Change Tag in ERX-Service-Activate
Alan DeKok
aland at deployingradius.com
Thu Feb 29 14:12:29 UTC 2024
On Feb 29, 2024, at 5:34 AM, Dave Tomlinson via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> Hoping someone can help. This is using FreeRADIUS 2.2.9.
Oh boy.
2.2.x was marked EOL almost a decade ago. Plus, you should really use 2.2.10:
https://github.com/FreeRADIUS/freeradius-server/blob/release_2_2_10/doc/ChangeLog
> In my RADIUS accept response I need to send the following:
>
> ERX-Service-Activate:1 := "HTTP-REDIRECT(SOME-TEXT)"
>
> The SOME-TEXT here may differ based on different subscribers but that and the attributes are all configured in a database so I've added this one but RADIUS returns:
>
> ERX-Service-Activate:0 := "HTTP-REDIRECT(SOME-TEXT)"
>
> i.e the tag is set to 0 rather than 1. I don't have a field in my table for tags as we've never had need for it any before so assuming it just defaults to 0.
I presume that's SQL?
It should work. The SQL code calls an API pairmake(), which checks for ":" , and then parses the tag.
> All use cases I'm going to have are for ERX-Service-Activate to use a tag of 1 and I have no other attributes that use tags.
>
> So I'm hoping rather than modifying my database table to add a new tag field and updating the code to use that new tag field that there's a way of just adding a something to the RADIUS config that rewrites the tag from 0 to 1 whenever it sees ERX-Service-Activate:0.
That's not really possible in v2. I'm not sure it's even possible in v3.
The short answer for v2 is to just write a little module in C which looks for those attributes, and manually sets the tag. It should be less than 200 lines long, most of which is boilerplate module code. See rlm_example.c for some sample code. Just loop over the reply, looking for the ERX VSAs, and then manually set the tag to 1.
There's lots of example code of looking for, and defining VSAs using the APIs. For VSA magic, see:
src/include/radius.h:#define PW_MSCHAP_RESPONSE ((311 << 16) | 1)
You can then just use the normal pairfind() APIs.
Alan DeKok.
More information about the Freeradius-Users
mailing list