Atrribute rewriting, probable bug ?

Pierluigi Mon, 06 Sep 2004 07:35:28 -0700


Hi all.
 I have a problem with attribute rewrite module (rlm_attr_rewite), at
least in
freeradius-1.0.0.
In my scenario, I have a radius server ( freeradius ), proxying to another
radius if the realm is a particular one.
When I receive the reply from this latest radius, I need to rewrite the
value of an attribute, so I have activate in the first radius the rewrite
function.
What it happen is that in debug file I see that the rewrite function (
seems to ) work, but the packet sent to clients has not changed:


from radiusd.conf config file on first radius:
...
...
        attr_rewrite changeDNS {
                attribute = "MS-Primary-DNS-Server"
                searchin = proxy_reply
                searchfor = "130.0.2.12"
                replacewith = "130.1.1.1"
        #       ignore_case = no
        #       new_attribute = no
        #       max_matches = 10
        #       append = no
        }
...
... ( and in post_proxy )
post-proxy {
        changeDNS
}

What do I would like to obtain is, that if the proxed radius return a
pair: attribute = "MS-Primary-DNS-Server", value = "130.0.2.12"
the value should be changed in "130.1.1.1".

If I run:  ./radtest [EMAIL PROTECTED] testing localhost 0 testing123 Sending
Access-Request of id 40 to 127.0.0.1:1812
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "testing"
        NAS-IP-Address = topolinux
        NAS-Port = 0
rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=40, length=56
        Framed-IP-Address = 172.16.3.33
        Framed-IP-Netmask = 255.255.255.0
        MS-Primary-DNS-Server = 130.0.2.12
        Framed-Compression = Van-Jacobson-TCP-IP
        Framed-Protocol = PPP

So the value hasn't really changes, but in the debug log I can see: (from
./radiusd -xxxxxxx on first radius )

...
...
Mon Sep  6 16:23:07 2004 : Info: Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:32809, id=4, length=66
Mon Sep  6 16:23:11 2004 : Debug: --- Walking the entire request list ---
Mon Sep  6 16:23:11 2004 : Debug: Waking up in 31 seconds...
Mon Sep  6 16:23:11 2004 : Debug: Threads: total/active/spare threads =
5/0/5 Mon Sep  6 16:23:11 2004 : Debug: Thread 1 got semaphore
Mon Sep  6 16:23:11 2004 : Debug: Thread 1 handling request 0, (1 handled
so far)
        User-Name = "[EMAIL PROTECTED]"
        User-Password = "testing"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
Mon Sep  6 16:23:11 2004 : Debug:   Processing the authorize section of
radiusd.conf
...
...
Mon Sep  6 16:23:11 2004 : Debug:     rlm_realm: Adding Stripped-User-Name
= "steve"
Mon Sep  6 16:23:11 2004 : Debug:     rlm_realm: Proxying request from
user steve to realm testpigi
Mon Sep  6 16:23:11 2004 : Debug:     rlm_realm: Adding Realm = "testpigi"
Mon Sep  6 16:23:11 2004 : Debug:     rlm_realm: Preparing to proxy
authentication request to realm "testpigi"
...
...
Mon Sep  6 16:23:11 2004 : Debug:  proxy: creating 0100007f:1645
Mon Sep  6 16:23:11 2004 : Debug:  proxy: allocating 0100007f:1645 0
Sending Access-Request of id 0 to 127.0.0.1:1645
        User-Name = "steve"
        User-Password = "testing"
        NAS-IP-Address = 255.255.255.255
        NAS-Port = 0
        Proxy-State = 0x34
Mon Sep  6 16:23:11 2004 : Debug: Thread 1 waiting to be assigned a
request rad_recv: Access-Accept packet from host 127.0.0.1:1645, id=0,
length=53 Mon Sep  6 16:23:11 2004 : Debug:  proxy: de-allocating
0100007f:1645 0 Mon Sep  6 16:23:11 2004 : Debug: rl_next:  returning NULL
Mon Sep  6 16:23:12 2004 : Debug: Waking up in 31 seconds...
Mon Sep  6 16:23:12 2004 : Debug: Thread 2 got semaphore
Mon Sep  6 16:23:12 2004 : Debug: Thread 2 handling request 0, (1 handled
so far)
        Framed-IP-Address = 172.16.3.33
        Framed-IP-Netmask = 255.255.255.0
        MS-Primary-DNS-Server = 130.0.2.12
        Framed-Compression = Van-Jacobson-TCP-IP
        Proxy-State = 0x34
Mon Sep  6 16:23:12 2004 : Debug:   Processing the post-proxy section of
radiusd.conf
Mon Sep  6 16:23:12 2004 : Debug: modcall: entering group post-proxy for
request 0
Mon Sep  6 16:23:12 2004 : Debug:   modsingle[post-proxy]: calling
changeDNS (rlm_attr_rewrite) for request 0
Mon Sep  6 16:23:12 2004 : Debug: radius_xlat:  '130.0.2.12'
Mon Sep  6 16:23:12 2004 : Debug: radius_xlat:  '130.1.1.1'
Mon Sep  6 16:23:12 2004 : Debug: rlm_attr_rewrite: Changed value for
attribute MS-Primary-DNS-Server from '130.0.2.12' to '130.1.1.1'
Mon Sep  6 16:23:12 2004 : Debug: rlm_attr_rewrite: Could not find value
pair for attribute MS-Primary-DNS-Server
...
...
...
Sending Access-Accept of id 4 to 127.0.0.1:32809
        Framed-IP-Address = 172.16.3.33
        Framed-IP-Netmask = 255.255.255.0
        MS-Primary-DNS-Server = 130.1.1.1
        Framed-Compression = Van-Jacobson-TCP-IP
        Framed-Protocol = PPP

Here the  MS-Primary-DNS-Server seems to have the correct rewrited value,
but this value it is not returned correctly to the client.
Could this be a bug, or I'm missing something ?

Pigi
___________
 FRULLANI   Pierluigi Frullani                | Tel. +3902-29003554
    &       System & Network Engineer         | Fax. +3902-29003580
 FRULLANI   Frumar s.r.l.                     | Email: [EMAIL PROTECTED]
___________ Milano,Via Varese 12,20121 Italia | Web:http://www.frumar.it




___________
 FRULLANI   Pierluigi Frullani                | Tel. +3902-29003554
    &       System & Network Engineer         | Fax. +3902-29003580
 FRULLANI   Frumar s.r.l.                     | Email: [EMAIL PROTECTED]
___________ Milano,Via Varese 12,20121 Italia | Web:http://www.frumar.it


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Atrribute rewriting, probable bug ?

Reply via email to