rest module to send simple API call to Infoblox for Mac Auth
dominic.stalder at unibe.ch
dominic.stalder at unibe.ch
Wed Sep 25 16:47:42 UTC 2024
Hi Alan
> The name has to be unique.
Thanks, that is good to know.
>> ATTRIBUTE My-Local-Calling-Station-Id-Colon 3000 string
> That's good.
Good for the approvement.
> That should work.
That is what I thought too...
> You need to read the debug output.
> i.e. did it run the "rewrite_calling_station_id" policy? If so, which "if" condition did it run? Why?
> Which one happened?
> Read the debug output.
To be honest, I DID read the debug output, but maybe I am too dumb or it just does not work as I except it to work; please see below statements and debug output:
1. configuration of rewrite_calling_station_id policy:
#
# Add "rewrite_calling_station_id" in the "authorize" and
# "preacct" sections.
#
# Makes Calling-Station-ID conform to what RFC3580 says should
# be provided by 802.1X authenticators.
#
rewrite_calling_station_id {
if (&Calling-Station-Id && (&Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
update request {
&Calling-Station-Id := "%{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
# Format Calling-Station-Id from format xx-xx-xx-xx-xx-xx to xx:xx:xx:xx:xx:xx and assign this to local attribute locCalling-Station-Id-Colon
&My-Local-Calling-Station-Id-Colon := "Test"
}
updated
}
else {
noop
}
}
2. it does run the rewrite_calling_station_id policy:
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(0) policy rewrite_calling_station_id {
3. It does enter / hit the following if statement:
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
4. it does update the request for variable Calling-Station-Id, BUT not for local / custom variable My-Local-Calling-Station-Id-Colon
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(0) update request {
(0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(0) --> AC-DF-A1-B1-F1-5A
(0) &Calling-Station-Id := AC-DF-A1-B1-F1-5A
(0) } # update request = noop
(0) [updated] = updated
***
Full debug output:
(0) Received Access-Request Id 143 from 130.92.42.15:60533 to 130.92.10.33:1812 length 416
(0) User-Name = "acdfa1b1f15a"
(0) User-Password = "acdfa1b1f15a"
(0) Service-Type = Call-Check
(0) Cisco-AVPair = "service-type=Call Check"
(0) Framed-MTU = 1485
(0) Message-Authenticator = 0x7e0b273f4af8061b269ca699c0d04121
(0) Cisco-AVPair = "audit-session-id=0F2A5C820000089D2A064B45"
(0) Cisco-AVPair = "method=mab"
(0) Cisco-AVPair = "client-iif-id=201327528"
(0) Cisco-AVPair = "vlan-id=1876"
(0) NAS-IP-Address = 130.92.42.15
(0) NAS-Port-Type = Wireless-802.11
(0) NAS-Port = 4211
(0) Cisco-AVPair = "cisco-wlan-ssid=xyz-DEV"
(0) Cisco-AVPair = "wlan-profile-name=xyz-DEV"
(0) Called-Station-Id = "60-b9-c0-04-c4-40:xyz-DEV"
(0) Calling-Station-Id = "ac-df-a1-b1-f1-5a"
(0) Airespace-Wlan-Id = 97
(0) NAS-Identifier = "60-b9-c0-04-c4-40:xyz-DEV"
(0) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(0) authorize {
(0) policy rewrite_called_station_id {
(0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) -> TRUE
(0) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(0) update request {
(0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(0) --> 60-B9-C0-04-C4-40
(0) &Called-Station-Id := 60-B9-C0-04-C4-40
(0) } # update request = noop
(0) if ("%{8}") {
(0) EXPAND %{8}
(0) --> xyz-DEV
(0) if ("%{8}") -> TRUE
(0) if ("%{8}") {
(0) update request {
(0) EXPAND %{8}
(0) --> xyz-DEV
(0) &Called-Station-SSID := xyz-DEV
(0) EXPAND %{Called-Station-Id}:%{8}
(0) --> 60-B9-C0-04-C4-40:xyz-DEV
(0) &Called-Station-Id := 60-B9-C0-04-C4-40:xyz-DEV
(0) } # update request = noop
(0) } # if ("%{8}") = noop
(0) [updated] = updated
(0) } # if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) = updated
(0) ... skipping else: Preceding "if" was taken
(0) } # policy rewrite_called_station_id = updated
(0) policy rewrite_calling_station_id {
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(0) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(0) update request {
(0) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(0) --> AC-DF-A1-B1-F1-5A
(0) &Calling-Station-Id := AC-DF-A1-B1-F1-5A
(0) } # update request = noop
(0) [updated] = updated
(0) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(0) ... skipping else: Preceding "if" was taken
(0) } # policy rewrite_calling_station_id = updated
(0) if (NAS-Identifier == "uvisrz0215.insel.ch") {
(0) if (NAS-Identifier == "uvisrz0215.insel.ch") -> FALSE
(0) if (NAS-Port-Type =~ /Wireless-802\.11/i) {
(0) if (NAS-Port-Type =~ /Wireless-802\.11/i) -> TRUE
(0) if (NAS-Port-Type =~ /Wireless-802\.11/i) {
(0) if (Service-Type == Call-Check) {
(0) if (Service-Type == Call-Check) -> TRUE
(0) if (Service-Type == Call-Check) {
rlm_rest (rest): Reserved connection (0)
(0) rest: Expanding URI components
(0) rest: EXPAND https://ib-test.unibe.ch/
(0) rest: --> https://ib-test.unibe.ch/
(0) rest: EXPAND /wapi/v2.11.3/record:host?network=0.0.0.0/0&mac=%{My-Local-Calling-Station-Id-Colon}
(0) rest: --> /wapi/v2.11.3/record:host?network=0.0.0.0/0&mac=
(0) rest: Sending HTTP GET to "https://ib-test.unibe.ch/wapi/v2.11.3/record:host?network=0.0.0.0/0&mac="
(0) rest: EXPAND id_svcinfobloxro_test
(0) rest: --> id_svcinfobloxro_test
(0) rest: EXPAND h_rB*5i.Tkc$aCb
(0) rest: --> h_rB*5i.Tkc$aCb
(0) rest: Processing response header
(0) rest: Status : 200 (OK)
(0) rest: Type : json (application/json)
(0) rest: Adding reply:REST-HTTP-Status-Code = "200"
(0) rest: ERROR: Can't process VP container, expected JSON objectgot "array", skipping...
(0) rest: ERROR: Server returned:
(0) rest: ERROR: []
rlm_rest (rest): Released connection (0)
Need more connections to reach 10 spares
rlm_rest (rest): Opening additional connection (5), 1 of 27 pending slots used
rlm_rest (rest): Connecting to "https://ib-test.unibe.ch/"
(0) [rest] = fail
(0) } # if (Service-Type == Call-Check) = fail
(0) } # if (NAS-Port-Type =~ /Wireless-802\.11/i) = fail
(0) } # authorize = fail
(0) Invalid user (rest: Can't process VP container, expected JSON objectgot "array", skipping...): [acdfa1b1f15a] (from client cisco-wlc-9800-dev-mgmt.wifi.unibe.ch port 4211 cli AC-DF-A1-B1-F1-5A)
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /etc/freeradius/sites-enabled/default
(0) Post-Auth-Type REJECT {
(0) attr_filter.access_reject: EXPAND %{User-Name}
(0) attr_filter.access_reject: --> acdfa1b1f15a
(0) attr_filter.access_reject: Matched entry DEFAULT at line 11
(0) [attr_filter.access_reject] = updated
(0) [eap] = noop
(0) policy remove_reply_message_if_eap {
(0) if (&reply:EAP-Message && &reply:Reply-Message) {
(0) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(0) else {
(0) [noop] = noop
(0) } # else = noop
(0) } # policy remove_reply_message_if_eap = noop
(0) } # Post-Auth-Type REJECT = updated
(0) Login incorrect (rest: Can't process VP container, expected JSON objectgot "array", skipping...): [acdfa1b1f15a] (from client cisco-wlc-9800-dev-mgmt.wifi.unibe.ch port 4211 cli AC-DF-A1-B1-F1-5A)
(0) Delaying response for 1.000000 seconds
Waking up in 0.9 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 143 from 130.92.10.33:1812 to 130.92.42.15:60533 length 38
Waking up in 3.9 seconds.
(1) Received Access-Request Id 151 from 130.92.42.15:60533 to 130.92.10.33:1812 length 417
(1) User-Name = "acdfa1b1f15a"
(1) User-Password = "acdfa1b1f15a"
(1) Service-Type = Call-Check
(1) Cisco-AVPair = "service-type=Call Check"
(1) Framed-MTU = 1485
(1) Message-Authenticator = 0x906b814968c653eba3233d254f02585a
(1) Cisco-AVPair = "audit-session-id=0F2A5C820000089E2A065195"
(1) Cisco-AVPair = "method=mab"
(1) Cisco-AVPair = "client-iif-id=1845494859"
(1) Cisco-AVPair = "vlan-id=1876"
(1) NAS-IP-Address = 130.92.42.15
(1) NAS-Port-Type = Wireless-802.11
(1) NAS-Port = 4211
(1) Cisco-AVPair = "cisco-wlan-ssid=xyz-DEV"
(1) Cisco-AVPair = "wlan-profile-name=xyz-DEV"
(1) Called-Station-Id = "60-b9-c0-04-c4-40:xyz-DEV"
(1) Calling-Station-Id = "ac-df-a1-b1-f1-5a"
(1) Airespace-Wlan-Id = 97
(1) NAS-Identifier = "60-b9-c0-04-c4-40:xyz-DEV"
(1) # Executing section authorize from file /etc/freeradius/sites-enabled/default
(1) authorize {
(1) policy rewrite_called_station_id {
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) -> TRUE
(1) if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) {
(1) update request {
(1) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(1) --> 60-B9-C0-04-C4-40
(1) &Called-Station-Id := 60-B9-C0-04-C4-40
(1) } # update request = noop
(1) if ("%{8}") {
(1) EXPAND %{8}
(1) --> xyz-DEV
(1) if ("%{8}") -> TRUE
(1) if ("%{8}") {
(1) update request {
(1) EXPAND %{8}
(1) --> xyz-DEV
(1) &Called-Station-SSID := xyz-DEV
(1) EXPAND %{Called-Station-Id}:%{8}
(1) --> 60-B9-C0-04-C4-40:xyz-DEV
(1) &Called-Station-Id := 60-B9-C0-04-C4-40:xyz-DEV
(1) } # update request = noop
(1) } # if ("%{8}") = noop
(1) [updated] = updated
(1) } # if (&Called-Station-Id && (&Called-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i)) = updated
(1) ... skipping else: Preceding "if" was taken
(1) } # policy rewrite_called_station_id = updated
(1) policy rewrite_calling_station_id {
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) -> TRUE
(1) if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) {
(1) update request {
(1) EXPAND %{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
(1) --> AC-DF-A1-B1-F1-5A
(1) &Calling-Station-Id := AC-DF-A1-B1-F1-5A
(1) } # update request = noop
(1) [updated] = updated
(1) } # if (&Calling-Station-Id && (&Calling-Station-Id =~ /^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})$/i)) = updated
(1) ... skipping else: Preceding "if" was taken
(1) } # policy rewrite_calling_station_id = updated
(1) if (NAS-Identifier == "uvisrz0215.insel.ch") {
(1) if (NAS-Identifier == "uvisrz0215.insel.ch") -> FALSE
(1) if (NAS-Port-Type =~ /Wireless-802\.11/i) {
(1) if (NAS-Port-Type =~ /Wireless-802\.11/i) -> TRUE
(1) if (NAS-Port-Type =~ /Wireless-802\.11/i) {
(1) if (Service-Type == Call-Check) {
(1) if (Service-Type == Call-Check) -> TRUE
(1) if (Service-Type == Call-Check) {
rlm_rest (rest): Reserved connection (1)
(1) rest: Expanding URI components
(1) rest: EXPAND https://ib-test.unibe.ch/
(1) rest: --> https://ib-test.unibe.ch/
(1) rest: EXPAND /wapi/v2.11.3/record:host?network=0.0.0.0/0&mac=%{My-Local-Calling-Station-Id-Colon}
(1) rest: --> /wapi/v2.11.3/record:host?network=0.0.0.0/0&mac=
(1) rest: Sending HTTP GET to "https://ib-test.unibe.ch/wapi/v2.11.3/record:host?network=0.0.0.0/0&mac="
(1) rest: EXPAND id_svcinfobloxro_test
(1) rest: --> id_svcinfobloxro_test
(1) rest: EXPAND h_rB*5i.Tkc$aCb
(1) rest: --> h_rB*5i.Tkc$aCb
(1) rest: Processing response header
(1) rest: Status : 200 (OK)
(1) rest: Type : json (application/json)
(1) rest: Adding reply:REST-HTTP-Status-Code = "200"
(1) rest: ERROR: Can't process VP container, expected JSON objectgot "array", skipping...
(1) rest: ERROR: Server returned:
(1) rest: ERROR: []
rlm_rest (rest): Released connection (1)
Need more connections to reach 10 spares
rlm_rest (rest): Opening additional connection (6), 1 of 26 pending slots used
rlm_rest (rest): Connecting to "https://ib-test.unibe.ch/"
(1) [rest] = fail
(1) } # if (Service-Type == Call-Check) = fail
(1) } # if (NAS-Port-Type =~ /Wireless-802\.11/i) = fail
(1) } # authorize = fail
(1) Invalid user (rest: Can't process VP container, expected JSON objectgot "array", skipping...): [acdfa1b1f15a] (from client cisco-wlc-9800-dev-mgmt.wifi.unibe.ch port 4211 cli AC-DF-A1-B1-F1-5A)
(1) Using Post-Auth-Type Reject
(1) # Executing group from file /etc/freeradius/sites-enabled/default
(1) Post-Auth-Type REJECT {
(1) attr_filter.access_reject: EXPAND %{User-Name}
(1) attr_filter.access_reject: --> acdfa1b1f15a
(1) attr_filter.access_reject: Matched entry DEFAULT at line 11
(1) [attr_filter.access_reject] = updated
(1) [eap] = noop
(1) policy remove_reply_message_if_eap {
(1) if (&reply:EAP-Message && &reply:Reply-Message) {
(1) if (&reply:EAP-Message && &reply:Reply-Message) -> FALSE
(1) else {
(1) [noop] = noop
(1) } # else = noop
(1) } # policy remove_reply_message_if_eap = noop
(1) } # Post-Auth-Type REJECT = updated
(1) Login incorrect (rest: Can't process VP container, expected JSON objectgot "array", skipping...): [acdfa1b1f15a] (from client cisco-wlc-9800-dev-mgmt.wifi.unibe.ch port 4211 cli AC-DF-A1-B1-F1-5A)
(1) Delaying response for 1.000000 seconds
Waking up in 0.9 seconds.
(1) Sending delayed response
(1) Sent Access-Reject Id 151 from 130.92.10.33:1812 to 130.92.42.15:60533 length 38
Waking up in 2.3 seconds.
(0) Cleaning up request packet ID 143 with timestamp +8 due to cleanup_delay was reached
Waking up in 1.6 seconds.
(1) Cleaning up request packet ID 151 with timestamp +10 due to cleanup_delay was reached
Ready to process requests
I hope, you now can understand, why I am a little perplexed by the debug output; I just can't read something that is not present in the output and I don't know why, this part is not "hit"?
Regards
Dominic
Am 25.09.24, 17:15 schrieb "Freeradius-Users im Auftrag von Alan DeKok" <freeradius-users-bounces+dominic.stalder=unibe.ch at lists.freeradius.org <mailto:unibe.ch at lists.freeradius.org> im Auftrag von aland at deployingradius.com <mailto:aland at deployingradius.com>>:
On Sep 25, 2024, at 7:40 AM, <dominic.stalder at unibe.ch <mailto:dominic.stalder at unibe.ch>> <dominic.stalder at unibe.ch <mailto:dominic.stalder at unibe.ch>> wrote:
> Still struggling with assigning a value to the local / custom attribute:
>
> 1. added it to /etc/freeradius/dictionary like this:
>
> --> does it need to have a naming like My-Local-xxx or are we completely free there?
The name has to be unique.
> ATTRIBUTE My-Local-Calling-Station-Id-Colon 3000 string
That's good.
> 2. tried to add a value to the local / custom attribute in /etc/freeradius/policy.d/canonicalization:
>
> rewrite_calling_station_id {
> if (&Calling-Station-Id && (&Calling-Station-Id =~ /^${policy.mac-addr-regexp}$/i)) {
> update request {
> &Calling-Station-Id := "%{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}"
>
> &My-Local-Calling-Station-Id-Colon := "Test"
> }
That should work.
> 3. Not able to get the value into /etc/freeradius/mods-available/rest --> the local / custom attribute has an empty value
No.
You need to read the debug output.
i.e. did it run the "rewrite_calling_station_id" policy? If so, which "if" condition did it run? Why?
The point of the debug output is to read it. You can't just send the server a packet, look at the "rest" module, and then ignore the rest of it. So read it. ALL of it. Think about what it's doing.
> I do not see any attribute with Name "My-Local-Calling-Station-Id-Colon" in the freeradius debug output as well.
You (a) saw it run the rewrite_calling_station_id policy, or (b) saw it NOT run the rewrite_calling_station_id policy.
Which one happened?
Read the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html <http://www.freeradius.org/list/users.html>
More information about the Freeradius-Users
mailing list