Post-proxy and rlm_perl
Hi, I have to use FreeRadius v2.0.1 in a proxy configuration for translating attributes between two vendor specific equipements (Alcatel-Lucent and Redback). In a first phase (pre-proxy so), I use the preproxy_user file to add attributes to the proxied requests and attr_filter to block others. In a second phase (post-proxy phase I assume), when the reply comes from the home FreeRadius, I have to go through the same kind of process (add attributes which values are taken from a database), but I can't find a equivalent of preproxy_user file to the post-proxy phase. I think that using a perl script with rlm_perl will do this work in the post-proxy function, but when I try to manipulate attributes from the home server response, I can't find them in the %RAD_REQUEST, %RAD_REPLY hashes, and I can see this kind of logs : rlm_perl: Added pair Attribute1 = Value1 ... with the attributes I need from the home server, but after the execution of my code in post-proxy function. I found in the wiki that %RAD_PROXY or %RAD_PROXY_REPLY could be my solution, but when I'm trying to use them, I got an error during the launching of radiusd. Does anyone know how I can get the attributes coming in the Access-Accept from my server, and put new attributes in the Access-Accept send to the original client ? Find a way to make this in rlm_perl could be a solution but if there is an other solution, directly in a FreRadius mechanism I missed during my research, I will use it instead :) Regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Post-proxy and rlm_perl
%RAD_REQUEST_PROXY and %RAD_REQUEST_PROXY_REPLY should do the job. Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Mar 20, 2008, at 11:27 AM, Julien Leloup wrote: Hi, I have to use FreeRadius v2.0.1 in a proxy configuration for translating attributes between two vendor specific equipements (Alcatel-Lucent and Redback). In a first phase (pre-proxy so), I use the preproxy_user file to add attributes to the proxied requests and attr_filter to block others. In a second phase (post-proxy phase I assume), when the reply comes from the home FreeRadius, I have to go through the same kind of process (add attributes which values are taken from a database), but I can't find a equivalent of preproxy_user file to the post- proxy phase. I think that using a perl script with rlm_perl will do this work in the post-proxy function, but when I try to manipulate attributes from the home server response, I can't find them in the % RAD_REQUEST, %RAD_REPLY hashes, and I can see this kind of logs : rlm_perl: Added pair Attribute1 = Value1 ... with the attributes I need from the home server, but after the execution of my code in post-proxy function. I found in the wiki that %RAD_PROXY or %RAD_PROXY_REPLY could be my solution, but when I'm trying to use them, I got an error during the launching of radiusd. Does anyone know how I can get the attributes coming in the Access- Accept from my server, and put new attributes in the Access-Accept send to the original client ? Find a way to make this in rlm_perl could be a solution but if there is an other solution, directly in a FreRadius mechanism I missed during my research, I will use it instead :) Regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Post-proxy and rlm_perl
Thanks for spending time on my problem, it works fine. Best regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE Boian Jordanov a écrit : %RAD_REQUEST_PROXY and %RAD_REQUEST_PROXY_REPLY should do the job. Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Mar 20, 2008, at 11:27 AM, Julien Leloup wrote: Hi, I have to use FreeRadius v2.0.1 in a proxy configuration for translating attributes between two vendor specific equipements (Alcatel-Lucent and Redback). In a first phase (pre-proxy so), I use the preproxy_user file to add attributes to the proxied requests and attr_filter to block others. In a second phase (post-proxy phase I assume), when the reply comes from the home FreeRadius, I have to go through the same kind of process (add attributes which values are taken from a database), but I can't find a equivalent of preproxy_user file to the post-proxy phase. I think that using a perl script with rlm_perl will do this work in the post-proxy function, but when I try to manipulate attributes from the home server response, I can't find them in the %RAD_REQUEST, %RAD_REPLY hashes, and I can see this kind of logs : rlm_perl: Added pair Attribute1 = Value1 ... with the attributes I need from the home server, but after the execution of my code in post-proxy function. I found in the wiki that %RAD_PROXY or %RAD_PROXY_REPLY could be my solution, but when I'm trying to use them, I got an error during the launching of radiusd. Does anyone know how I can get the attributes coming in the Access-Accept from my server, and put new attributes in the Access-Accept send to the original client ? Find a way to make this in rlm_perl could be a solution but if there is an other solution, directly in a FreRadius mechanism I missed during my research, I will use it instead :) Regards, Julien Leloup Axione 130/132 Boulevard Camélinat 92240 MALAKOFF FRANCE - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
