2) attr_filter.access_reject: Matched entry DEFAULT at line 11
(2) [attr_filter.access_reject] = updated
(2) [eap] = noop
(2) policy remove_reply_message_if_eap {
(2) if (&reply:EAP-Message && &reply:Reply-Message) {
(2) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(2) else {
(2) [noop] = noop
(2) } # else = noop
(2) } # policy remove_reply_message_if_eap = noop
(2) } # Post-Auth-Type REJECT = updated
(2) Delaying response for 1.000000 seconds
Waking up in 0.3 seconds.
Waking up in 0.6 seconds.
(2) Sending delayed response
(2) Sent Access-Reject Id 161 from 80.194.79.79:1812 to 10.113.139.50:64509 length 20
Waking up in 1.9 seconds.
Thanks,
Hazem
More information about the Freeradius-Users
mailing list