snoop2radius: a tool for testing RADIUS servers and a RADIUS sniffer

2004-07-07 Thread Miguel Diez 
Hi!

For all of you, this is a little tool I make some time ago to test
RADIUS servers. It's in Python and it's easy to modify to your specific
needs.

It can read a snoop (solaris) or a tcpdump (linux) output directly
through a pipe or from a dumped file and show the packets and/or resend
them to another RADIUS server.

It's useful, for example, if you have a core problem in the production
servers. You can dump the auth/acct packets to a snoop file and then,
try to repeat the core problem in your controlled test area.

It's also useful when you want to see inside the packets, more than any
normal sniffer does because it understands whatever vendor specific
attributes dictionary.

I hope you like it.

Please, send me any bugs, adds, comments or whatever.

Sorry, the help (snoop2radius -h) is in Spanish. Tell me if you are
interested and I'll translate or make any mods to the script.

Thanks, 
   Miguel


snoop2radius.tar.gz
Description: application/compressed-tar

attr_rewrite: How to assign ip address in proxy server and attribute conversion

2004-03-17 Thread Miguel Diez 

Hi!
[Hola]

Ok, I've tried and it works fine!
[Vale, lo he probado y funciona bien!!]

We wanted our proxy radius server to assign ip address dinamically, but
sometimes we don't have the NAS-Port attribute, and freeradius need it
if you want it to assign ip address, so...
[Necesitabamos que nuestro servidor proxy radius asignara direcciones
dinamicamente, pero a veces no nos llegaba el atributo NAS-Port, y
resulta que freeradius lo necesita para asignar ips, por lo tanto...]

Here's the useful snap of my radius.conf:
[Aqui esta un pequeño trozo de mi radius.conf:]

-
# This to activate proxy server, look in docs for proxy conf
# [esto para modo proxy, mira los docs para configurar el proxy]
proxy_requests  = yes
$INCLUDE  ${confdir}/proxy.conf

# Modules seccion
modules {
  ...
# You need a ip pool for assignation
# and associate it to users, see docs
# [Necesitas definir un conjunto de ips para asignar
# y asociarlo a los usuarios, mira la documentacion]
ippool pool_gprs {
   range-start = 10.95.83.1
range-stop = 10.95.83.16
netmask = 255.255.255.224
cache-size = 16
session-db = ${raddbdir}/db.ippool_gprs
ip-index = ${raddbdir}/db.ipindex_gprs
override = yes
}
  ...
attr_rewrite rwnasport {
searchfor = NULL
searchin = packet
# look at doc/attributes.html
#replacewith = %l
replacewith = %{Acct-Session-Id}
max_matches = 1
new_attribute = yes
append = no
attribute = NAS-Port
}
  ...
}

# ip pools should be added in post-auth and accounting sections..
# [los conjuntos de ip deben añadirse a las secciones...]

accounting {
...
pool_gprs
}
   
post-auth {
...
pool_gprs
}

# we need to insert the attribute before processing
# [necesitamos insertar el atributo antes de procesarlo]
pre-proxy {
rwnasport
  ...
}

# an if you want to resend the attrib in the packet 
# to the next server after processing it...
# [y si queremos reenviar el atributo en el paquete 
# al siguiente servidor despues de procesarlo...]

post-proxy {
rwnasport
  ...
}



That's all, I hope it's
[Eso es todo, espero que os sirva de ayuda]


  Miguel Diez Cisneros 
  Telefonica I+D




-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html