(RADIATOR) Radiator Proxy Reply

Hugh Irvine hugh at open.com.au
Sun Jun 27 02:47:44 CDT 2004


Hello Antonio -

There are actually four different packets that can be referenced in a 
ReplyHook: the original request, the proxied request, the proxy reply, 
and the reply that is being sent back to the NAS. Your hook will need 
to add the attributes to the reply that is being sent back to the NAS 
(not to the proxy reply as you are doing).

There is an example ReplyHook in the examples in "goodies/hooks.txt".

regards

Hugh


On 27 Jun 2004, at 02:15, Antonio Mórtigo wrote:

>  Hello,
>
>  I tried to change the reply packet attributes from a proxy radius, 
> Now, with a ReplyHook in AuthBy RADIUS clause. I can get, delete and 
> change the attributes from the reply packet but I cannot add any 
> attribute from this Hook.. any ideas?
>
>  Regards,
>
>  Antonio
>
>  This is the Trace 4  debug ...
>
>  *** Sending to REMOTE SERVER  port 1645 ....
>
>  Packet length = 122
>  01 01 00 7a 31 32 33 34 35 36 37 38 39 30 31 32
>  33 34 35 36 01 12 64 69 61 6c 74 65 73 74 40 69
>  78 70 2e 6e 65 74 06 06 00 00 00 02 04 06 d0 dd
>  81 c9 05 06 00 00 04 d2 1e 0b 31 32 33 34 35 36
>  37 38 39 1f 0b 39 38 37 36 35 34 33 32 31 02 12
>  1d ad d1 77 ed 26 aa 2e 15 ab f7 30 c9 7b d1 dd
>  f2 1a 01 01 01 00 00 00 00 00 00 00 00 00 00 00
>  00 00 00 00 00 00 00 00 00 00
>  Code:       Access-Request
>  Identifier: 1
>  Authentic:  1234567890123456
>  Attributes:
>          User-Name = "USER at XXX"
>          Service-Type = Framed-User
>          NAS-IP-Address = 208.221.129.201
>          NAS-Port = 1234
>          Called-Station-Id = "123456789"
>          Calling-Station-Id = "987654321"
>          User-Password = 
> "<29><173><209>w<237>&<170>.<21><171><247>0<201>{<209><221>"
>          Client-Type = Lucent
>          ClassDB = XXX
>
> Sat Jun 26 10:24:33 2004: DEBUG: Packet dump:
>  *** Received from REMOTE SERVER port 1645 ....
>  Code:       Access-Accept
>  Identifier: 1
>  Authentic:  <179>e<214>&v<139><142><12>y<0><195><148><217><228>c<6>
>  Attributes:
>          Class = "SBR-CL DN="USER at XXX" AT="0""
>          Ascend-Idle-Limit = 60
>          Filter-Id = "velocity"
>          Framed-Protocol = PPP
>          Service-Type = Framed-User
>          Session-Timeout = 600
>
>  Sat Jun 26 10:24:33 2004: DEBUG: Received reply in AuthRADIUS for req 
> 1 from REMOTE SERVER:1645
>
>
> HERE STARTS THE REPLYHOOK
>
>  sub{
>      my $rq = ${$_[0]};
>      my $clase = lc $rq->get_attr("Class");
>      my $filter  = $rq->get_attr("Filter-Id");
>      my ($prueba)=$clase=~/\S+@(\w+)/;
>      $rq->change_attr("Class","$prueba");
>      &main::log($main::LOG_INFO, "Andinet Procesamiento: $filter 
> $prueba");
>  }
> !!I cannot add attributes!!!
>
>  Sat Jun 26 10:24:33 2004: INFO: Andinet Procesamiento: velocity XXX
>
>
>  HERE STOPS THE REPLYHOOK
>
> Sat Jun 26 10:24:33 2004: DEBUG: Access accepted for USER
>  Sat Jun 26 10:24:33 2004: DEBUG: Packet dump:
>
>  *** Sending to 127.0.0.1 port 55711 ....
>
>  Packet length = 59
>  02 e3 00 3b af 83 82 6b cc b9 e3 10 e7 8d 10 9f
>  70 4a 39 82 19 05 69 78 70 f4 06 00 00 00 3c 0b
>  0a 76 65 6c 6f 63 69 74 79 07 06 00 00 00 01 06
>  06 00 00 00 02 1b 06 00 00 02 58
>  Code:       Access-Accept
>  Identifier: 227
>  Authentic:  1234567890123456
>  Attributes:
>          Class = "XXX"
>          Ascend-Idle-Limit = 60
>          Filter-Id = "velocity"
>          Framed-Protocol = PPP
>          Service-Type = Framed-User
>          Session-Timeout = 600
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list