Issue with %{home_server_dynamic:name} dynamic home server and accounting
James Wood
james.wood at purplewifi.com
Mon Jul 15 19:14:31 UTC 2024
Unfortunately this breaks it... it now doesn't even find the dynamically
added home server for authentication requests:
Mon Jul 15 19:08:11 2024 : Debug: (0) if (User-Name =~ /@(.*)$/) {
Mon Jul 15 19:08:11 2024 : Debug: (0) if (User-Name =~ /@(.*)$/) ->
TRUE
Mon Jul 15 19:08:11 2024 : Debug: (0) if (User-Name =~ /@(.*)$/) {
Mon Jul 15 19:08:11 2024 : Debug: (0) switch
%{home_server_dynamic:%{1}} {
Mon Jul 15 19:08:11 2024 : Debug: (0) EXPAND
%{home_server_dynamic:%{1}}
Mon Jul 15 19:08:11 2024 : Debug: (0) -->
Mon Jul 15 19:08:11 2024 : Debug: (0) case {
Mon Jul 15 19:08:11 2024 : Debug: (0) update control {
Mon Jul 15 19:08:11 2024 : Debug: (0) Executing:
%{config:confdir}/mods-config/realm/freeradius-naptr-to-home-server.sh -d
%{config:confdir} %{1} aaa+auth:radius.tls.tcp:
Mon Jul 15 19:08:11 2024 : Debug:
%{config:confdir}/mods-config/realm/freeradius-naptr-to-home-server.sh
Mon Jul 15 19:08:11 2024 : Debug: Parsed xlat tree:
Mon Jul 15 19:08:11 2024 : Debug: xlat --> config
Mon Jul 15 19:08:11 2024 : Debug: {
Mon Jul 15 19:08:11 2024 : Debug: literal --> confdir
Mon Jul 15 19:08:11 2024 : Debug: }
Mon Jul 15 19:08:11 2024 : Debug: literal -->
/mods-config/realm/freeradius-naptr-to-home-server.sh
Mon Jul 15 19:08:11 2024 : Debug: confdir
Mon Jul 15 19:08:11 2024 : Debug: Parsed xlat tree:
Mon Jul 15 19:08:11 2024 : Debug: literal --> confdir
Mon Jul 15 19:08:11 2024 : Debug: (0) EXPAND confdir
Mon Jul 15 19:08:11 2024 : Debug: (0) --> confdir
Mon Jul 15 19:08:11 2024 : Debug: (0) EXPAND
%{config:confdir}/mods-config/realm/freeradius-naptr-to-home-server.sh
Mon Jul 15 19:08:11 2024 : Debug: (0) -->
/usr/local/etc/raddb/mods-config/realm/freeradius-naptr-to-home-server.sh
Mon Jul 15 19:08:11 2024 : Debug: %{config:confdir}
Mon Jul 15 19:08:11 2024 : Debug: Parsed xlat tree:
Mon Jul 15 19:08:11 2024 : Debug: xlat --> config
Mon Jul 15 19:08:11 2024 : Debug: {
Mon Jul 15 19:08:11 2024 : Debug: literal --> confdir
Mon Jul 15 19:08:11 2024 : Debug: }
Mon Jul 15 19:08:11 2024 : Debug: confdir
Mon Jul 15 19:08:11 2024 : Debug: Parsed xlat tree:
Mon Jul 15 19:08:11 2024 : Debug: literal --> confdir
Mon Jul 15 19:08:11 2024 : Debug: (0) EXPAND confdir
Mon Jul 15 19:08:11 2024 : Debug: (0) --> confdir
Mon Jul 15 19:08:11 2024 : Debug: (0) EXPAND %{config:confdir}
Mon Jul 15 19:08:11 2024 : Debug: (0) -->
/usr/local/etc/raddb
Mon Jul 15 19:08:11 2024 : Debug: %{1}
Mon Jul 15 19:08:11 2024 : Debug: Parsed xlat tree:
Mon Jul 15 19:08:11 2024 : Debug: regex-var --> 1
Mon Jul 15 19:08:11 2024 : Debug: (0) EXPAND %{1}
Mon Jul 15 19:08:11 2024 : Debug: (0) --> openroaming.goog
Mon Jul 15 19:08:11 2024 : Debug: Waking up in 0.3 seconds.
Mon Jul 15 19:08:11 2024 : Debug: ... new connection request on command
socket
Mon Jul 15 19:08:11 2024 : Debug: Listening on command file
/usr/local/var/run/radiusd/radiusd.sock
Mon Jul 15 19:08:11 2024 : Debug: Waking up in 0.1 seconds.
Mon Jul 15 19:08:11 2024 : Debug: radmin> add home_server file
/usr/local/etc/raddb/home_servers/openroaming.goog
Mon Jul 15 19:08:11 2024 : Debug: including configuration file
/usr/local/etc/raddb/home_servers/openroaming.goog
Mon Jul 15 19:08:11 2024 : Debug: including configuration file
/usr/local/etc/raddb/home_servers/tls.conf
Mon Jul 15 19:08:11 2024 : Debug: home_server openroaming.goog {
Mon Jul 15 19:08:11 2024 : Debug: nonblock = no
Mon Jul 15 19:08:11 2024 : Debug: ipaddr = radsec.openroaming.goog
IPv4 address [146.148.44.172]
Mon Jul 15 19:08:11 2024 : Debug: port = 2083
Mon Jul 15 19:08:11 2024 : Debug: type = "auth+acct"
Mon Jul 15 19:08:11 2024 : Debug: proto = "tcp"
Mon Jul 15 19:08:11 2024 : Debug: secret = "radsec"
Mon Jul 15 19:08:11 2024 : Debug: response_window = 30.000000
Mon Jul 15 19:08:11 2024 : Debug: response_timeouts = 1
Mon Jul 15 19:08:11 2024 : Debug: max_outstanding = 65536
Mon Jul 15 19:08:11 2024 : Debug: zombie_period = 40
Mon Jul 15 19:08:11 2024 : Debug: status_check = "none"
Mon Jul 15 19:08:11 2024 : Debug: ping_interval = 30
Mon Jul 15 19:08:11 2024 : Debug: check_timeout = 4
Mon Jul 15 19:08:11 2024 : Debug: num_answers_to_alive = 3
Mon Jul 15 19:08:11 2024 : Debug: revive_interval = 300
Mon Jul 15 19:08:11 2024 : Debug: limit {
Mon Jul 15 19:08:11 2024 : Debug: max_connections = 16
Mon Jul 15 19:08:11 2024 : Debug: max_requests = 0
Mon Jul 15 19:08:11 2024 : Debug: lifetime = 0
Mon Jul 15 19:08:11 2024 : Debug: idle_timeout = 0
Mon Jul 15 19:08:11 2024 : Debug: }
Mon Jul 15 19:08:11 2024 : Debug: coa {
Mon Jul 15 19:08:11 2024 : Debug: irt = 2
Mon Jul 15 19:08:11 2024 : Debug: mrt = 16
Mon Jul 15 19:08:11 2024 : Debug: mrc = 5
Mon Jul 15 19:08:11 2024 : Debug: mrd = 30
Mon Jul 15 19:08:11 2024 : Debug: }
Mon Jul 15 19:08:11 2024 : Debug: recv_coa {
Mon Jul 15 19:08:11 2024 : Debug: }
Mon Jul 15 19:08:11 2024 : Debug: }
Mon Jul 15 19:08:11 2024 : Debug: tls {
Mon Jul 15 19:08:11 2024 : Debug: verify_depth = 0
Mon Jul 15 19:08:11 2024 : Debug: pem_file_type = yes
Mon Jul 15 19:08:11 2024 : Debug: private_key_file =
"/usr/local/etc/raddb/certs/new/wba/x.key"
Mon Jul 15 19:08:11 2024 : Debug: certificate_file =
"/usr/local/etc/raddb/certs/new/wba/x.crt"
Mon Jul 15 19:08:11 2024 : Debug: ca_file =
"/usr/local/etc/raddb/certs/new/wba/x.ca"
Mon Jul 15 19:08:11 2024 : Debug: fragment_size = 8192
Mon Jul 15 19:08:11 2024 : Debug: include_length = yes
Mon Jul 15 19:08:11 2024 : Debug: check_crl = no
Mon Jul 15 19:08:11 2024 : Debug: cipher_list = "ALL"
Mon Jul 15 19:08:11 2024 : Debug: ca_path_reload_interval = 0
Mon Jul 15 19:08:11 2024 : Debug: ecdh_curve = "prime256v1"
Mon Jul 15 19:08:11 2024 : Debug: tls_max_version = "1.3"
Mon Jul 15 19:08:11 2024 : Debug: tls_min_version = "1.2"
Mon Jul 15 19:08:11 2024 : Debug: }
Mon Jul 15 19:08:11 2024 : Debug: (0) Program returned code
(0) and output 'openroaming.goog'
Mon Jul 15 19:08:11 2024 : Debug: (0)
&Temp-Home-Server-String := openroaming.goog
Mon Jul 15 19:08:11 2024 : Debug: (0) } # update control = noop
Mon Jul 15 19:08:11 2024 : Debug: (0) if
(&control:Temp-Home-Server-String == "" ) {
Mon Jul 15 19:08:11 2024 : Debug: (0) if
(&control:Temp-Home-Server-String == "" ) -> FALSE
Mon Jul 15 19:08:11 2024 : Debug: (0) else {
Mon Jul 15 19:08:11 2024 : Debug: (0) update control {
Mon Jul 15 19:08:11 2024 : Debug: (0) EXPAND %{1}
Mon Jul 15 19:08:11 2024 : Debug: (0) -->
openroaming.goog
Mon Jul 15 19:08:11 2024 : Debug: (0) &Home-Server-Name :=
openroaming.goog
Mon Jul 15 19:08:11 2024 : Debug: (0) } # update control =
noop
Mon Jul 15 19:08:11 2024 : Debug: (0) } # else = noop
Mon Jul 15 19:08:11 2024 : Debug: (0) } # case = noop
Mon Jul 15 19:08:11 2024 : Debug: (0) } # switch
%{home_server_dynamic:%{1}} = noop
Mon Jul 15 19:08:11 2024 : Debug: (0) } # if (User-Name =~ /@(.*)$/)
= noop
Mon Jul 15 19:08:11 2024 : Debug: (0) modsingle[authorize]: calling
suffix (rlm_realm)
Mon Jul 15 19:08:11 2024 : Debug: (0) suffix: Checking for suffix after "@"
Mon Jul 15 19:08:11 2024 : Debug: (0) suffix: Looking up realm "
openroaming.goog" for User-Name = "anonymous at openroaming.goog"
Mon Jul 15 19:08:11 2024 : Debug: (0) suffix: No such realm "
openroaming.goog"
Mon Jul 15 19:08:11 2024 : Debug: (0) modsingle[authorize]: returned
from suffix (rlm_realm)
Mon Jul 15 19:08:11 2024 : Debug: (0) [suffix] = noop
Mon Jul 15 19:08:11 2024 : Debug: (0) modsingle[authorize]: calling
chap (rlm_chap)
Mon Jul 15 19:08:11 2024 : Debug: (0) modsingle[authorize]: returned
from chap (rlm_chap)
Mon Jul 15 19:08:11 2024 : Debug: (0) [chap] = noop
Mon Jul 15 19:08:11 2024 : Debug: (0) modsingle[authorize]: calling eap
(rlm_eap)
Mon Jul 15 19:08:11 2024 : Debug: (0) eap: Peer sent EAP Response (code 2)
ID 171 length 31
Mon Jul 15 19:08:11 2024 : Debug: (0) eap: EAP-Identity reply, returning
'ok' so we can short-circuit the rest of authorize
Mon Jul 15 19:08:11 2024 : Debug: (0) modsingle[authorize]: returned
from eap (rlm_eap)
Mon Jul 15 19:08:11 2024 : Debug: (0) [eap] = ok
Mon Jul 15 19:08:11 2024 : Debug: (0) } # authorize = ok
Mon Jul 15 19:08:11 2024 : Debug: (0) Proxying due to Home-Server-Name
Mon Jul 15 19:08:11 2024 : WARNING: (0) No such home server openroaming.goog
Mon Jul 15 19:08:11 2024 : Debug: (0) There was no response configured:
rejecting request
Mon Jul 15 19:08:11 2024 : Debug: (0) Using Post-Auth-Type Reject
The contents of home_servers/openroaming.goog:
home_server openroaming.goog {
ipaddr = radsec.openroaming.goog
port = 2083
$INCLUDE tls.conf
}
and tls.conf:
proto = tcp
type = "auth+acct"
secret = radsec
tls {
tls_min_version = "1.2"
tls_max_version = "1.3"
certificate_file = /usr/local/etc/raddb/certs/new/wba/x.crt
private_key_file = /usr/local/etc/raddb/certs/new/wba/x.key
ca_file = /usr/local/etc/raddb/certs/new/wba/x.ca
fragment_size = 8192
cipher_list = "ALL"
}
Is it because of the new type = "auth+acct" being set? It's not finding a
home server to use now?
Thanks
On Mon, 15 Jul 2024 at 17:42, Alan DeKok <aland at deployingradius.com> wrote:
> On Jul 15, 2024, at 9:40 AM, James Wood via Freeradius-Users <
> freeradius-users at lists.freeradius.org> wrote:
> >
> > I upgraded from 3.2.3 to 3.2.5 and had the same problem. Is there a
> > different way I should be checking for the existence of a dynamic
> > home_server?
>
> We've pushed a fix:
> https://github.com/FreeRADIUS/freeradius-server/commit/e4f090e692fe457eed01ea6f90f8074f4ba1f8a4
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list