Re: How to send empty value via radclient?
27.06.11 11:45, Arran Cudbard-Bell пишет: > > On Jun 27, 2011, at 9:38 AM, Arran Cudbard-Bell wrote: > >> RFC 2865 Page 24 >> >> string1-253 octets containing binary data (values 0 through >>255 decimal, inclusive). Strings of length zero (0) >>MUST NOT be sent; omit the entire attribute instead. >> >> If your NAS requires zero length strings then its breaking the RADIUS >> protocol standard. > > Couldn't you just create default profiles and assign them instead? This is only exit for now and it was first what has been done. Thanks for your answer. I will try to terror vendor of my box. Just for clarify - this restriction applied to VSA attributes? or only standard? or whole attributes? > > -Arran > > Arran Cudbard-Bell > a.cudba...@freeradius.org > > RADIUS - Half the complexity of Diameter > -- Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
How to send empty value via radclient?
Hello, Need to send empty value in attribute via coa request for clear any value in current state of attribute and clear attribute itself: # /bin/echo "Context-Name = local, Qos-Policing-Profile-Name='' , Qos-Metering-Profile-Name='' , Framed-IP-Address = yy.yy.yy.yy" | /usr/local/bin/radclient -x -t 3 -c 1 -r 2 -p 4 xx.xx.xx.xx:3799 coa xx Sending CoA-Request of id 121 to xx.xx.xx.xx port 3799 Context-Name = "dhcp" Qos-Policing-Profile-Name = "" Qos-Metering-Profile-Name = "" Framed-IP-Address = yy.yy.yy.yy rad_recv: CoA-NAK packet from host xx.xx.xx.xx port 3799, id=121, length=32 Error-Cause = Missing-Attribute Event-Timestamp = "Jun 27 2011 10:48:37 MSD" Missing-Attribute is because NAS doesn't receive two attributes Qos-Policing-Profile-Name and Qos-Metering-Profile-Name because radclient doesn't really send it or filtered it, i.e. NAS only received Context-Name and Framed-IP-Address, is this possible to send empty value? -- Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl multiple attributes in rad_reply was: Adding Multiple Cisco-AVPairs using rlm_perl
В сообщении от Четверг 26 августа 2010 11:17:45 автор Bjørn Mork написал:
> Boian Jordanov writes:
> > On Aug 22, 2010, at 3:06 PM, Alexander Kubatkin wrote:
> >> В сообщении от Воскресенье 22 августа 2010 10:48:56 автор Alan DeKok
> >> написал:
> >>> Alexander Kubatkin wrote:
> >>>> This isn't working, i'm trying to put 2 dns-servers in dhcp
> >>>> configuration like this:
> >>>> $RAD_REPLY{'DHCP-Domain-Name-Server'} = ["$ns1","$ns2"] ;
> >
> > To return multiple items you have to use array ref.
> >
> > Try this way.
> >
> > $data[0] = "nameserver_1";
> > $data[1] = "nameserver_2";
> >
> > $data[2] = "nameserver_3";
> >
> > $data[3] = "nameserver_x";
> >
> >
> > $RAD_REPLY{'DHCP-Domain-Name-Server'} = \...@data;
>
> Which should be equivalent to doing
>
> $RAD_REPLY{'DHCP-Domain-Name-Server'} = ["nameserver_1",
> "nameserver_2",
> "nameserver_3",
> "nameserver_x"];
>
> so I don't think that's the problem.
>
> But we are all guessing, since we haven't yet seen the actual debug
> output from FreeRADIUS, only selected bits and pieces of the non-working
> end result.
>
> Since we *know* that FreeRADIUS and rlm_perl work when configured
> correctly, we can deduce that there is "something" wrong with the
> configuration. I believe that's the best we can do, given the input
> available to us.
>
>
this is with $RAD_REPLY{'DHCP-Domain-Name-Server'} = ["$ns1","$ns2"] ;
Received DHCP-Request of id ef3e6917 from Relay_ip:68 to DHCP-Server_ip:67
DHCP-Opcode = Client-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 1
DHCP-Transaction-Id = 4013844759
DHCP-Number-of-Seconds = 73
DHCP-Flags = 0
DHCP-Client-IP-Address = Client_ip
DHCP-Your-IP-Address = 0.0.0.0
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = Relay_ip
DHCP-Client-Hardware-Address = Client_mac
DHCP-Message-Type = DHCP-Request
DHCP-Hostname = "kaa-laptop"
DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Broadcast-Address
DHCP-Parameter-Request-List = DHCP-Time-Offset
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-Domain-Name
DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
DHCP-Parameter-Request-List = DHCP-Domain-Search
DHCP-Parameter-Request-List = DHCP-Hostname
DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers
DHCP-Parameter-Request-List = DHCP-NETBIOS
DHCP-Parameter-Request-List = DHCP-Interface-MTU-Size
DHCP-Parameter-Request-List = DHCP-Classless-Static-Route
DHCP-Parameter-Request-List = DHCP-NTP-Servers
DHCP-Agent-Circuit-Id = 0x000403e50002
server dhcp {
Trying sub-section dhcp DHCP-Request {...}
+- entering group DHCP-Request {...}
[linelog] expand: %{reply:DHCP-Message-Type} ->
[linelog] ... expanding second conditional
[linelog] expand: %{request:DHCP-Message-Type} -> DHCP-Request
[linelog] expand:
%{%{reply:DHCP-Message-Type}:-%{request:DHCP-Message-Type}} -> DHCP-Request
[linelog] expand: /var/log/linelog -> /var/log/linelog
[linelog] expand: %{request:DHCP-Client-IP-Address} -> Client_ip
[linelog] expand: %{DHCP-Transaction-Id} REQUEST:
%{%{request:DHCP-Client-IP-Address}:-%{request:DHCP-Requested-IP-Address}} from
[%{DHCP-Client-Hardware-Address}] via (%{DHCP-Gateway-IP-Address}) ...
option82= %{DHCP-
Relay-Agent-Information} -> 4013844759 REQUEST: Client_ip from [Client_mac] via
(Relay_ip) ... option82=
++[linelog] returns ok
acid: 0x000403e50002
arid: 0x00060022b06cdd22
option82: 0x0106000403e5000200060022b06cdd22
prepare_cached(call
dhcp_get_all(?,?,@ip,@broadcast,@mask,@gw,@ns1,@ns2,@ntp,@domain,@lease_time))
statement handle DBI::st=HASH(0x80269bb00) still Active at
/usr/local/etc/raddb/dhcp.pl line 235
rlm_perl: Added pair DHCP-Your-IP-Address = 0.0.0.0
rlm_perl: Added pair DHCP-Message-Type = DHCP-Request
rlm_perl: Added pair DHCP-Hop-Count = 1
rlm_perl: Added pair Tmp-String-0 = OK
rlm_perl: Added pair DHCP-Agent-Circuit-Id = 0x000403e50002
rlm_perl: Added pair DHCP-Number-of-Seconds = 73
rlm_perl: Added pair DHCP-Client-IP-Address = Client_ip
rlm_perl: Added pair DHCP-Agent-Remote-Id = 0x00060022b06cdd22
rlm_perl: Added pair DHCP-Gateway-IP-
Re: rlm_perl multiple attributes in rad_reply was: Adding Multiple Cisco-AVPairs using rlm_perl
В сообщении от Воскресенье 22 августа 2010 10:48:56 автор Alan DeKok написал:
> Alexander Kubatkin wrote:
> > This isn't working, i'm trying to put 2 dns-servers in dhcp configuration
> > like this:
> > $RAD_REPLY{'DHCP-Domain-Name-Server'} = ["$ns1","$ns2"] ;
> >
> > and in resolv.conf i see:
> > nameserver IP1 IP2
>
> The RADIUS server doesn't edit /etc/resolv.conf.
:) i know that, just show a result.
>
> The above line shows that both IPs are getting to the client (and WHY
> not run the server in debugging mode to see what it's sending?)
it sending only one DHCP-Domain-Name-Server attribute
Sending DHCP-Ack of id 3a639955 from DHCP-SERVER:67 to DHCP-AGENT-RELAY:67
DHCP-Subnet-Mask = MASK
DHCP-Router-Address = GATEWAY
DHCP-Domain-Name-Server = NS_IP2
DHCP-Domain-Name = DOMAIN
DHCP-Broadcast-Address = BROADCAST
DHCP-NTP-Servers = NTP_IP
DHCP-IP-Address-Lease-Time = LEASE_TIME
Finished request 2.
by in fact, when domain-name-server configured as:
$RAD_REPLY{'DHCP-Domain-Name-Server'} = ["$ns1","$ns2"] ;
dhcp-ack packet sended option t=6 and l=4, as a result - we have only one
nameserver
and when configured in dhcp-site as:
DHCP-Domain-Name-Server = IP1
DHCP-Domain-Name-Server = IP2
dhcp-ack packet sended option t=6 and l=8, as a result we have two nameservers
and more... then this attrubute configured in dhcp-site as 2 separate IPs, in
radiusd -X output showed only one this attribute with only one value in
"Sending DHCP-Ack"-section.
>
> Alan DeKok.
--
__
Alexander Kubatkin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_perl multiple attributes in rad_reply was: Adding Multiple Cisco-AVPairs using rlm_perl
В сообщении от Среда 20 января 2010 02:29:54 автор Bjørn Mork написал:
> James Nedila writes:
> > I have a rlm_perl script where i'd like to return multiple Cisco-AVPair
> > attributes in an Access-Accept response.
> >
> > Since rlm_perl is passed hashes for RAD_REQUEST, RAD_CHECK, and
> > RAD_REPLY, is there a way to pass an array as the value for the
> > Cisco-AVPair hash key? If not, is there another way to do this?
>
> Use an array ref as value. I.e
>
> $RAD_REPLY{'Cisco-AVPair'} = [
>'ip:inacl#1=permit udp any any eq 53',
>'ip:inacl#2=permit tcp any any eq 80',
>'ip:inacl#3=deny ip any any',
> ];
>
This isn't working, i'm trying to put 2 dns-servers in dhcp configuration like
this:
$RAD_REPLY{'DHCP-Domain-Name-Server'} = ["$ns1","$ns2"] ;
and in resolv.conf i see:
nameserver IP1 IP2
but i need
nameserver IP1
nameserver IP2
and if to talk about perl - where no way to have 2 one named key(attribute
like DHCP-Domain-Name-Server ) in hash array, so must be other way to put 2
dns-servers in rad_reply from rlm_perl, how to do this?
for now only one way - dhcp-site and 2 attributes in unlang condition.
>
> Bjørn
>
--
Alexander Kubatkin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: patch for dictionary.redback
dictionary.redback.gz - already patched dictionary, just ungzip and put in dictionary directory (/usr/local/share/freeradius/) tested on freeradius 2.1.8 > dictionary_redback.gz - dictionary for radiator "dictionary_redback > Updated Feb 17, 2009 (jbacker) " > > dictionary.redback.patch.gz - patch for dictionary.redback from > freeradius, based on dictionary_redback. -- ______ Alexander Kubatkin dictionary.redback.gz Description: GNU Zip compressed data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
patch for dictionary.redback
dictionary_redback.gz - dictionary for radiator "dictionary_redback Updated Feb 17, 2009 (jbacker) " dictionary.redback.patch.gz - patch for dictionary.redback from freeradius, based on dictionary_redback. -- __ Alexander Kubatkin dictionary.redback.patch.gz Description: GNU Zip compressed data dictionary_redback.gz Description: GNU Zip compressed data - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with checking dhcp-packet type
On Среда 15 июля 2009 18:33:11 Alexander Kubatkin wrote: > On Среда 15 июля 2009 14:07:18 Alan DeKok wrote: > > Alexander Kubatkin wrote: > > > On Понедельник 13 июля 2009 11:53:23 Alan DeKok wrote: > > >> Alexander Kubatkin wrote: > > >>> when it(fix) come to us? > > >>> > > >>>> If you want the latest version, use git. > > >>> > > >>> last changes 4 days ago > > >> > > >> Did you download the version using git, as I said? The fix was > > >> available there when I sent my message. > > > > > > yes, i did, problem with build isn't fixed, i was trying and under > > > FreeBSD 7 and under Linux kubuntu 9.04. > > > > OK. The fix should now be in git. > > yes, it's working, thank you. > > test with trendnet soho-router will be later. test passed. > > > Alan DeKok. -- __ Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with checking dhcp-packet type
On Среда 15 июля 2009 14:07:18 Alan DeKok wrote: > Alexander Kubatkin wrote: > > On Понедельник 13 июля 2009 11:53:23 Alan DeKok wrote: > >> Alexander Kubatkin wrote: > >>> when it(fix) come to us? > >>> > >>>> If you want the latest version, use git. > >>> > >>> last changes 4 days ago > >> > >> Did you download the version using git, as I said? The fix was > >> available there when I sent my message. > > > > yes, i did, problem with build isn't fixed, i was trying and under > > FreeBSD 7 and under Linux kubuntu 9.04. > > OK. The fix should now be in git. yes, it's working, thank you. test with trendnet soho-router will be later. > > Alan DeKok. -- __ Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with checking dhcp-packet type
On Понедельник 13 июля 2009 11:53:23 Alan DeKok wrote: > Alexander Kubatkin wrote: > > when it(fix) come to us? > > > >> If you want the latest version, use git. > > > > last changes 4 days ago > > Did you download the version using git, as I said? The fix was > available there when I sent my message. > may be i'm get wrong version? i use instructions for stable from http://git.freeradius.org/ -- Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with checking dhcp-packet type
On Понедельник 13 июля 2009 11:53:23 Alan DeKok wrote: > Alexander Kubatkin wrote: > > when it(fix) come to us? > > > >> If you want the latest version, use git. > > > > last changes 4 days ago > > Did you download the version using git, as I said? The fix was > available there when I sent my message. yes, i did, problem with build isn't fixed, i was trying and under FreeBSD 7 and under Linux kubuntu 9.04. /usr/local/bin/libtool --mode=compile cc -O2 -fno-strict-aliasing -pipe -march=pentium4 -I/usr/local/include -L/usr/local/lib -pthread -Wall -D_GNU_SOURCE -DNDEBUG - I/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src -DHOSTINFO=\"i386-portbld-freebsd7.0\" -DRADIUSD_VERSION=\"2.1.7\" -I/usr/local/include -DOPENSSL_NO_KRB5 -c listen.c cc -O2 -fno-strict-aliasing -pipe -march=pentium4 -I/usr/local/include -L/usr/local/lib -pthread -Wall -D_GNU_SOURCE -DNDEBUG -I/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src - DHOSTINFO=\"i386-portbld-freebsd7.0\" -DRADIUSD_VERSION=\"2.1.7\" -I/usr/local/include -DOPENSSL_NO_KRB5 -c listen.c -fPIC -DPIC -o .libs/listen.o listen.c: In function 'client_listener_find': listen.c:129: warning: passing argument 1 of 'listener->print' discards qualifiers from pointer target type listen.c:209: warning: assignment discards qualifiers from pointer target type In file included from listen.c:1305: dhcpd.c: In function 'dhcp_process': dhcpd.c:97: error: 'packet' undeclared (first use in this function) dhcpd.c:97: error: (Each undeclared identifier is reported only once dhcpd.c:97: error: for each function it appears in.) In file included from listen.c:1307: command.c: In function 'command_show_client_config': command.c:845: warning: passing argument 2 of 'cf_section2file' discards qualifiers from pointer target type gmake[4]: *** [listen.lo] Error 1 gmake[4]: Leaving directory `/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src/main' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/usr/ports/net/freeradius2/work/freeradius-server-2.1.7' gmake: *** [all] Error 2 *** Error code 1 Stop in /usr/ports/net/freeradius2. *** Error code 1 Stop in /usr/ports/net/freeradius2. = -- Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with checking dhcp-packet type
On Среда 08 июля 2009 12:19:55 Alan DeKok wrote: > Alexander Kubatkin wrote: > > trying to build from: > > > > freeradius-server-2.1.7.tar.bz2 08-Jul-2009 08:57 2.4M > > Yes... the fix wasn't in yet. when it(fix) come to us? > > If you want the latest version, use git. last changes 4 days ago i'm sorry for my raring. -- Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with checking dhcp-packet type
On Среда 08 июля 2009 10:47:41 Alan DeKok wrote: > Alexander Kubatkin wrote: > > problem with build: > > Ok... wait a bit, and then grab another copy of the source. > > Alan DeKok. trying to build from: freeradius-server-2.1.7.tar.bz2 08-Jul-2009 08:57 2.4M without success... = cc -O2 -fno-strict-aliasing -pipe -march=pentium4 -I/usr/local/include -L/usr/local/lib -pthread -Wall -D_GNU_SOURCE -DNDEBUG -I/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src - DHOSTINFO=\"i386-portbld-freebsd7.0\" -DRADIUSD_VERSION=\"2.1.7\" -I/usr/local/include -DOPENSSL_NO_KRB5 -c listen.c -fPIC -DPIC -o .libs/listen.o listen.c: In function 'client_listener_find': listen.c:129: warning: passing argument 1 of 'listener->print' discards qualifiers from pointer target type listen.c:209: warning: assignment discards qualifiers from pointer target type In file included from listen.c:1305: dhcpd.c: In function 'dhcp_process': dhcpd.c:97: error: 'packet' undeclared (first use in this function) dhcpd.c:97: error: (Each undeclared identifier is reported only once dhcpd.c:97: error: for each function it appears in.) In file included from listen.c:1307: command.c: In function 'command_show_client_config': command.c:845: warning: passing argument 2 of 'cf_section2file' discards qualifiers from pointer target type gmake[4]: *** [listen.lo] Error 1 gmake[4]: Leaving directory `/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src/main' gmake[3]: *** [common] Error 2 gmake[3]: Leaving directory `/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src' gmake[2]: *** [all] Error 2 gmake[2]: Leaving directory `/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src' gmake[1]: *** [common] Error 2 gmake[1]: Leaving directory `/usr/ports/net/freeradius2/work/freeradius-server-2.1.7' gmake: *** [all] Error 2 *** Error code 1 Stop in /usr/ports/net/freeradius2. *** Error code 1 -- Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: problem with checking dhcp-packet type
On Вторник 07 июля 2009 12:08:06 Alan DeKok wrote: > Alexander Kubatkin wrote: > > Below of the message translated and not translated code of dhcp-packet > > from client soho-router TrendNet 631BRP. > > As i can see, the main problem is a wrong order (for freeradius rules) of > > dhcp options and that's why such packet did not recognized and did not > > accepted. When packet is arriving i see "Unknown, or badly formatted DHCP > > packet". > > > > How to fix this? > > http://git.freeradius.org/pre/ > > Download the pre-release of 2.1.7. It should fix this problem. problem with build: cc -O2 -fno-strict-aliasing -pipe -march=pentium4 -I/usr/local/include -L/usr/local/lib -pthread -Wall -D_GNU_SOURCE -DNDEBUG -I/usr/ports/net/freeradius2/work/freeradius-server-2.1.7/src - DHOSTINFO=\"i386-portbld-freebsd7.0\" -DRADIUSD_VERSION=\"2.1.7\" -I/usr/local/include -DOPENSSL_NO_KRB5 -c listen.c -fPIC -DPIC -o .libs/listen.o listen.c: In function 'client_listener_find': listen.c:129: warning: passing argument 1 of 'listener->print' discards qualifiers from pointer target type listen.c:209: warning: assignment discards qualifiers from pointer target type In file included from listen.c:1305: dhcpd.c: In function 'dhcp_process': dhcpd.c:88: error: 'packet' undeclared (first use in this function) dhcpd.c:88: error: (Each undeclared identifier is reported only once dhcpd.c:88: error: for each function it appears in.) dhcpd.c:100: error: 'union ' has no member named 's_addr' dhcpd.c:107: error: 'data_len' undeclared (first use in this function) In file included from listen.c:1307: command.c: In function 'command_show_client_config': command.c:845: warning: passing argument 2 of 'cf_section2file' discards qualifiers from pointer target type gmake[4]: *** [listen.lo] Error 1 -- __ Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
problem with checking dhcp-packet type
Host Name = "Beirel" Option: (12) Host Name Length: 6 Value: 42656972656C Option: (t=55,l=7) Parameter Request List Option: (55) Parameter Request List Length: 7 Value: 0103062C0F2E2F 1 = Subnet Mask 3 = Router 6 = Domain Name Server 44 = NetBIOS over TCP/IP Name Server 15 = Domain Name 46 = NetBIOS over TCP/IP Node Type 47 = NetBIOS over TCP/IP Scope Option: (t=53,l=1) DHCP Message Type = DHCP Discover Option: (53) DHCP Message Type Length: 1 Value: 01 Option: (t=82,l=18) Agent Information Option Option: (82) Agent Information Option Length: 18 Value: 010600040212000702080106001B11B5EF04 Agent Circuit ID: 000402120007 Agent Remote ID: 0106001B11B5EF04 End Option Padding ===== -- Alexander Kubatkin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
