multiply Cisco-AVPair request attribute process by regular expression
Hi All
I have one Cisco 1 NAS inmy network and this is the authenticate
request :
Packet-Type = Access-Request
Cisco-AVPair = "client-mac-address=f43e.6166.dba0"
Framed-Protocol = PPP
User-Name = "7727221873"
NAS-Port-Type = Ethernet
NAS-Port = 71468299
NAS-Port-Id = "0/0/0/0"
Cisco-AVPair = "circuit-id-tag=Kangan-1 atm 7/42:218:0.35"
Service-Type = Framed-User
NAS-IP-Address = 10.150.21.218
Acct-Session-Id = "0442850B"
Calling-Station-Id = "f4:3e:61:66:db:a0"
Called-Station-Id = ""
SQL-User-Name = "7727221873"
i have tow Cisco-AVPair attribute in request and i need to process one of
them that being started by 'circuit-id-tag=' so i use this :
if (Cisco-AVpair =~ /^circuit-id-tag=(.*)$/) {
update request {
Connect-Info := "%{1}"
}
}
but it is not working !
in similar case that i use regular expression for updating request it
work well for example :
if (Cisco-AVpair =~
/^client-mac-address=([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
{
if (!Calling-Station-Id) {
update request {
Calling-Station-Id :=
"%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
Called-Station-Id := "%{NAS-Identifier}"
}
}
}
in last i think in this case because of multiply Cisco-AVPair attribute
in request regular expression should be different but i can not find
any source that can enplane this problem .
Best regards.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Hi, >but it is not working ! what do you mean? what do you want to do (ie what do you want to have/get and what do you actually get?) - what does the server say/do (ie. run in full debug mode to see what its saying/doing to your logic. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Dear
A.L.M.Buxey
i have 2 Cisco-AVPair in request attribute :
Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
and
Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
for first one i use :
if (Cisco-AVpair =~ /^client-mac-address=([a-f0-9]
[a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
{
if (!Calling-Station-Id) {
update request {
Calling-Station-Id :=
"%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
Called-Station-Id := "%{NAS-Identifier}"
}
}
}
and it is work
for second one i use :
if (Cisco-AVPair =~ /^circuit-id-tag=(.*)$/) {
update request {
NAS-Port-Id := "%{1}"
}
}
But it is not work !
that is the problem.
this is the attribute that come from NAS :
Acct-Session-Id = "04423124"
Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
Framed-Protocol = PPP
Framed-IP-Address = 172.20.10.238
User-Name = "7734247799"
Cisco-AVPair = "connect-progress=LAN Ses Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Ethernet
NAS-Port = 71446820
NAS-Port-Id = "0/0/0/0"
Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
Service-Type = Framed-User
NAS-IP-Address = 10.150.21.218
X-Ascend-Session-Svr-Key = "A4477F54"
Acct-Delay-Time = 29
Calling-Station-Id = ""
Called-Station-Id = ""
Acct-Unique-Session-Id = "8cd7eadca98e09bf"
Timestamp = 1367151426
Best regards
On Mon, Apr 29, 2013 at 1:10 AM, wrote:
> Hi,
>
> >but it is not working !
>
> what do you mean? what do you want to do (ie what do you want to have/get
> and what do you actually get?) - what does the server say/do (ie. run in
> full
> debug mode to see what its saying/doing to your logic.
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
On 28 avr. 2013, at 22:58, Mehdi Ravanbakhsh wrote:
> Dear
> A.L.M.Buxey
>
> i have 2 Cisco-AVPair in request attribute :
>
> Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
>
> and
>
> Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
You have multiple time the same attribute. Use Cisco-AVPair[X] to access a
specific instance of them. If you're running version 3 you can use a foreach
loop
>
> for first one i use :
>
>
> if (Cisco-AVpair =~ /^client-mac-address=([a-f0-9]
> [a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
> {
> if (!Calling-Station-Id) {
> update request {
> Calling-Station-Id :=
> "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
> Called-Station-Id := "%{NAS-Identifier}"
> }
>
> }
>}
>
> and it is work
>
>
> for second one i use :
>
> if (Cisco-AVPair =~ /^circuit-id-tag=(.*)$/) {
>
> update request {
> NAS-Port-Id := "%{1}"
> }
> }
>
> But it is not work !
>
> that is the problem.
>
> this is the attribute that come from NAS :
>
> Acct-Session-Id = "04423124"
> Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
> Framed-Protocol = PPP
> Framed-IP-Address = 172.20.10.238
> User-Name = "7734247799"
> Cisco-AVPair = "connect-progress=LAN Ses Up"
> Acct-Authentic = RADIUS
> Acct-Status-Type = Start
> NAS-Port-Type = Ethernet
> NAS-Port = 71446820
> NAS-Port-Id = "0/0/0/0"
> Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
> Service-Type = Framed-User
> NAS-IP-Address = 10.150.21.218
> X-Ascend-Session-Svr-Key = "A4477F54"
> Acct-Delay-Time = 29
> Calling-Station-Id = ""
> Called-Station-Id = ""
> Acct-Unique-Session-Id = "8cd7eadca98e09bf"
> Timestamp = 1367151426
>
>
> Best regards
>
>
> On Mon, Apr 29, 2013 at 1:10 AM, wrote:
>> Hi,
>>
>> >but it is not working !
>>
>> what do you mean? what do you want to do (ie what do you want to have/get
>> and what do you actually get?) - what does the server say/do (ie. run in full
>> debug mode to see what its saying/doing to your logic.
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Dear Olivier
I am try to test it but why first one is working ?!!! do you check my
regular expression in second one ? i do it correctly ?
and is version 3 stable enough to use ? (your opinion )
Best regards.
On Mon, Apr 29, 2013 at 1:48 AM, Olivier Beytrison wrote:
>
>
> On 28 avr. 2013, at 22:58, Mehdi Ravanbakhsh wrote:
>
> Dear
> A.L.M.Buxey
>
> i have 2 Cisco-AVPair in request attribute :
>
> Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
>
> and
>
> Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
>
>
> You have multiple time the same attribute. Use Cisco-AVPair[X] to access a
> specific instance of them. If you're running version 3 you can use a
> foreach loop
>
>
> for first one i use :
>
>
> if (Cisco-AVpair =~ /^client-mac-address=([a-f0-9]
> [a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
> {
> if (!Calling-Station-Id) {
> update request {
> Calling-Station-Id :=
> "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
> Called-Station-Id :=
> "%{NAS-Identifier}"
> }
>
> }
>}
>
> and it is work
>
>
> for second one i use :
>
> if (Cisco-AVPair =~ /^circuit-id-tag=(.*)$/) {
>
> update request {
> NAS-Port-Id := "%{1}"
> }
> }
>
> But it is not work !
>
> that is the problem.
>
> this is the attribute that come from NAS :
>
> Acct-Session-Id = "04423124"
> Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
> Framed-Protocol = PPP
> Framed-IP-Address = 172.20.10.238
> User-Name = "7734247799"
> Cisco-AVPair = "connect-progress=LAN Ses Up"
> Acct-Authentic = RADIUS
> Acct-Status-Type = Start
> NAS-Port-Type = Ethernet
> NAS-Port = 71446820
> NAS-Port-Id = "0/0/0/0"
> Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
> Service-Type = Framed-User
> NAS-IP-Address = 10.150.21.218
> X-Ascend-Session-Svr-Key = "A4477F54"
> Acct-Delay-Time = 29
> Calling-Station-Id = ""
> Called-Station-Id = ""
> Acct-Unique-Session-Id = "8cd7eadca98e09bf"
> Timestamp = 1367151426
>
>
> Best regards
>
>
> On Mon, Apr 29, 2013 at 1:10 AM, wrote:
>
>> Hi,
>>
>> >but it is not working !
>>
>> what do you mean? what do you want to do (ie what do you want to have/get
>> and what do you actually get?) - what does the server say/do (ie. run in
>> full
>> debug mode to see what its saying/doing to your logic.
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Hi, >i have 2 Cisco-AVPair in request attribute : > >Cisco-AVPair = "client-mac-address=90f6.52d2.384f" > >and > >Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35" you still havent said what you actually want as values. you just say it doesnt work. you also ignore my request for debug output to see what/where. and then you query/question the other answer provided to you regardoing multiple attributes. just do what he said (your first one works because ONE attribute will be the parent 'Cisco-AVpair'). alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Dear A.L.M.Buxey
you still havent said what you actually want as values. you just say it
doesnt work. you also ignore my
request for debug output to see what/where.
I need "*Azadegan-1 atm 2/16:251:0.35*" from this attribute
:Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
server is running in high load and i do not access to other cisco 1
router to test it for debug mod. for running in debug mod i change this
parameter in site enable but i can not get full debug message in log file :
in authorize section :
auth_log
in accounting section :
detail
sql_log
in post-auth section :
sql_log
reply_log
and then you query/question the other answer provided to you regardoing
multiple
attributes. just do what he said (your first one works because ONE
attribute will
be the parent 'Cisco-AVpair').
i test it , but if i use Cisco-AVPair[0] and Cisco-AVPair[1] first one
and second one is not working.
Do i need to to move them in some variable then use regular exertion
?(soothing like this) :
value0 := %{Cisco-AVPair[0]}
value1 := %{Cisco-AVPair[1]}
if (value0 =~ /^client-mac-address=([a-f0-9]
[a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
{
if (!Calling-Station-Id) {
update request {
Calling-Station-Id :=
"%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
Called-Station-Id := "%{NAS-Identifier}"
}
}
}
if (value1 =~ /^circuit-id-tag=(.*)$/) {
update request {
NAS-Port-Id := "%{1}"
}
}
thanks and best regards.
On Mon, Apr 29, 2013 at 2:21 AM, wrote:
> Hi,
>
> >i have 2 Cisco-AVPair in request attribute :
> >
> >Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
> >
> >and
> >
> >Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
>
> you still havent said what you actually want as values. you just say it
> doesnt work. you also ignore my
> request for debug output to see what/where.
>
>
> and then you query/question the other answer provided to you regardoing
> multiple
> attributes. just do what he said (your first one works because ONE
> attribute will
> be the parent 'Cisco-AVpair').
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
On 28.04.2013 23:30, Mehdi Ravanbakhsh wrote:
> DearOlivier
>
> I am try to test it but why first one is working ?!!! do you check my
> regular expression in second one ? i do it correctly ?
I'm quoting the man page.
man unlang :
%{Attribute-Name[index]}
Reference the N'th occurance of the given attribute. The syntax
%{:Attribute-Name[index]} may also be used. The indexes start at
zero. This feature is NOT available for non-attribute dynamic
translations, like %{sql:...}.
For example, %{User-Name[0]} is the same as %{User-Name}
The variable %{Cisco-AVPair[2]} will reference the value of the THIRD
Cisco-AVPair attribute (if it exists) in the request packet,
In your request you have 3 Cisco-AVPair. I don't know if they always
come in the same order or what, but looking at your request
%{Cisco-AVPair[0]} = "client-mac-address=90f6.52d2.384f"
%{Cisco-AVPair[1]} = "connect-progress=LAN Ses Up"
%{Cisco-AVPair[2]} = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
Please NOTE the %{ } surrounding the attribute and its index.
> and is version 3 stable enough to use ? (your opinion )
Version 3 is a living thing. It can be stable one day and buggy the next
one.
I'm running Version 3 in production. I've froze the branch, tested it
carefully, cherry-picked the fix I needed, and deployed it. Version 3
brings some nice things and an important performance improvement.
Olivier
--
Olivier Beytrison
Network & Security Engineer, HES-SO Fribourg
Mail: oliv...@heliosnet.org
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Dear Olivier
thanks for your information
On Mon, Apr 29, 2013 at 11:36 AM, Olivier Beytrison
wrote:
> On 28.04.2013 23:30, Mehdi Ravanbakhsh wrote:
> > DearOlivier
> >
> > I am try to test it but why first one is working ?!!! do you check my
> > regular expression in second one ? i do it correctly ?
>
> I'm quoting the man page.
>
> man unlang :
> %{Attribute-Name[index]}
> Reference the N'th occurance of the given attribute. The syntax
> %{:Attribute-Name[index]} may also be used. The indexes start at
> zero. This feature is NOT available for non-attribute dynamic
> translations, like %{sql:...}.
>
> For example, %{User-Name[0]} is the same as %{User-Name}
>
> The variable %{Cisco-AVPair[2]} will reference the value of the THIRD
> Cisco-AVPair attribute (if it exists) in the request packet,
>
> In your request you have 3 Cisco-AVPair. I don't know if they always
> come in the same order or what, but looking at your request
> %{Cisco-AVPair[0]} = "client-mac-address=90f6.52d2.384f"
> %{Cisco-AVPair[1]} = "connect-progress=LAN Ses Up"
> %{Cisco-AVPair[2]} = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
>
> Please NOTE the %{ } surrounding the attribute and its index.
>
> > and is version 3 stable enough to use ? (your opinion )
>
> Version 3 is a living thing. It can be stable one day and buggy the next
> one.
> I'm running Version 3 in production. I've froze the branch, tested it
> carefully, cherry-picked the fix I needed, and deployed it. Version 3
> brings some nice things and an important performance improvement.
>
> Olivier
>
> --
>
> Olivier Beytrison
> Network & Security Engineer, HES-SO Fribourg
> Mail: oliv...@heliosnet.org
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Hi,
>i test it , but if i use Cisco-AVPair[0] and Cisco-AVPair[1] first one
>and second one is not working.
you need to check which attribute is which.
>Do i need to to move them in some variable then use regular exertion
>?(soothing like this) :
>
>value0 := %{Cisco-AVPair[0]}
>value1 := %{Cisco-AVPair[1]}
you could so, but it makes no real differenceand you'd also have to use a
variable
which makes sense to the server eg Tmp-String-0
as already pointed out, Cisco-AVPair[1] appears to mean nothing to you, its
Cisco-AVPair[2]
which contains the circuit-id-tag request that you want.but if you actually
ran in
full debug mode and posted the output of that then that would be obvious. you
sill havent posted
the radiusd -X output as requested many times so help ends here
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
On 04/28/2013 09:14 PM, Mehdi Ravanbakhsh wrote:
i have tow Cisco-AVPair attribute in request and i need to process one
of them that being started by 'circuit-id-tag=' so i use this :
if (Cisco-AVpair =~ /^circuit-id-tag=(.*)$/) {
update request {
Connect-Info := "%{1}"
}
}
but it is not working !
This is a limitation (or bug, depending on how you define it) of the 2.x
code. The code basically string-ifys the first instance of the attribute
when doing a regexp.
This should be fixed in master - see:
https://github.com/FreeRADIUS/freeradius-server/commit/5a89c9463390987c546864254931167e46fb64c8#src/main/valuepair.c
...for the fix. We run a local version which has this backported.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Dear Phil Mayers
thanks for your reply
i am finally do this in my PostgreSQL function before importing to database
.
Best regards.
On Mon, May 6, 2013 at 6:07 PM, Phil Mayers wrote:
> On 04/28/2013 09:14 PM, Mehdi Ravanbakhsh wrote:
>
> i have tow Cisco-AVPair attribute in request and i need to process one
>> of them that being started by 'circuit-id-tag=' so i use this :
>>
>>
>>
>> if (Cisco-AVpair =~ /^circuit-id-tag=(.*)$/) {
>>
>> update request {
>> Connect-Info := "%{1}"
>> }
>> }
>>
>>
>> but it is not working !
>>
>
> This is a limitation (or bug, depending on how you define it) of the 2.x
> code. The code basically string-ifys the first instance of the attribute
> when doing a regexp.
>
> This should be fixed in master - see:
>
> https://github.com/FreeRADIUS/**freeradius-server/commit/**
> 5a89c9463390987c54686425493116**7e46fb64c8#src/main/valuepair.**c
>
> ...for the fix. We run a local version which has this backported.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
