Auth failed accounts and write to SQL database

Steven Walters steven.walters1 at
Fri Mar 24 09:46:24 UTC 2023

Thanks for the information provided Matthew. I got it working.

I have however a slight challenge when trying to set the Class attribute
instead of updating the database, as suggested.

In the Access-Accept I set the Class attribute equal to reject which works
fine in the case where we have our own BNGs. The value I set is the value I
receive from the BNG in the Accounting-Start message.

However, where we consume network services where we don't use our own BNG,
the PPPoE gets proxied to us by the access provider's RADIUS. Whatever
value we set in the Class they will encode to hex, add IXX  and then encode
to hex again.

For example, if I set Class = reject, I receive:


When I do string:Class I get:


Using a calculator, if I convert 0x72656a656374 from hex to string I get
the value reject.

Using the below I am trying to extract 0x72656a656374 from
IXX0x72656a656374 which I write to Tmp-String-2 and then apply string to
Tmp-String-3. However I end up with Tmp-String-3 = 0x72656a656374 but would
like the original value (reject) I set in the Access-Accept message.

   if ("%{string:Class}" =~ /(IXX)(0x[0-9a-f]{12})/) {
          update request {
              &Tmp-String-2 := "%{2}"
              &Tmp-String-3 := "%{string:Tmp-String-2}"

More information about the Freeradius-Users mailing list