Re: Post-Proxy-Type + rlm_rewrite + rlm_ippool does not work
This is a discussion on Re: Post-Proxy-Type + rlm_rewrite + rlm_ippool does not work within the FreeRADIUS Users forums, part of the Networking and Network Related category; On Wed, Apr 06, 2005 at 03:30:34PM +0300, Pasi K=E4rkk=E4inen wrote: > Hi! >=20 > ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
04-12-2005
|
|||
|
|||
Re: Post-Proxy-Type + rlm_rewrite + rlm_ippool does not work
On Wed, Apr 06, 2005 at 03:30:34PM +0300, Pasi K=E4rkk=E4inen wrote:
> Hi! >=20 > I've tried to get this working for a long time, trying almost every kin= d of > possible solution.. with no luck yet :( >=20 Alan, Could you please comment on this.. If I'm trying to do something that won't work, please tell me.. :) Thanks! - Pasi K=E4rkk=E4inen > Scenario: NAS uses freeradius-server (proxy) for authentication. Proxy = needs > to also supply Framed-IP-Address back to NAS.=20 >=20 > Proxy proxies authentication requests to home servers based on realm. >=20 > Now, I _need_ to assign IP-addresses in the _Proxy_ based on realm. >=20 > I set up rlm_ippool for each realm. Now, I need to assign Pool-Name > attribute for all requests based on realm. I do this: >=20 > users-file: >=20 > DEFAULT Realm =3D=3D "foo.com", Post-Proxy-Type :=3D post.proxy.foo > Fall-Through =3D 1 >=20 >=20 > radiusd.conf: >=20 > post-proxy { >=20 > Post-Proxy-Type post.proxy.foo { > rewrite_add_foo_ippool > } > } >=20 > attr_rewrite rewrite_add_foo_ippool { > attribute =3D Pool-Name > searchin =3D proxy_reply > searchfor =3D "" > replacewith =3D "foo_ippool" > new_attribute =3D yes > } >=20 >=20 > post-auth { > =09 > foo_ippool > } >=20 >=20 > Freeradius debug messages when proxy receives authentication request: >=20 >=20 > Module: Instantiated attr_rewrite (rewrite_add_foo_ippool) > Module: Instantiated ippool (foo_ippool) > rlm_realm: Looking up realm "foo.com" for User-Name =3D "test@foo.com" > rlm_realm: Found realm "foo.com" > rlm_realm: Proxying request from user test to realm foo.com > users: Matched entry DEFAULT at line 154 (this is the Post-Proxy-Type l= ine) > rad_recv: Access-Accept packet from host 1.2.3.4:1812, id=3D0, length=3D= 235 > Found Post-Proxy-Type post.proxy.foo > modcall: entering group Post-Proxy-Type for request 0 > rlm_attr_rewrite: Illegal value for searchin. Changing to packet. > rlm_attr_rewrite: Added attribute Pool-Name with value 'foo_ippool' > modcall[post-proxy]: module "rewrite_add_foo_ippool" returns ok for req= uest 0 > modcall: group Post-Proxy-Type returns ok for request 0 > authorize: Skipping authorize in post-proxy stage > rad_check_password: Auth-Type =3D Accept, accepting the user > Login OK: [test@foo.com] (from client client01 port 0) > Processing the post-auth section of radiusd.conf > modcall: entering group post-auth for request 0 > rlm_ippool: Could not find Pool-Name attribute > modcall[post-auth]: module "foo_ippool" returns noop for request 0 > modcall: group post-auth returns noop for request 0 > Finished request 0 >=20 >=20 > I'm using freeradius patch by Nicolas Baradakis <nbk@sitadelle.com> whi= ch > enables freeradius (1.02) to run modules in post-proxy {} section. The = above > Post-Proxy-Type foo {} thing does not work without that patch. >=20 > But the problem is now how to get the Pool-Name variable set so that > rlm_ippool works.. >=20 > Thanks for your help/ideas! >=20 > -- Pasi K=E4rkk=E4inen > =20 > ^ > . . > Linux > / - \ > Choice.of.the > .Next.Generation. >=20 > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/use= rs.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
|
Linear Mode
