Hello FreeRadius list: I'm having difficulty getting the attr_rewrite module to do...well, anything.
I have a working RADIUS installation validating off of a mySQL database. Our existing NASs (Wireless APs) transmit mac addresses as 12 character lower case letter/number combos - this corresponds to username within RADIUS. A new NAS device is transmitting mac addresses in caps, with a colon between each octet. I am trying to filter the attributes coming from the new NAS so that they are of the correct format in our mySQL database. I have already gotten the case issue solved by making the following change in radiusd.conf: lower_user = before What I can't get to work: I have placed the following in radiusd.conf, just under the commented-out example of attr_rewrite concerning "sanecallerid" attr_rewrite mac_colons { attribute = User-Name searchin = packet searchfor = ":" replacewith = "" ignore_case = yes new_attribute = no max_matches = 10 append = no } However, as I said, I don't see any indication that the RADIUS server is doing anything of the kind. This is the debug output, concerning an auth request from the new type of NAS: rad_recv: Access-Request packet from host 10.35.0.30:1034, id=50, length=60 Service-Type = Framed-User NAS-Port-Id = "wlan1" User-Name = "00:0A:E9:06:29:07" User-Password = "" NAS-IP-Address = 10.35.0.30 rlm_sql (sql): Reserving sql socket id: 4 rlm_sql_mysql: query: SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '00:0a:e9:06:29:07' ORDER BY id rlm_sql (sql): User 00:0a:e9:06:29:07 not found in radcheck Note how the User-Name comes into RADIUS as all caps, but is in lower case when it's checked against the db, this is the result of the "lower_user = before" command I mentioned previously. However, the attr_rewrite command doesn't appear to be functioning at all. I've tried several different syntaxes slightly different from the one listed above with no luck. Looking further around radiusd.conf, I saw the authorize section at the bottom of the file (thinking that I had to load the module, just as "preprocess" apparently has to be loaded): authorize { preprocess # auth_log # attr_filter attr_rewrite However, having "attr_rewrite" uncommented as it is above causes an error on load: Starting - reading configuration files ... Using deprecated naslist file. Support for this will go away soon. Module: Loaded exec rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System Module: Instantiated unix (unix) Module: Loaded eap rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap rlm_eap: Loaded and initialized type gtc rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess Module: Instantiated preprocess (preprocess) ERROR: Cannot find a configuration entry for module "attr_rewrite". After which is returns to the command prompt (without loading the server). I don't really understand the error message on its face, as I would have thought the "attr_rewrite mac_colons " section I listed earlier in the file would be the "configuration entry" that the error output says it can't find. So...if anyone can get me any advice re: how to check the functionality of the attr_rewrite module I'd appreciate it. Thank you - Brian Ammons - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html