(RADIATOR) Removing a second Proxy State attribute.

Hugh Irvine hugh at open.com.au
Fri Nov 15 00:53:20 CST 2002 

Hello Jason, Hello Eric -

This will work for the reply packet being sent back to the NAS, 
assuming that the Proxy-State attributes are identical.

However, if you are in the middle of a chain of proxy servers, this may 
not be the correct solution.

The radius RFC (2865) states that there can be zero or more (ie. 
possibly more than one) Proxy-State attributes, with each hop in a 
chain of proxy servers responsible for adding and removing its own 
Proxy-State attribute.

You will need to analyse exactly what is required, and then implement 
whichever hook is appropriate.

regards

Hugh


>
> Try this,
>
> In your config add something close to the following line:
>
> ReplyHook file:"/usr/local/etc/testhook"
>
> and the file it pointing to being:
>
> -------------------
>
> sub
>         {
>
>     my $p = ${$_[0]};   # proxy reply packet
>     my $rp = ${$_[1]};  # reply packet to NAS
>     my $op = ${$_[2]};  # original request packet
>     my $sp = ${$_[3]};  # packet sent to proxy
>
> my $proxystate = $op->get_attr('Proxy-State');
>
>
> if ($proxystate)  {
> $rp->delete_attr('Proxy-State');
> $rp->add_attr('Proxy-State',$proxystate);
>                 }
>         }
>
>
> ------------
>
> -Jason
>
> On Thu, 14 Nov 2002, Eric Hunter wrote:
>> Yeah, I tried that... and it strips out both of them :)
>>
>> I'll take a look at the hooks tomorrow, thanks for the tip :)
>>
>>
>>  Eric
>>
>> ----- Original Message -----
>> From: "Hugh Irvine" <hugh at open.com.au>
>> To: "Eric Hunter" <ehunter2 at netrover.com>
>> Cc: <radiator at open.com.au>
>> Sent: Thursday, November 14, 2002 5:25 PM
>> Subject: Re: (RADIATOR) Removing a second Proxy State attribute.
>>
>>> Hello Eric -
>>>
>>> You could try a StripFromRequest, but check a trace 4 debug to make
>>> sure this doesn't break things.
>>>
>>> Otherwise, you will have to write a Hook (there are some examples in
>>> "goodies/hooks.txt").
>>>
>>> regards
>>>
>>> Hugh
>>>
>>> On Thursday, Nov 14, 2002, at 17:06 Canada/Eastern, Eric Hunter 
>>> wrote:
>>>> Is there an easy way to remove a second duplicate Proxy State
>>>> attribute from
>>>> a packet?  (Its going through two proxies, and getting it in there
>>>> twice is
>>>> screwing things up on the final destination).
>>>>
>>>>  Eric
>>>>
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
> -------------------------------------------------------
>
> -- 
> Mike McCauley                               mikem at open.com.au
> Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
> 24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
> Phone +61 3 9598-0985                       Fax   +61 3 9598-0955
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS etc on Unix, Windows, MacOS etc.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list