[RADIATOR] : Problems adding Dynamic Reply-Item Framed-IP-Address with AuthBy FREERADIUSSQL

Carlos Rodrigues carlos-j-rodrigues at ptinovacao.pt
Tue Apr 27 03:09:35 CDT 2010


Hi Hugh,

That is the workaround we are currently using. 

Nevertheless, the doubt was if it is possible to have this operation performed through the Reply-items user table, in order not to have a different approach for this AVP only.

Regards,
Carlos Rodrigues

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: segunda-feira, 26 de Abril de 2010 23:55
To: Carlos Rodrigues
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] : Problems adding Dynamic Reply-Item Framed-IP-Address with AuthBy FREERADIUSSQL


Hello Carlos -

If the Framed-IP-Address is present in the incoming access request, you just need this in your AuthBy:


# define Realm or Handler

<Handler .....>

	<AuthBy .....>
		......
		AddToReply Framed-IP-Address = %{Request:Framed-IP-Address}
	</AuthBy>

</Handler>


regards

Hugh



On 27 Apr 2010, at 03:09, Carlos Rodrigues wrote:

> Hi,
>  
> I'm not able to use a dynamic Reply Item for the Framed-IP-Address AVP, while using AuthBy FREERADIUSSQL.
>  
> I'm trying to create an Access-Accept response containing the Framed-IP-Address AVP, getting its value from the Access-Request packet.
>  
> ·         In the Handler setup I have:
> DynamicReply Framed-IP-Address
>  
> ·         In the Reply-Items SQL table I have:
>  
> Id;username;attribute;op;value
> 1;"myUser";"Framed-Protocol";"+=";"PPP"
> 2;"myUser";"Service-Type";"+=";"Framed-User"
> 3;"myUser";"Framed-IP-Address";"+=";"%{Framed-IP-Address}"
>  
>  
> ·         When issuing an access-request to this specific user, the server shows:
>  
> *** Sending to 10.112.48.185 port 34610 ....
>  
> Packet length = 34
> 02 de 00 22 14 c3 f5 1a 1b a5 d8 eb 35 9c b5 c0
> 06 19 0d 40 08 02 07 06 00 00 00 01 06 06 00 00
> 00 02
> Code:       Access-Accept
> Identifier: 222
> Authentic:  <20><195><245><26><27><165><216><235>5<156><181><192><6><25><13>@
> Attributes:
>      Framed-IP-Address = %{Framed-IP-Address}
>      Framed-Protocol = PPP
>      Service-Type = Framed-User
>  
> ·         And the client shows:
>  
> Mon Apr 26 18:01:42 2010: DEBUG: Packet dump:
> *** Received from 10.112.48.185 port 1812 ....
> Code:       Access-Accept
> Identifier: 222
> Authentic:  <20><195><245><26><27><165><216><235>5<156><181><192><6><25><13>@
> Attributes:
>      Framed-IP-Address = UNKNOWN
>      Framed-Protocol = PPP
>      Service-Type = Framed-User
>  
> OK
>  
>  
> So, it seems that the format_special is not being called for the Framed-IP-Address AVP.
> After digging a bit in the AuthGENERIC.pm, I found an explicit exception in the appendUserReplyItems method, where this specific AVP is being ignored:
>  
> Line 2145: next if $name eq 'Framed-IP-Address';
>  
> Any special reason for this?
> Is there an alternate method for accomplishing the purpose of setting a Framed-IP-Address Reply-Item value from the original Access-request  Framed-IP-Address AVP?
>  
>  
> Thanks in advance,
>  
>  
> <image001.jpg>
>  
>  
>  
> Carlos Rodrigues
> Soluções para Redes de Dados 
> Desenvolvimento de Plataformas de Rede e Soluções Multimédia 
> tlf: 234403398 
> carlos-j-rodrigues at ptinovacao.pt
> 
>  
>  
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list