Re: option 82
Google Radius DHCP client and start reading. :-) FWIW - This isn't a Freeradius question. b...@misn.com Alan DeKok wrote: Kevin Croes wrote: I work at an ISP and we are looking at the possibility to use option 82 in FreeRADIUS. In what, DHCP? RADIUS? The other side is going to send us an ordernumber and then we want to send a configuration back (an ip address etc.). I have no idea what that means... Been searching how to do this in FreeRADIUS, but haven't found much useful information. So, if somebody can point me in the right direction on how to set it up in FreeRADIUS. Any help will be greatly appreciated. Perhaps you could describe the problem in more detail. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVpair accounting client-mac-address with unlang
See the following link and the associated reference posts. What you need is already built-in. It takes two steps (5 minutes) to get access to the attributes. The only question then is how you will format your SQL statements to write the attributes out to the database (another 5 minutes). http://lists.freeradius.org/mailman/htdig/freeradius-users/2009-December/msg00367.html bbc - Alan DeKok wrote: Joe Maimon wrote: I have searched. I am unsatisfied with the results. The cisco_vsa_hack may have unintended consequences. Like... ? unlang should properly loop over the vp list, like other paircompares do. I would prefer that behavior to be *explicit* rather than *implicit*. I have patched this kind of oversight before elsewhere, not sure if thats the right approach here. Maybe something like: if (*Cisco-AVpair =~ /^client-mac-address=(.+)$/) { i.e. * means any one matches Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVpair accounting client-mac-address with unlang
Been there, done that . . . search the mailing list archives from last month for this topic. The hack turns the av-pair strings into attributes (if you add them to the dictionary). Then you just have to adjust your SQL to address them for writing to the database. Again . . . search the mailing list archives. This has been done before by at least a dozen people. bbc Joe Maimon wrote: I have this in preacct, and it works. if (%{Cisco-AVpair[3]} =~ /^client-mac-address=(.+)$/) { if (!Calling-Station-Id) { update request { Calling-Station-Id := %{1} } } } However this is ugly. I dont want to have to know which Cisco-AVpair it is, it should work whichever the order or number there is. It does not seem to work any other way. I know other directions to head include cisco_vsa_hack or the rlm_policy and others. I would appreciate any tips. Thanks, Joe - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVPair Accounting
O.K. What is the best way to accomplish the following . . . For a specific NAS-IP-Address=10.10.10.10 Accounting packet includes the following . . . %{Calling-Station-Id}(does not exist) %{client-mac-address}=.. Need to write the value for . . . %{client-mac-address} into %{Calling-Station-Id} . . . so that the Calling-Station-Id will be written to the MySQL database radacct table. Bryan - Michael Bowe wrote: One of the attributes we are after is the client-mac-address from Cisco-AVPair = client-mac-address=0012.3fb2.15d2. So far it is now converted to an attribute of its own client-mac-address=0012.3fb2.15d2. (by setting cisco-av-hack to yes and adding some attributes to the dictionary) Now to get it to be the callingstationid. Looks like that will require that attr_rewrite be used to redefine callingstationid to be the mac address defined as client-mac-address. Still reading a bit on how to get that done. Anyone have any suggestions? If so, please send them along. Hi, Tweak the freeradius conf with_cisco_vsa_hack = yes Add dictionary entry something like this : ATTRIBUTE client-mac-address 3004string Give the dialup.conf a bit of a tweak, so if calling-station-id isn't available, try putting the client-mac-address instead : Change '%{Calling-Station-Id}' To '%{Calling-Station-Id:-%{client-mac-address}}' Michael. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVPair Accounting
Coutesy of Michael Bowe . . . Since Calling-Station-Id does not exist in the accounting spill from the Cisco, concatenating the client-mac-address works just great. In the instance that we are not using a Cisco then the Calling-Station-Id is populated and client-mac-address does not exist. So, callingstationid is correct no matter what. No rewrites necessary! Thanks! Bryan - Bryan Campbell wrote: O.K. What is the best way to accomplish the following . . . For a specific NAS-IP-Address=10.10.10.10 Accounting packet includes the following . . . %{Calling-Station-Id}(does not exist) %{client-mac-address}=.. Need to write the value for . . . %{client-mac-address} into %{Calling-Station-Id} . . . so that the Calling-Station-Id will be written to the MySQL database radacct table. Bryan - Michael Bowe wrote: One of the attributes we are after is the client-mac-address from Cisco-AVPair = client-mac-address=0012.3fb2.15d2. So far it is now converted to an attribute of its own client-mac-address=0012.3fb2.15d2. (by setting cisco-av-hack to yes and adding some attributes to the dictionary) Now to get it to be the callingstationid. Looks like that will require that attr_rewrite be used to redefine callingstationid to be the mac address defined as client-mac-address. Still reading a bit on how to get that done. Anyone have any suggestions? If so, please send them along. Hi, Tweak the freeradius conf with_cisco_vsa_hack = yes Add dictionary entry something like this : ATTRIBUTE client-mac-address 3004string Give the dialup.conf a bit of a tweak, so if calling-station-id isn't available, try putting the client-mac-address instead : Change '%{Calling-Station-Id}' To '%{Calling-Station-Id:-%{client-mac-address}}' Michael. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Cisco-AVPair Accounting
Afternoon - We use Freeradius/MySQL with Cisco-AVPair entries to send radreplies and radgroupreplies that specify speeds and such with great success. However, we are having a bit of difficulty sorting out how to sort out Cisco-AVPair accounting entries so that we can insert them into the database. We have read through some list discussions about rewriting things, the cisco vsa hack, and ulang. But, in the end, we are still left needing some assistance, examples, or even a howto. We get two Cisco-AVPair accounting responses in each start record and five in each stop record. What is the best way to sort them out and get them inserted into the radacct table? Thanks! Bryan - b...@misn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVPair Accounting
. . . man unlang. Read about variables. Ivan Kalik O.K. That gets us to the per packet instances of the Cisco-AVPair. We can access the array of two or five instances of Cisco-AVPair that are in the respective packets. That gets us to the strings that are defined. Once you have the string from the array variable=value is there a means built into freeradius to write the value of the variable name (both contained in the string) to an attribute? Bryan Campbell - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVPair Accounting
From someone who has already suffered through it five years ago. And, for the benefit of those who come after me. 1) set with_cisco_vsa_hack = yes in radiusd.conf 2) add the attributes I want to have stripped from the AVPair fields to cisco.dictionary in /usr/local/share/freeradius, freeradius will create newattributes with these names. Now all that remains is figuring out the rewrite to stuff the odd Cisco-AVPair attribute values in pre-existing attributes that are already in the schema. - t...@kalik.net wrote: We use Freeradius/MySQL with Cisco-AVPair entries to send radreplies and radgroupreplies that specify speeds and such with great success. However, we are having a bit of difficulty sorting out how to sort out Cisco-AVPair accounting entries so that we can insert them into the database. We have read through some list discussions about rewriting things, the cisco vsa hack, and ulang. But, in the end, we are still left needing some assistance, examples, or even a howto. We get two Cisco-AVPair accounting responses in each start record and five in each stop record. What is the best way to sort them out and get them inserted into the radacct table? man unlang. Read about variables. Ivan Kalik - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Cisco-AVPair Accounting
One of the attributes we are after is the client-mac-address from Cisco-AVPair = client-mac-address=0012.3fb2.15d2. So far it is now converted to an attribute of its own client-mac-address=0012.3fb2.15d2. (by setting cisco-av-hack to yes and adding some attributes to the dictionary) Now to get it to be the callingstationid. Looks like that will require that attr_rewrite be used to redefine callingstationid to be the mac address defined as client-mac-address. Still reading a bit on how to get that done. Anyone have any suggestions? If so, please send them along. Bryan Bob Franklin wrote: On Mon, 7 Dec 2009, Bryan Campbell wrote: O.K. That gets us to the per packet instances of the Cisco-AVPair. We can access the array of two or five instances of Cisco-AVPair that are in the respective packets. That gets us to the strings that are defined. How about using a regexp: if (%{Cisco-AVPair} =~ /^ssid=(.+)$/) { update request { UCam-Essid-Name := %{1} } } I haven't been able to test this with more than one Cisco-AVPair attribute; I wasn't sure what the conclusion was about that, but I think it should match. [You need to define your equivalent of UCam-Essid-Name in the dictionary.] - Bob - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html