rest module to send simple API call to Infoblox for Mac Auth

dominic.stalder at unibe.ch dominic.stalder at unibe.ch
Mon Sep 30 07:58:39 UTC 2024 

Hi guys

I got my rest module finally working and in case the HTTP status code is '200 (OK)', everything is fine.

Now I would like to implement a failsafe / fall back, in case the provided API / rest credentials are wrong (HTTP status code = 401 / unauthorized), something else is wrong with the API / rest call, eg. example below, or for example in case of a timeout of the HTTP service:

(0) rest: Processing response header
(0) rest:   Status : 400 (Bad Request)
(0) rest:   Type   : json (application/json)
(0) rest: Adding reply:REST-HTTP-Status-Code = "400"
(0) rest: ERROR: Server returned:
(0) rest: ERROR: { "Error": "AdmConProtoError: Unknown argument/field: 'amac'",
(0) rest: ERROR:   "code": "Client.Ibap.Proto",
(0) rest: ERROR:   "text": "Unknown argument/field: 'amac'"
(0) rest: ERROR: }
rlm_rest (rest): Released connection (0)
Need more connections to reach 10 spares
rlm_rest (rest): Opening additional connection (5), 1 of 27 pending slots used
rlm_rest (rest): Connecting to "https://ib-test.unibe.ch"
(0)             [rest] = invalid
(0)           } # case zmkbern-DEV = invalid
(0)         } # switch %{Called-Station-SSID} = invalid
(0)       } # if (Service-Type == Call-Check)  = invalid
(0)     } # if (NAS-Port-Type =~ /Wireless-802\.11/i)  = invalid
(0)   } # authorize = invalid

Is there a way to still return an Access-Accept if one of the following codes is returned by the rest module?

#  Code   Meaning       Process body  Module code
#  404    not found     no            notfound
#  410    gone          no            notfound
#  403    forbidden     no            userlock
#  401    unauthorized  yes           reject
#  204    no content    no            ok
#  5xx    server error  no            fail
#  xxx    -             no            invalid

Thanks for a hint.

Regards
Dominic

Am 26.09.24, 09:54 schrieb "Stalder, Dominic (ID)" <dominic.stalder at unibe.ch <mailto:dominic.stalder at unibe.ch>>:


> Use "git" for revision control.. Copying text files into multiple locations is a bad idea. You lose track of what's going on, and the server will usually load ALL files in a directory.
> Use "git". Manually copying files is very much not recommended.


I agree; git for backup and revision control is on my to do list for our quite new freeradius installation. Still takes some time to setup things up correctly.


> The server tracks each request separately. If you want custom variables for a request, then you put the custom variable into the request. Not into the module configuration.
> You already know how to create custom attributes in the local dictionary, and then set them in a policy. Why not do the same thing here for "network"? Why invent another approach?


Good hint, did not think of this approach.

More information about the Freeradius-Users mailing list