Question / Updated RADIUS attribute before proxying (pre-proxy) not sent to proxy server
dominic.stalder at unibe.ch
dominic.stalder at unibe.ch
Thu Oct 24 13:59:14 UTC 2024
Hi guys
When I update the proxy-request instead of the request context, it works:
update proxy-request {
&Called-Station-Id := "00-11-22-33-44-55:eduroam"
}
(20) Sent Access-Request Id 20 from 0.0.0.0:37457 to 130.92.14.27:1812 length 189
(20) Operator-Name := "1unibe.ch"
(20) EAP-Message = 0x02f00028016964696e662e7465737473747564656e744073747564656e74732e756e6962652e6368
(20) User-Name = "xyz"
(20) NAS-IP-Address = 127.0.0.1
(20) Calling-Station-Id := "02-00-00-00-00-01"
(20) NAS-Port-Type = Wireless-802.11
(20) Message-Authenticator = 0x
(20) Proxy-State = 0x38
(20) Called-Station-Id := "00-11-22-33-44-55:eduroam"
As Alain says, it works. But if someone thinks this approach is wrong, just let me know. Otherwise please ignore my request.
Sorry for the inconvenience.
Regards
Dominic
Am 24.10.24, 15:40 schrieb "Freeradius-Users im Auftrag von dominic.stalder at unibe.ch <mailto:dominic.stalder at unibe.ch>" <freeradius-users-bounces+dominic.stalder=unibe.ch at lists.freeradius.org <mailto:unibe.ch at lists.freeradius.org> im Auftrag von dominic.stalder at unibe.ch <mailto:dominic.stalder at unibe.ch>>:
Hi guys
I would like to achieve this:
- if RADIUS request is arriving from a specific IP address (for test purpuses also added 127.0.0.1) and Called-Station-SSID attribute is empty, set this attribute BEFORE proxying to a value “00-11-22-33-44-55:eduroam”
- I added the following to the pre-proxy section in /etc/freeradius/sites-enabled/default:
pre-proxy {
if (Packet-Src-IP-Address == 130.59.31.24 || Packet-Src-IP-Address == 130.59.31.25 || Packet-Src-IP-Address == 127.0.0.1) {
if (!&Called-Station-SSID) {
update request {
&Called-Station-Id := "00-11-22-33-44-55:eduroam"
}
}
}
attr_filter.pre-proxy
}
***
/etc/freeradius/mods-config/attr_filter/pre-proxy looks like this:
DEFAULT
User-Name =* ANY,
User-Password =* ANY,
MS-CHAP-Challenge =* ANY,
MS-CHAP-Response =* ANY,
EAP-Message =* ANY,
Message-Authenticator =* ANY,
State =* ANY,
NAS-IP-Address =* ANY,
NAS-Identifier =* ANY,
NAS-Port-Type =* ANY,
Calling-Station-Id =* ANY,
Called-Station-Id =* ANY,
Proxy-State =* ANY,
Operator-Name := "1unibe.ch"
***
In the debug output, I can see, that the request is updated to "00-11-22-33-44-55:eduroam", but it does not reflect it in the RADIUS proxy request to the backend server, it does not send the Called-Station-Id set before:
(8) Starting proxy to home server 130.92.14.27 port 1812
(8) server default {
(8) # Executing section pre-proxy from file /etc/freeradius/sites-enabled/default
(8) pre-proxy {
(8) if (Packet-Src-IP-Address == 130.59.31.24 || Packet-Src-IP-Address == 130.59.31.25 || Packet-Src-IP-Address == 127.0.0.1) {
(8) EXPAND Packet-Src-IP-Address
(8) --> 127.0.0.1
(8) EXPAND Packet-Src-IP-Address
(8) --> 127.0.0.1
(8) EXPAND Packet-Src-IP-Address
(8) --> 127.0.0.1
(8) if (Packet-Src-IP-Address == 130.59.31.24 || Packet-Src-IP-Address == 130.59.31.25 || Packet-Src-IP-Address == 127.0.0.1) -> TRUE
(8) if (Packet-Src-IP-Address == 130.59.31.24 || Packet-Src-IP-Address == 130.59.31.25 || Packet-Src-IP-Address == 127.0.0.1) {
(8) if (!&Called-Station-SSID) {
(8) if (!&Called-Station-SSID) -> TRUE
(8) if (!&Called-Station-SSID) {
(8) update request {
(8) &Called-Station-Id := "00-11-22-33-44-55:eduroam"
(8) } # update request = noop
(8) } # if (!&Called-Station-SSID) = noop
(8) } # if (Packet-Src-IP-Address == 130.59.31.24 || Packet-Src-IP-Address == 130.59.31.25 || Packet-Src-IP-Address == 127.0.0.1) = noop
(8) } # pre-proxy = noop
(8) }
(8) Proxying request to home server 130.92.14.27 port 1812 timeout 20.000000
(8) Sent Access-Request Id 8 from 0.0.0.0:42294 to 130.92.14.27:1812 length 187
(8) EAP-Message = 0x02fd0028016964696e662e7465737473747564656e744073747564656e74732e756e6962652e6368
(8) User-Name = "xyz"
(8) NAS-IP-Address = 127.0.0.1
(8) Calling-Station-Id := "02-00-00-00-00-01"
(8) Framed-MTU = 1400
(8) NAS-Port-Type = Wireless-802.11
(8) Service-Type = Framed-User
(8) Connect-Info = "CONNECT 11Mbps 802.11b"
(8) Message-Authenticator = 0x
(8) Proxy-State = 0x38
What am I missing in this context or am I updating the wrong “context” (= request)?
Thanks and best regards
Dominic
More information about the Freeradius-Users
mailing list