Hi all,
we are facing a issue with rewriting NAS-Port AVP before passing it to the
rlm_ippool module.
As our NAS system is a little bit dump and always sets NAS-Port to 0. (we
won`t get a fix from the NAS vendor in a timly manner) we have to rewrite
the NAS-Port on the Freeradius server, before passing the packet to
rlm_ippool module.
>From log output it seems that the rewrite is more or less going fine, but
then the rlm_ippool module takes the NAS-Port or the original request (which
is not unique in our setup)
Here is what we have configured in radiusd.conf
attr_rewrite unique-nas-port {
attribute = NAS-Port
searchin = packet
searchfor = "(.*)"
replacewith = "%{Calling-Station-Id}"
ignore_case = yes
new_attribute = no
max_matches = 1
append = no
}
authorize {
# REWRITE non-unique NAS-Port values from Cisco GGSN
unique-nas-port
}
preacct {
# REWRITE non-unique NAS-Port values from Cisco GGSN
unique-nas-port
}
and this is what we see in "radiusd -X" debug :
rad_recv: Access-Request packet from host 10.0.224.101:1645, id=211,
length=129
NAS-IP-Address = 10.0.224.101
NAS-Port = 0
Cisco-NAS-Port = "GigabitEthernet0/0"
NAS-Port-Type = Virtual
User-Name = "IPS4-vmsc1"
Called-Station-Id = "l4-vmsc1-l2tp"
Calling-Station-Id = "491725600000"
User-Password = "password"
Framed-IP-Address = 2.4.0.2
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 3
modcall[authorize]: module "chap" returns noop for request 3
modcall[authorize]: module "mschap" returns noop for request 3
rlm_realm: No '@' in User-Name = "IPS4-vmsc1", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 3
users: Matched IPS4-vmsc1 at 314
radius_xlat: 'IPS4-vmsc1'
radius_xlat: 'l4-vmsc1-l2tp'
radius_xlat: '491725600000'
modcall[authorize]: module "files" returns ok for request 3
modcall: group authorize returns ok for request 3
auth: type Local
auth: user supplied User-Password matches local User-Password
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 3
radius_xlat: '(.*)'
radius_xlat: '491725600000'
rlm_attr_rewrite: Changed value for attribute NAS-Port from '' to
'491725600000'
rlm_attr_rewrite: Could not find value pair for attribute NAS-Port
modcall[post-auth]: module "unique-nas-port" returns ok for request 3
rlm_ippool: Searching for an entry for nas/port: 10.0.224.101/0
rlm_ippool: Found a stale entry for ip/port: 1.82.8.9/0
rlm_ippool: num: 0
rlm_ippool: Searching for an entry for nas/port: 10.0.224.101/0
rlm_ippool: Allocating ip to nas/port: 10.0.224.101/0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 1.82.197.103 to client on nas 10.0.224.101,port 0
modcall[post-auth]: module "l4_onnet_p_pool" returns ok for request 3
modcall[post-auth]: module "l4_onnet_pool" returns noop for request 3
modcall[post-auth]: module "l2_onnet_p_pool" returns noop for request 3
modcall[post-auth]: module "l2_onnet_pool" returns noop for request 3
modcall[post-auth]: module "l2_ms_pool1" returns noop for request 3
modcall[post-auth]: module "l2_ms_pool2" returns noop for request 3
modcall[post-auth]: module "l1_vmsc2_pool" returns noop for request 3
modcall[post-auth]: module "l1_vmsc4_pool" returns noop for request 3
modcall[post-auth]: module "l2_vmsc2_pool" returns noop for request 3
modcall[post-auth]: module "l2_vmsc4_pool" returns noop for request 3
modcall[post-auth]: module "l3_vmsc2_pool" returns noop for request 3
modcall[post-auth]: module "l3_vmsc4_pool" returns noop for request 3
modcall[post-auth]: module "l4_vmsc2_pool" returns noop for request 3
modcall[post-auth]: module "l4_vmsc4_pool" returns noop for request 3
modcall[post-auth]: module "l5_vmsc2_pool" returns noop for request 3
modcall[post-auth]: module "l5_vmsc4_pool" returns noop for request 3
modcall[post-auth]: module "l6_vmsc2_pool" returns noop for request 3
modcall[post-auth]: module "l6_vmsc4_pool" returns noop for request 3
modcall: group post-auth returns ok for request 3
Sending Access-Accept of id 211 to 10.0.224.101:1645
User-Name = "IPS4-vmsc1"
Called-Station-Id = "l4-vmsc1-l2tp"
Calling-Station-Id = "491725600000"
Framed-Protocol = PPP
Framed-IP-Address = 1.82.197.103
Framed-IP-Netmask = 255.255.0.0
Finished request 3
Going to the next request
Waking up in 6 seconds...
Somebody has a idea what is going wrong , and why it is going wrong ?
Regards
Michael
--
DSL Komplett von GMX +++ Supergünstig und stressfrei einsteigen!
AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
