rest module to send simple API call to Infoblox for Mac Auth
dominic.stalder at unibe.ch
dominic.stalder at unibe.ch
Thu Sep 26 06:53:31 UTC 2024
Hi Matthew
> I suspect FreeRADIUS isn't reading the file you edited, maybe because it's using a different config location. Look at the top of the debug output and check that the file you are editing is actually being included.
Thanks a lot, that was the hint I needed! I went to the office last night and took the debug output I sent in my last response to Alan's previous email. After your response, I restarted today and already wrote quite a long email with all the information included. And while doing that, I found the following two ADDITIONAL lines in the debug output:
including configuration file /etc/freeradius/policy.d/canonicalization.20240626
including configuration file /etc/freeradius/policy.d/canonicalization.20240626
This broke my configuration: I had two copies of the file /etc/freeradius/policy.d/canonicalization as backup archives in the exact same directory (w/o the new custom attribute in there).
I moved them away and now the custom attribute is loaded correctly with the dummy value in the /etc/freeradius/mods-enabled/rest:
(0) rest: EXPAND /wapi/v2.11.3/record:host?network=0.0.0.0/0&mac=%{My-Local-Calling-Station-Id-Colon}
(0) rest: --> /wapi/v2.11.3/record:host?network=0.0.0.0/0&mac=Test
(0) rest: Sending HTTP GET to "https://ib-test.unibe.ch/wapi/v2.11.3/record:host?network=0.0.0.0/0&mac=Test"
Thanks again a lot, I would not have found these two (additional) lines without the hint to have a look a the configurations / files loaded!
I have two FOLLOW UP questions on this topic, am I allowed to post them in this thread?
1. I always did / do copies of old freeradius configuration files like this in the original directory: cp xyz xyz.{yyyymmdd}. This was never a problem, but I think it is different for special directories like /etc/freeradius/policy.d/ and others, is that correct?
2.a) I would like to add an if statement to /etc/freeradius/mods-available/rest. My goal is to change the local varialbe "network" based on the attribute Called-Station-SSID, but it seams, that the modules do not allow any if / else conditions, is that correct?
2.b) What would be an alternative to have a switch statement in the rest module? Do I have to realize this via another local / custom variable from /sites-enabled/default to /mods-enabled/rest. Something like that.
--> I want to get sure, there is no "parallel" chaos, if multiple RADIUS requests arrive on the FreeRADIUS server and I set the custom variable early and it gets overwritten; hope you get my consider?
# Default network
network = "0.0.0.0/0"
if ("%{Called-Station-SSID}" == "xyz-DEV") {
network = "172.25.8.0/21"
}
# Create the REST API call URI:
uri = "${..connect_uri}/wapi/v2.11.3/record:host?network=${network}&mac=%{My-Local-Calling-Station-Id-Colon}"
Regards
Dominic
More information about the Freeradius-Users
mailing list