[EMAIL PROTECTED] wrote:
hi,
you are still pre-proxy attr filtering?
alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
No, didn't really see the point.. Internal attributes aren't meant to be
proxied, and those are the only ones I really wanted filtering out.
Looks like something very strange is going on with proxying accounting
packets as well.
rad_recv: Accounting-Request packet from host 139.184.8.16 port 1026,
id=225, length=141
Acct-Session-Id = "004E00000019"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Delay-Time = 15
NAS-Port = 1
Calling-Station-Id = "00-1B-63-A3-A8-DD"
Event-Type = Framed-User
NAS-IP-Address = 139.184.8.16
NAS-Identifier = "hp-e-its-dev8021x-sw1"
User-Name = "[EMAIL PROTECTED]"
server default-outer {
+- entering group preacct
++? if ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)
expand: %{User-Name} -> [EMAIL PROTECTED]
? Evaluating ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)
-> TRUE
++? if ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/) ->
TRUE
++- entering if ("%{User-Name}" =~ /\\\\?([EMAIL
PROTECTED])@?([-[:alnum:]._]*)?$/)
+++? if (!"%{2}"||("%{2}" == 'sussex.ac.uk'))
expand: %{2} -> loopback.sussex.ac.uk
? Evaluating "loopback.sussex.ac.uk" -> FALSE
expand: %{2} -> loopback.sussex.ac.uk
? Evaluating ("%{2}" == 'sussex.ac.uk') -> FALSE
+++? if (!"%{2}"||("%{2}" == 'sussex.ac.uk')) -> FALSE
+++- entering else else
expand: [EMAIL PROTECTED] -> [EMAIL PROTECTED]
++++[request] returns noop
+++- else else returns noop
++- if ("%{User-Name}" =~ /\\\\?([EMAIL PROTECTED])@?([-[:alnum:]._]*)?$/)
returns noop
++ ... skipping else for request 20: Preceding "if" was taken
expand: %{Realm} -> %{2}
++- entering switch %{Realm}
+++- entering case
++++[control] returns noop
++++[request] returns noop
+++- case returns noop
++- switch %{Realm} returns noop
++? if ("%{Called-Station-Id}" =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
expand: %{Called-Station-Id} ->
? Evaluating ("%{Called-Station-Id}" =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> FALSE
++? if ("%{Called-Station-Id}" =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> FALSE
++? if ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
expand: %{Calling-Station-Id} -> 00-1B-63-A3-A8-DD
? Evaluating ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
++? if ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
++- entering if ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001B63A3A8DD
+++[request] returns noop
++- if ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns noop
++? if ("%{NAS-Port-Id}" =~ /wl[0-9]*/)
expand: %{NAS-Port-Id} ->
? Evaluating ("%{NAS-Port-Id}" =~ /wl[0-9]*/) -> FALSE
++? if ("%{NAS-Port-Id}" =~ /wl[0-9]*/) -> FALSE
++? if (("%{NAS-Port-Type}" == 'Wireless-802.11')||("%{NAS-Port-Type}"
== 'Ethernet'))
expand: %{NAS-Port-Type} ->
?? Evaluating ("%{NAS-Port-Type}" == 'Wireless-802.11') -> FALSE
expand: %{NAS-Port-Type} ->
?? Evaluating ("%{NAS-Port-Type}" == 'Ethernet') -> FALSE
++? if (("%{NAS-Port-Type}" == 'Wireless-802.11')||("%{NAS-Port-Type}"
== 'Ethernet')) -> FALSE
++? if ("%{NAS-IP-Address}" == '127.0.0.1')
expand: %{NAS-IP-Address} -> 139.184.8.16
? Evaluating ("%{NAS-IP-Address}" == '127.0.0.1') -> FALSE
++? if ("%{NAS-IP-Address}" == '127.0.0.1') -> FALSE
expand: %{Client-Shortname} -> hp-e-its-dev8021x-sw1
++[request] returns noop
rlm_acct_unique: WARNING: Attribute Client-IP-Address was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',NAS-Port = 1,NAS-IP-Address =
139.184.8.16,Acct-Session-Id = "004E00000019",User-Name =
"[EMAIL PROTECTED]"'
rlm_acct_unique: Acct-Unique-Session-ID = "67d4bffd71faf76b".
++[acct_unique] returns ok
+- entering group accounting
expand: /var/log/radiusd/%Y%m%d/accounting-detail-%H:00 ->
/var/log/radiusd/20080205/accounting-detail-12:00
rlm_detail: /var/log/radiusd/%Y%m%d/accounting-detail-%H:00 expands to
/var/log/radiusd/20080205/accounting-detail-12:00
expand: %{Packet-Src-IP-Address} - %t -> 139.184.8.16 - Tue Feb 5
12:49:09 2008
++[accounting_log] returns ok
expand: %{Stripped-User-Name} -> [EMAIL PROTECTED]
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
[EMAIL PROTECTED]
rlm_sql (sql): sql_set_user escaped user --> '[EMAIL PROTECTED]'
expand: %{Acct-Delay-Time} -> 15
expand: INSERT INTO radacct
(acctsessionid, acctuniqueid, username,
realm, nasidentifier, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, calledstationssid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay ) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-Identifier}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
'%S', '0', '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}','%{Called-Station-SSID}','%{Calling-Station-Id}',
'', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0')
-> INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm,
nasidentifier, nasipaddress, nasportid,
nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, calledstationssid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay
) VALUES ('004E00000019',
'67d4bffd71faf76b',
'[EMAIL PROTECTED]', 'jrs',
'hp-e-its-dev8021x-sw1', '139.184.8.16', '1', '',
'2008-02-05 12:49:09', '0', '0', 'RADIUS', '',
'', '0', '0', '','','001B63A3A8DD', '',
'Framed-User', '', '', '15', '0')
rlm_sql (sql): Reserving sql socket id: 19
rlm_sql (sql): Released sql socket id: 19
++[sql] returns ok
expand: %{User-Name} -> [EMAIL PROTECTED]
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
} # server default-outer
+- entering group pre-proxy
expand: /var/log/radiusd/%Y%m%d/pre-proxy-detail-%H:00 ->
/var/log/radiusd/20080205/pre-proxy-detail-12:00
rlm_detail: /var/log/radiusd/%Y%m%d/pre-proxy-detail-%H:00 expands to
/var/log/radiusd/20080205/pre-proxy-detail-12:00
expand: %{Packet-Src-IP-Address} - %t -> 139.184.8.16 - Tue Feb 5
12:49:09 2008
++[pre_proxy_log] returns ok
Where have all the attributes gone ?!!?
Sending Accounting-Request of id 180 to 194.82.174.185 port 1813
Proxy-State = 0x323235
Proxying request 20 to home server 194.82.174.185 port 1813
Sending Accounting-Request of id 180 to 194.82.174.185 port 1813
Realm = "jrs"
Proxy-State = 0x323235
Going to the next request
Waking up in 0.9 seconds.
Waking up in 14.0 seconds.
Rejecting request 17 due to lack of any response from home server
194.82.174.185 port 1813
--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
