Everything looks OK now, but I would still welcome any comments about my approach or suggestions about a better method. Particularly I'd like to make sure I managed the Realm and Proxy-To-Realm attributes correctly.
My goal was to programmatically proxy Accounting-Requests for a particular realm, but with the realm in the outgoing User-Name replaced by a different realm. When the response comes back from the home server, everything should be seemless, with the response going back to the originating client as usual. This appears to be happening.
Dave
Dave Mason wrote:
Hi,
I have an application where I need to programmatically change the realm I proxy Accounting-Request messages to if the incoming realm is some known value. I have a preacct function that looks for the particular realm in the User-Name, and if it's there, it adds a Realm attrbute to request->packet->vps and a Proxy-To-Realm attribute to request->config_items. In radiusd.conf I put this before "suffix", so rlm_realm doesnt do anything. This sets up the proxy to the new realm, but the User-Name in the proxy packet still has the original realm, and I need to switch it to the new one.
I tried writing a pre-proxy function that looks for User-Name in request->proxy->vps, deletes it, and adds a new one with the my new realm substituted for the old one. That function appears to work, but radiusd crashes in rad_send (radius.c) in the following code block, on the line "if ((VENDOR...".
for (reply = packet->vps; reply; reply = reply->next) { /* * Ignore non-wire attributes */ if ((VENDOR(reply->attribute) == 0) && ((reply->attribute & 0xFFFF) > 0xff)) { continue; } ....
I suspect I mangled the request proxy packet somehow. Is there a better way to do this?
Dave
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
