attr_rewrite issues

2004-10-28 Thread Brian Ammons 
Hello FreeRadius list:

I'm having difficulty getting the attr_rewrite module to do...well,
anything.

I have a working RADIUS installation validating off of a mySQL database.
Our existing NASs (Wireless APs) transmit mac addresses as 12 character
lower case letter/number combos - this corresponds to username within
RADIUS.  A new NAS device is transmitting mac addresses in caps, with a
colon between each octet.  I am trying to filter the attributes coming from
the new NAS so that they are of the correct format in our mySQL database.

I have already gotten the case issue solved by making the following change
in radiusd.conf:

lower_user = before

What I can't get to work:  I have placed the following in radiusd.conf, just
under the commented-out example of attr_rewrite concerning sanecallerid


attr_rewrite mac_colons {
attribute = User-Name
searchin = packet
searchfor = :
replacewith = 
ignore_case = yes
new_attribute = no
max_matches = 10
append = no
}

However, as I said, I don't see any indication that the RADIUS server is
doing anything of the kind.  This is the debug output, concerning an auth
request from the new type of NAS:

rad_recv: Access-Request packet from host 10.35.0.30:1034, id=50, length=60
Service-Type = Framed-User
NAS-Port-Id = wlan1
User-Name = 00:0A:E9:06:29:07
User-Password = 
NAS-IP-Address = 10.35.0.30
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = '00:0a:e9:06:29:07' ORDER BY id
rlm_sql (sql): User 00:0a:e9:06:29:07 not found in radcheck

Note how the User-Name comes into RADIUS as all caps, but is in lower case
when it's checked against the db, this is the result of the lower_user =
before command I mentioned previously.  However, the attr_rewrite command
doesn't appear to be functioning at all.  I've tried several different
syntaxes slightly different from the one listed above with no luck.  Looking
further around radiusd.conf, I saw the authorize section at the bottom of
the file (thinking that I had to load the module, just as preprocess
apparently has to be loaded):

authorize {
preprocess
#   auth_log
#   attr_filter

attr_rewrite

However, having attr_rewrite uncommented as it is above causes an error on
load:

Starting - reading configuration files ...
Using deprecated naslist file.  Support for this will go away soon.
Module: Loaded exec
rlm_exec: Wait=yes but no output defined. Did you mean output=none?
Module: Instantiated exec (exec)
Module: Loaded expr
Module: Instantiated expr (expr)
Module: Loaded PAP
Module: Instantiated pap (pap)
Module: Loaded CHAP
Module: Instantiated chap (chap)
Module: Loaded MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
Module: Instantiated unix (unix)
Module: Loaded eap
rlm_eap: Loaded and initialized type md5
rlm_eap: Loaded and initialized type leap
rlm_eap: Loaded and initialized type gtc
rlm_eap: Loaded and initialized type mschapv2
Module: Instantiated eap (eap)
Module: Loaded preprocess
Module: Instantiated preprocess (preprocess)
ERROR: Cannot find a configuration entry for module attr_rewrite.

After which is returns to the command prompt (without loading the server).
I don't really understand the error message on its face, as I would have
thought the attr_rewrite mac_colons  section I listed earlier in the file
would be the configuration entry that the error output says it can't find.

So...if anyone can get me any advice re: how to check the functionality of
the attr_rewrite module I'd appreciate it.

Thank you -

Brian Ammons


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: attr_rewrite issues

2004-10-28 Thread Dustin Doris 

 Hello FreeRadius list:

 I'm having difficulty getting the attr_rewrite module to do...well,
 anything.

 I have a working RADIUS installation validating off of a mySQL database.
 Our existing NASs (Wireless APs) transmit mac addresses as 12 character
 lower case letter/number combos - this corresponds to username within
 RADIUS.  A new NAS device is transmitting mac addresses in caps, with a
 colon between each octet.  I am trying to filter the attributes coming from
 the new NAS so that they are of the correct format in our mySQL database.

 I have already gotten the case issue solved by making the following change
 in radiusd.conf:

   lower_user = before

 What I can't get to work:  I have placed the following in radiusd.conf, just
 under the commented-out example of attr_rewrite concerning sanecallerid


 attr_rewrite mac_colons {
 attribute = User-Name
 searchin = packet
 searchfor = :
 replacewith = 
 ignore_case = yes
 new_attribute = no
 max_matches = 10
 append = no
 }

 However, as I said, I don't see any indication that the RADIUS server is
 doing anything of the kind.  This is the debug output, concerning an auth
 request from the new type of NAS:

 rad_recv: Access-Request packet from host 10.35.0.30:1034, id=50, length=60
 Service-Type = Framed-User
 NAS-Port-Id = wlan1
 User-Name = 00:0A:E9:06:29:07
 User-Password = 
 NAS-IP-Address = 10.35.0.30
 rlm_sql (sql): Reserving sql socket id: 4
 rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck
 WHERE Username = '00:0a:e9:06:29:07' ORDER BY id
 rlm_sql (sql): User 00:0a:e9:06:29:07 not found in radcheck

 Note how the User-Name comes into RADIUS as all caps, but is in lower case
 when it's checked against the db, this is the result of the lower_user =
 before command I mentioned previously.  However, the attr_rewrite command
 doesn't appear to be functioning at all.  I've tried several different
 syntaxes slightly different from the one listed above with no luck.  Looking
 further around radiusd.conf, I saw the authorize section at the bottom of
 the file (thinking that I had to load the module, just as preprocess
 apparently has to be loaded):

 authorize {
 preprocess
 #   auth_log
 #   attr_filter

 attr_rewrite

 However, having attr_rewrite uncommented as it is above causes an error on
 load:

 Starting - reading configuration files ...
 Using deprecated naslist file.  Support for this will go away soon.
 Module: Loaded exec
 rlm_exec: Wait=yes but no output defined. Did you mean output=none?
 Module: Instantiated exec (exec)
 Module: Loaded expr
 Module: Instantiated expr (expr)
 Module: Loaded PAP
 Module: Instantiated pap (pap)
 Module: Loaded CHAP
 Module: Instantiated chap (chap)
 Module: Loaded MS-CHAP
 Module: Instantiated mschap (mschap)
 Module: Loaded System
 Module: Instantiated unix (unix)
 Module: Loaded eap
 rlm_eap: Loaded and initialized type md5
 rlm_eap: Loaded and initialized type leap
 rlm_eap: Loaded and initialized type gtc
 rlm_eap: Loaded and initialized type mschapv2
 Module: Instantiated eap (eap)
 Module: Loaded preprocess
 Module: Instantiated preprocess (preprocess)
 ERROR: Cannot find a configuration entry for module attr_rewrite.

 After which is returns to the command prompt (without loading the server).
 I don't really understand the error message on its face, as I would have
 thought the attr_rewrite mac_colons  section I listed earlier in the file
 would be the configuration entry that the error output says it can't find.

 So...if anyone can get me any advice re: how to check the functionality of
 the attr_rewrite module I'd appreciate it.

 Thank you -

 Brian Ammons




Its because you defined the name of the module as mac_colons.  Change
attr_rewrite to mac_colons in your authorize section.



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SUCCESS, now User-Password...was RE: attr_rewrite issues

2004-10-28 Thread Brian Ammons 
  So...if anyone can get me any advice re: how to check the
 functionality of
  the attr_rewrite module I'd appreciate it.
 
  Thank you -
 
  Brian Ammons
 


 Its because you defined the name of the module as mac_colons.  Change
 attr_rewrite to mac_colons in your authorize section.


That worked, exactly as advertised.  Thank you very, very much.  But I have
another problem, that I tried to solve but took down all our other NASs
instead...I googled and searched the archive but I couldn't find the
answer...

The new NAS does not transmit a password along with the username, as
illustrated below:

rad_recv: Access-Request packet from host 10.35.0.30:1034, id=50, length=60
 Service-Type = Framed-User
 NAS-Port-Id = wlan1
 User-Name = 00:0A:E9:06:29:07
 User-Password = 
 NAS-IP-Address = 10.35.0.30

In our AuthDB, every username (the 12 digit mac, no colons) has a password
that exactly matches the username.

I tried to do this (and correctly loaded the module this time, thanks again
to Dustin Doris):

#attr_rewrite blank_password {
#   attribute = User-Password
#   searchin = packet
#   searchfor = 
#   replacewith = User-Name
#   ignore_case = yes
#   new_attribute = no
#   max_matches = 10
#   append = no
#}

However, as I mentioned, that totally broke every other Auth-Request in
addition to not validating the new NAS Auth-Request in question.

So my boolean would be, IF an Auth-Request comes in (??from a particlar
client?  or from a particular shortname defined in clients.conf? or would
it be with a blank password) THEN replace User-Password with (no colons,
all lowercase) User-Name.

OR would I replace it with the User-Name as passed from the NAS and then
operate on the password?

Thanks again for the assistance:

Brian



 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html