On 8/29/06, Alan DeKok <[EMAIL PROTECTED]> wrote:
"Pshem Kowalczyk" <[EMAIL PROTECTED]> wrote:
> So I've compiled the source and gave it a try, but it behaved exactly
> as the stable version - didn't replace nor removed any attributes. Is
> this supposed to work?
> I tested the pre and post proxy methods:
...
> # Function to handle pre_proxy
> sub pre_proxy {
>
> &radiusd::radlog(1, "entering pre-proxy");
>
> $RAD_REQUEST{'User-Name'} = 'testuser';
You're re-writing the request packet (i.e. the one from the NAS),
not the packet that's about to be sent to the home server.
Try: $RAD_PROXY_REQUEST{'User-Name'} = 'testuser';
I added:
use vars qw(%RAD_REQUEST %RAD_REPLY %RAD_CHECK %RAD_PROXY_REQUEST);
and it didn't work, change resulted in the following debug:
rad_recv: Access-Request packet from host 127.0.0.1 port 32787, id=15, length=62
User-Password = "test"
User-Name = "test"
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-IP-Address = a.b.c.d
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
rlm_realm: No '@' in User-Name = "test", looking up realm NULL
rlm_realm: No such realm "NULL"
perl_pool: item 0x8201620 asigned new request. Handled so far: 1
found interpetator at address 0x8201620
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Stripped-User-Name = test
perl_pool total/active/spare [2/0/2]
Unreserve perl at address 0x8201620
modcall: group authorize returns ok for request 0
Processing the pre-proxy section of radiusd.conf
modcall: entering group pre-proxy for request 0
perl_pool: item 0x840f8c8 asigned new request. Handled so far: 1
found interpetator at address 0x840f8c8
rlm_perl: entering pre-proxy
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Realm = quik
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
rlm_perl: Added pair Stripped-User-Name = test
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair User-Name = test
rlm_perl: Added pair User-Password = test
rlm_perl: Added pair Proxy-State = 0x3135
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Realm = quik
rlm_perl: Added pair NAS-IP-Address = a.b.c.d
perl_pool total/active/spare [2/0/2]
Unreserve perl at address 0x840f8c8
modcall: group pre-proxy returns ok for request 0
Sending Access-Request of id 22 to x.y.z.103 port 1812
Framed-Protocol = PPP
User-Name = "test"
User-Password = "test"
Proxy-State = 0x3135
Service-Type = Framed-User
NAS-IP-Address = a.b.c.d
So this time the new value of User-Name ('testuser') doesn't even show
in the debug.
> # Function to handle post_proxy
> sub post_proxy {
>
> &radiusd::radlog(1, "entering post-proxy");
> $RAD_REPLY{'Framed-IP-Address'} = '10.10.1.1';
That works. The debug log you posted shows that in the reply.
Well, yes it works, but it didn't replace the original value:
Sending Access-Accept of id 96 to 127.0.0.1 port 32785
Framed-IP-Address = 10.10.1.1
Framed-IP-Address = 192.168.1.65
So now I have two, which confuses the NAS. I tried to remove whole key
from the hash using the 'delete' function and add it afterwards, but
it didn't seem to work. It looks like the original attributes are
added anyway after the results from rlm_perl (version 1.37)
In our situation we have to have control over the IPs send to the NASes.
Thx for all the hints
pshemko
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
