I'd like to build a "packet tracer" web interface for freeradius: that is, somewhere where you can paste in a set of AV pairs (perhaps caught from radsniff), and you get back the AV responses plus all the decision-making logic that took place. Basically what freeradius -X shows.
Has anyone done this before? I have a few considerations. (1) If I had a single persistent freeradius daemon running, and multiple users were submitting requests to this web interface, I'd need to separate out the debug data for each of the requests. I guess I could have a locking system so that only one person could be using it at once. (Alternatively I'd have to fire off a new foreground radiusd for each request as it came in, and kill it afterwards) (2) What's the best way to submit the request so that it looks like it's coming from a particular IP address? The "Client-IP-Address" attribute is internal only, not on-the-wire. At the moment the best I've been able to do is to create loopback interfaces on my box with examples of the source IPs I'm interested in, then use radclient to send the packet with a Packet-Src-IP-Address of one of those loopbacks. Is there a better way I've overlooked? (Before you say it, I know a well-behaved radius server should be looking at NAS-IP-Address not Client-IP-Address. Unfortunately there are some cases where we have to make logic decisions based on the Client-IP-Address) Thanks, Brian. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html