[RADIATOR] : Problems adding Dynamic Reply-Item Framed-IP-Address with AuthBy FREERADIUSSQL

Hugh Irvine hugh at open.com.au
Tue Apr 27 05:09:08 CDT 2010 

Hello Carlos -

Your use of DynamicReply is not correct, as it is looking for "%{Framed-IP-Address}" in the reply, not the request.

And in any case, the AuthBy FREERADIUSSQL clause does not currently support Radiator special characters in the Reply-Items table.

regards

Hugh


On 27 Apr 2010, at 18:09, Carlos Rodrigues wrote:

> Hi Hugh,
> 
> That is the workaround we are currently using. 
> 
> Nevertheless, the doubt was if it is possible to have this operation performed through the Reply-items user table, in order not to have a different approach for this AVP only.
> 
> Regards,
> Carlos Rodrigues
> 
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au] 
> Sent: segunda-feira, 26 de Abril de 2010 23:55
> To: Carlos Rodrigues
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] : Problems adding Dynamic Reply-Item Framed-IP-Address with AuthBy FREERADIUSSQL
> 
> 
> Hello Carlos -
> 
> If the Framed-IP-Address is present in the incoming access request, you just need this in your AuthBy:
> 
> 
> # define Realm or Handler
> 
> <Handler .....>
> 
> 	<AuthBy .....>
> 		......
> 		AddToReply Framed-IP-Address = %{Request:Framed-IP-Address}
> 	</AuthBy>
> 
> </Handler>
> 
> 
> regards
> 
> Hugh
> 
> 
> 
> On 27 Apr 2010, at 03:09, Carlos Rodrigues wrote:
> 
>> Hi,
>> 
>> I'm not able to use a dynamic Reply Item for the Framed-IP-Address AVP, while using AuthBy FREERADIUSSQL.
>> 
>> I'm trying to create an Access-Accept response containing the Framed-IP-Address AVP, getting its value from the Access-Request packet.
>> 
>> ·         In the Handler setup I have:
>> DynamicReply Framed-IP-Address
>> 
>> ·         In the Reply-Items SQL table I have:
>> 
>> Id;username;attribute;op;value
>> 1;"myUser";"Framed-Protocol";"+=";"PPP"
>> 2;"myUser";"Service-Type";"+=";"Framed-User"
>> 3;"myUser";"Framed-IP-Address";"+=";"%{Framed-IP-Address}"
>> 
>> 
>> ·         When issuing an access-request to this specific user, the server shows:
>> 
>> *** Sending to 10.112.48.185 port 34610 ....
>> 
>> Packet length = 34
>> 02 de 00 22 14 c3 f5 1a 1b a5 d8 eb 35 9c b5 c0
>> 06 19 0d 40 08 02 07 06 00 00 00 01 06 06 00 00
>> 00 02
>> Code:       Access-Accept
>> Identifier: 222
>> Authentic:  <20><195><245><26><27><165><216><235>5<156><181><192><6><25><13>@
>> Attributes:
>>     Framed-IP-Address = %{Framed-IP-Address}
>>     Framed-Protocol = PPP
>>     Service-Type = Framed-User
>> 
>> ·         And the client shows:
>> 
>> Mon Apr 26 18:01:42 2010: DEBUG: Packet dump:
>> *** Received from 10.112.48.185 port 1812 ....
>> Code:       Access-Accept
>> Identifier: 222
>> Authentic:  <20><195><245><26><27><165><216><235>5<156><181><192><6><25><13>@
>> Attributes:
>>     Framed-IP-Address = UNKNOWN
>>     Framed-Protocol = PPP
>>     Service-Type = Framed-User
>> 
>> OK
>> 
>> 
>> So, it seems that the format_special is not being called for the Framed-IP-Address AVP.
>> After digging a bit in the AuthGENERIC.pm, I found an explicit exception in the appendUserReplyItems method, where this specific AVP is being ignored:
>> 
>> Line 2145: next if $name eq 'Framed-IP-Address';
>> 
>> Any special reason for this?
>> Is there an alternate method for accomplishing the purpose of setting a Framed-IP-Address Reply-Item value from the original Access-request  Framed-IP-Address AVP?
>> 
>> 
>> Thanks in advance,
>> 
>> 
>> <image001.jpg>
>> 
>> 
>> 
>> Carlos Rodrigues
>> Soluções para Redes de Dados 
>> Desenvolvimento de Plataformas de Rede e Soluções Multimédia 
>> tlf: 234403398 
>> carlos-j-rodrigues at ptinovacao.pt
>> 
>> 
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> 
> NB: 
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> 



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list