Hello FreeRadius list:
I'm having difficulty getting the attr_rewrite module to do...well,
anything.
I have a working RADIUS installation validating off of a mySQL database.
Our existing NASs (Wireless APs) transmit mac addresses as 12 character
lower case letter/number combos - this corresponds to username within
RADIUS. A new NAS device is transmitting mac addresses in caps, with a
colon between each octet. I am trying to filter the attributes coming from
the new NAS so that they are of the correct format in our mySQL database.
I have already gotten the case issue solved by making the following change
in radiusd.conf:
lower_user = before
What I can't get to work: I have placed the following in radiusd.conf, just
under the commented-out example of attr_rewrite concerning "sanecallerid"
attr_rewrite mac_colons {
attribute = User-Name
searchin = packet
searchfor = ":"
replacewith = ""
ignore_case = yes
new_attribute = no
max_matches = 10
append = no
}
However, as I said, I don't see any indication that the RADIUS server is
doing anything of the kind. This is the debug output, concerning an auth
request from the new type of NAS:
rad_recv: Access-Request packet from host 10.35.0.30:1034, id=50, length=60
Service-Type = Framed-User
NAS-Port-Id = "wlan1"
User-Name = "00:0A:E9:06:29:07"
User-Password = ""
NAS-IP-Address = 10.35.0.30
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = '00:0a:e9:06:29:07' ORDER BY id
rlm_sql (sql): User 00:0a:e9:06:29:07 not found in radcheck
Note how the User-Name comes into RADIUS as all caps, but is in lower case
when it's checked against the db, this is the result of the "lower_user =
before" command I mentioned previously. However, the attr_rewrite command
doesn't appear to be functioning at all. I've tried several different
syntaxes slightly different from the one listed above with no luck. Looking
further around radiusd.conf, I saw the authorize section at the bottom of
the file (thinking that I had to load the module, just as "preprocess"
apparently has to be loaded):
authorize {
preprocess
# auth_log
# attr_filter
attr_rewrite
However, having "attr_rewrite" uncommented as it is above causes an error on
load:
Starting - reading configuration files ...
Using deprecated naslist file. Support for this will go away soon.
Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded eap
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
ERROR: Cannot find a configuration entry for module "attr_rewrite".
After which is returns to the command prompt (without loading the server).
I don't really understand the error message on its face, as I would have
thought the "attr_rewrite mac_colons " section I listed earlier in the file
would be the "configuration entry" that the error output says it can't find.
So...if anyone can get me any advice re: how to check the functionality of
the attr_rewrite module I'd appreciate it.
Thank you -
Brian Ammons
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
