(RADIATOR) ReplyHook question

[Frank Danielson]

Hi Alex-

The NAS-IP-Address should be in the original packet. I have seen NAS'es that
do not send a NAS-IP-Address attribute. This may sound obvious but have you
checked to make sure the attribute is actually in the incoming request?

Also in looking at some of my own replyhook code I am using ${$_[3]} as the
original packet instead of ${$_[2]} as suggested by the documentation. I
don't remember what led up to that but it is working and I am getting the
NAS-IP-Address attribute from it.

Frank Danielson
Infrastructure Architect

ClearSky Mobile Media
56 E. Pine St.
Orlando, FL 32801
USA

fdanielson at csky.com

-----Original Message-----
From: Alex Sharaz [mailto:A.Sharaz at hull.ac.uk]
Sent: Wednesday, June 21, 2006 11:57 AM
To: radiator at open.com.au
Subject: (RADIATOR) ReplyHook question


Chaps,
I'm writing a ReplyHook that'll return a Tunnel-Private-Group-Id (and
other attributes) based upon where the authentication request comes
from. For this I need the NAS-IP-Address attribute so that I can decide
what values to pass back.

In radius.cfg I've got 

<Handler ConvertedFromEAPMSCHAPV2=1>
        # Proxy to a non-EAP capable server
        Identifier eap-mschapv2
        <AuthBy RADIUS>
                Host a.b.c.d    
                Secret <secret>
                AuthPort 1812
                AcctPort 1813
                LocalAddress %{GlobalVar:myIp}
                StripFromRequest ConvertedFromEAPMSCHAPV2
                ReplyHook file:"%D/gen_wired_vlans_replyhook.pl"
        </AuthBy>
    AuthLog eaplog
    PostAuthHook file:"%D/calling_station_hook_requests.pl"
</Handler>

And in the ReplyHook file I've got

    my $vlanid='740';
#
    my $p = ${$_[0]};   # proxy reply packet
    my $rp = ${$_[1]};  # reply packet to NAS
    my $op = ${$_[2]};  # original request packet
    my $sp = ${$_[3]};  # packet sent to proxy

    my $code = $p->code;


    my $ASCIIvlan;
    my $binaryvlan;
    my $tag;
          
    &main::log($main::LOG_DEBUG, "Calling
get_wired_vlans_replyhook.pl\n");
    if ($code eq 'Access-Accept')
    {        
    # 
    # get some info about the caller
    #
       my $callingid=$op->get_attr('Calling-Station-Id');
       my $nasip1=$op->get_attr('NAS-IP-Address');
       my $id=$op->get_attr('User-Name');
    
       if(defined($callingid))
       {
          &main::log($main::LOG_DEBUG, "Calling-Station=$callingid");
       }
       if(defined($nasip1))
       {
          &main::log($main::LOG_DEBUG, "Nas-Ip=$nasip1");
       }
       if(defined($id))
       {
          &main::log($main::LOG_DEBUG, "User-Name=$id");
       }


Looking in my log file, the calling station id is there and so is the
userid but the nas-ip-address isn't. Am I correct in assuming that its
because at that point the nas-ip-addresss isn't in the packet that gets
passed off to the radius proxy?

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.