Re: How to add a field to the reply that contains data from the request?

[Jason Lixfeld]

Pardon my possible stupidity, but in looking at how to solve my own 
problems, I came across this from man 5 users:

       DEFAULT Service-Type == Framed-User, Framed-Protocol == PPP
            Service-Type = Framed-User,
            Framed-Protocol = PPP,
            Fall-Through = Yes
              If  the  request packet contains the attributes 
Service-Type and
              Framed-Protocol, with  the  given  values,  then  include 
 those
              attributes in the reply.

              That is, give the user what they ask for.  This entry 
also shows
              how to specify multiple reply items.

So something like this may work (but don't hold your breath because I'm 
only guessing!)

joeuser         Login-LAT-Node == FOO
                        ARAP-Security-Data = FOO
On Dec 3, 2004, at 8:32 PM, Peter T. Breuer wrote:
freeradius 1.0.1 on FreeBSD 4.10

I believe I want to add a
    ARAP-Security-Data = FOO
field to the reply, where I receive
    Login-LAT-Node = FOO
How can I do this?

I believe I want to use the exec echo module, but I see no clear 
example
of how.  I have set

    program = "/bin/echo ARAP-Security-Data=%{Login-LAT-Node}"
    packet_type = Access-Accept
in the echo section of radiusd.conf, but I see no evidence of anything
good happening (how can I set debugging to show me the reply?).

The reason why I hold the beliefs I do is that I see the following
debugging output:
rad_recv: Access-Request packet from host 1.2.3.4:1651, id=148,
length=64
        NAS-Identifier = "localhost"
        User-Name = "ptb"
        User-Password = "XXXXXX"
        Login-LAT-Node = "UiqEZMcR"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
...
    users: Matched DEFAULT at 155
  modcall[authorize]: module "files" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type System
auth: type "System"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
  modcall[authenticate]: module ünix" returns ok for request 0
modcall: group authenticate returns ok for request 0
Sending Access-Accept of id 148 to 1.2.3.4:1651
Finished request 0
Going to the next request
However, the python script at the other end, for such it is, sees:
   27 reply=srv.SendPacket(req)
   28
   29 if reply['ARAP-Security-Data'][0] == randkey:
   30   print open('sentence').read()
   31
reply = {}, randkey = 'UiqEZMcR'
So it seems to have been hoping for the string it sent out to come back
in ARAP=Security-Data.
How can I make it happy?
Peter
-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html