Hi,
I'm trying to implement proxy using rlm_perl, I've applied the patch
that should allow me to modify the attributes, but it doesn't seem to
work. (freeradius 1.1.2)
Perl code:
# Function to handle pre_proxy
sub pre_proxy {
&radiusd::radlog(1, "entering pre-proxy");
my %hash = ();
$hash{'User-Name'} = "testuser";
$hash{'Operator'} = ":=";
$RAD_REPLY{'User-Name'} = \%hash;
return RLM_MODULE_UPDATED;
}
# Function to handle post_proxy
sub post_proxy {
&radiusd::radlog(1, "entering post-proxy");
my %hash = ();
$hash{'Framed-IP-Address'} = "10.10.1.1";
$hash{'Operator'} = ":=";
$RAD_REPLY{'Framed-IP-Address'} = \%hash;
return RLM_MODULE_UPDATED;
}
and then debug from radius:
rad_recv: Access-Request packet from host 127.0.0.1:32777, id=31, length=219
User-Password = "password"
User-Name = "[EMAIL PROTECTED]"
Acct-Session-Id = "erx atm 8/0.16901030:169.1030:0239293057"
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "speed:UBR"
NAS-Port-Type = xDSL
NAS-Port = 1084818438
NAS-Port-Id = "atm 8/0.16901030:169.1030"
NAS-IP-Address = 10.10.1.2
NAS-Identifier = "CH_RAN_11"
ERX-Qos-Profile-Name = "qos-3584k_shape"
ERX-Ingress-Policy-Name = "128k_rate"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
modcall[authorize]: module "preprocess" returns ok for request 1
rlm_realm: Looking up realm "somwhere.com" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: Found realm "DEFAULT"
rlm_realm: Adding Stripped-User-Name = "test1"
rlm_realm: Proxying request from user test1 to realm DEFAULT
rlm_realm: Adding Realm = "DEFAULT"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for request 1
perl_pool: item 0x81fc008 asigned new request. Handled so far: 2
found interpetator at address 0x81fc008
rlm_perl: Added pair REALM = somwhere.com
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Stripped-User-Name = test1
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x81fc008
modcall[authorize]: module "perl" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
Processing the pre-proxy section of radiusd.conf
modcall: entering group pre-proxy for request 1
perl_pool: item 0x85ea2a8 asigned new request. Handled so far: 2
found interpetator at address 0x85ea2a8
rlm_perl: entering pre-proxy
rlm_perl: Added pair User-Name = testuser
rlm_perl: Added pair Realm = somwhere.com
rlm_perl: Added pair Stripped-User-Name = test1
rlm_perl: Added pair Proxy-To-Realm = quik
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x85ea2a8
modcall[pre-proxy]: module "perl" returns updated for request 1
modcall: leaving group pre-proxy (returns updated) for request 1
As you can see it modified the User-Name attribute (at least it claims
it did), but:
Sending Access-Request of id 1 to 10.10.12.103 port 1812
User-Password = "password"
User-Name = "test1"
Acct-Session-Id = "erx atm 8/0.16901030:169.1030:0239293057"
Service-Type = Framed-User
Framed-Protocol = PPP
Connect-Info = "speed:UBR"
NAS-Port-Type = xDSL
NAS-Port = 1084818438
NAS-Port-Id = "atm 8/0.16901030:169.1030"
NAS-IP-Address = 10.10.1.2
NAS-Identifier = "CH_RAN_11"
ERX-Qos-Profile-Name = "qos-3584k_shape"
ERX-Ingress-Policy-Name = "128k_rate"
Proxy-State = 0x3331
It doesn't send it, what's more:
rad_recv: Access-Accept packet from host 10.10.12.103:1812, id=1, length=30
Framed-IP-Address = 192.168.1.65
Proxy-State = 0x3331
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 1
perl_pool: item 0x89bb2e0 asigned new request. Handled so far: 2
found interpetator at address 0x89bb2e0
rlm_perl: entering post-proxy
rlm_perl: Added pair Framed-IP-Address = 10.10.1.1
rlm_perl: Added pair Realm = somwhere.com
rlm_perl: Added pair Stripped-User-Name = test1
rlm_perl: Added pair Proxy-To-Realm = quik
rlm_perl: Added pair Proxy-State = 0x3331
rlm_perl: Added pair Framed-IP-Address = 192.168.1.65
perl_pool total/active/spare [3/0/3]
Unreserve perl at address 0x89bb2e0
modcall[post-proxy]: module "perl" returns updated for request 1
modcall: leaving group post-proxy (returns updated) for request 1
authorize: Skipping authorize in post-proxy stage
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Sending Access-Accept of id 31 to 127.0.0.1 port 32777
Framed-IP-Address := 10.10.1.1
Framed-IP-Address = 192.168.1.65
Finished request 1
So in both cases it retaind original values of the attributes. How do
i fix this?
regards
pshemko
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
