Re: Server switch

2013-03-26 Thread Matthew Newton 
On Tue, Mar 26, 2013 at 10:53:36AM +0100, Emmanuel BILLOT wrote:
 Considering request show lines like
 Called-Station-Id = C0-8A-DE-3D-B4-09:TEST
 or
 Called-Station-Id = C0-8A-DE-3D-B4-09:WIFI
 
 where TEST and WIFI are the SSID concerned.
 
 How can we route request to different ports of the server (so
 instances) by using this ?
 I mean when SSID is TEST, request is redirected to local instance on
 port 1820, and when SSID is WIFI, request is redirected to local
 instance on port 1821 ?

Set up proxy.conf with entries for the right ports, then you
should be able to do something like (example, untested):

authorize {

  if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) {
update control {
  Tmp-String-0 := %{1}
}
  }
  
  switch %{Tmp-String-0} {
case 'TEST' {
   update control {
  Proxy-To-Realm := testproxy
   }
}
case 'WIFI' {
   update control {
  Proxy-To-Realm := wifiproxy
   }
}
...
  }

}

This should work between different servers; I'm not sure if you'll
hit the only one internal proxy limit on one server.

Matthew


-- 
Matthew Newton, Ph.D. m...@le.ac.uk

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server switch

2013-03-26 Thread Emmanuel BILLOT 



Set up proxy.conf with entries for the right ports, then you
should be able to do something like (example, untested):

authorize {

   if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) {
 update control {
   Tmp-String-0 := %{1}
 }
   }
   
   switch %{Tmp-String-0} {

 case 'TEST' {
update control {
   Proxy-To-Realm := testproxy
}
 }
 case 'WIFI' {
update control {
   Proxy-To-Realm := wifiproxy
}
 }
 ...
   }

}

This should work between different servers; I'm not sure if you'll
hit the only one internal proxy limit on one server.

Matthew



How about hyphen SSID ? ex : WIFI-TEST
I failed in writing regex for it...

Any idea ?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server switch

2013-03-26 Thread Emmanuel BILLOT 

Set up proxy.conf with entries for the right ports, then you
should be able to do something like (example, untested):

authorize {

   if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) {
 update control {
   Tmp-String-0 := %{1}
 }
   }
   
   switch %{Tmp-String-0} {

 case 'TEST' {
update control {
   Proxy-To-Realm := testproxy
}
 }
 case 'WIFI' {
update control {
   Proxy-To-Realm := wifiproxy
}
 }
 ...
   }

}

This should work between different servers; I'm not sure if you'll
hit the only one internal proxy limit on one server.

Matthew



Using a wide filter capture i get

rad_recv: Access-Request packet from host 172.23.255.199 port 56097, 
id=53, length=232

User-Name = nag...@ac-orleans-tours.fr
Calling-Station-Id = 8C-77-12-53-62-0E
NAS-IP-Address = 172.23.255.199
NAS-Port = 16
Called-Station-Id = C0-8A-DE-FA-E9-58:WIFI-ACAD
Service-Type = Framed-User
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
NAS-Identifier = C0-8A-DE-FA-E9-58
Connect-Info = CONNECT 802.11g/n
EAP-Message = 
0x021f016e6167696f734061632d6f726c65616e732d746f7572732e6672

Vendor-25053-Attr-3 = 0x574946492d41434144
Message-Authenticator = 0xc6f0db77bf6435b74051b3b3db278ca3
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++? if (Called-Station-Id =~ /^.*:(.*)$/)
? Evaluating (Called-Station-Id =~ /^.*:(.*)$/) - TRUE
++? if (Called-Station-Id =~ /^.*:(.*)$/) - TRUE
++- entering if (Called-Station-Id =~ /^.*:(.*)$/) {...}
+++[control] returns notfound
++- if (Called-Station-Id =~ /^.*:(.*)$/) returns notfound
expand: %{Tmp-String-0} -
++- entering switch %{Tmp-String-0} {...}
+++- switch %{Tmp-String-0} returns notfound
++- group authorize returns notfound
ERROR: No authenticate method (Auth-Type) found for the request: 
Rejecting the user

Failed to authenticate the user.
Using Post-Auth-Type Reject

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server switch

2013-03-26 Thread Matthew Newton 
On Tue, Mar 26, 2013 at 02:20:40PM +0100, Emmanuel BILLOT wrote:
 How about hyphen SSID ? ex : WIFI-TEST
 I failed in writing regex for it...

  if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) {

Matthew


-- 
Matthew Newton, Ph.D. m...@le.ac.uk

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server switch

2013-03-26 Thread Emmanuel BILLOT 

Le 26/03/2013 14:45, Matthew Newton a écrit :

On Tue, Mar 26, 2013 at 02:20:40PM +0100, Emmanuel BILLOT wrote:

How about hyphen SSID ? ex : WIFI-TEST
I failed in writing regex for it...

   if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) {

Matthew


Thanks it seems to be ok. Proxy should resent request to virtual server 
so it should work.

But now i have

authorize {
 if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {
update control {
  Tmp-String-0 := %{1}
}
  }

  switch %{Tmp-String-0} {
case 'WIFI-ACAD' {
   update control {
  Proxy-To-Realm := ACAD
   }
}
case 'WIFI-ELEVES' {
   update control {
  Proxy-To-Realm := acad
   }
}
  }
}


and result is

# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++? if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/)
? Evaluating (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) - TRUE
++? if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) - TRUE
++- entering if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {...}
expand: %{1} - WIFI-ACAD
+++[control] returns notfound
++- if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) returns notfound
expand: %{Tmp-String-0} -
++- entering switch %{Tmp-String-0} {...}
+++- switch %{Tmp-String-0} returns notfound
++- group authorize returns notfound
ERROR: No authenticate method (Auth-Type) found for the request: 
Rejecting the user

Failed to authenticate the user.
Using Post-Auth-Type Reject
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group REJECT {...}

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server switch

2013-03-26 Thread Matthew Newton 
On Tue, Mar 26, 2013 at 02:24:21PM +0100, Emmanuel BILLOT wrote:
 # Executing section authorize from file /etc/raddb/sites-enabled/default
 +- entering group authorize {...}
 ++? if (Called-Station-Id =~ /^.*:(.*)$/)
 ? Evaluating (Called-Station-Id =~ /^.*:(.*)$/) - TRUE
 ++? if (Called-Station-Id =~ /^.*:(.*)$/) - TRUE
 ++- entering if (Called-Station-Id =~ /^.*:(.*)$/) {...}
 +++[control] returns notfound

   if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) {
 update control {
   Tmp-String-0 := %{1}
 }
   }

Put quotes around the %{1}.

I said it wasn't tested :)

Matthew


-- 
Matthew Newton, Ph.D. m...@le.ac.uk

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server switch

2013-03-26 Thread Phil Mayers 

On 26/03/2013 13:52, Emmanuel BILLOT wrote:

authorize {
  if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {
 update control {
   Tmp-String-0 := %{1}
 }
   }

   switch %{Tmp-String-0} {


That needs to be:

 switch %{control:Tmp-String-0} {


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server switch

2013-03-26 Thread Matthew Newton 
On Tue, Mar 26, 2013 at 02:52:48PM +0100, Emmanuel BILLOT wrote:
 Thanks it seems to be ok. Proxy should resent request to virtual
 server so it should work.
 But now i have
 
 authorize {
  if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {
 update control {

use instead:

update request {

   Tmp-String-0 := %{1}
 }
   }

It was an *untested example*.

But now I've actually had to go and test it, this works here:

authorize {
   if (Called-Station-Id =~ /^.*:([a-zA-Z-]+)$/) {
 update request {
   Tmp-String-0 := %{1}
 }
   }
   switch %{Tmp-String-0} {
 case 'TEST' {
update control {
   Proxy-To-Realm := testproxy
}
 }
 case 'WIFI' {
update control {
   Proxy-To-Realm := wifiproxy
}
 }
   }
}

Matthew


-- 
Matthew Newton, Ph.D. m...@le.ac.uk

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, ith...@le.ac.uk
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Server switch

2013-03-26 Thread Emmanuel BILLOT 

Le 26/03/2013 15:05, Phil Mayers a écrit :

On 26/03/2013 13:52, Emmanuel BILLOT wrote:

authorize {
  if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {
 update control {
   Tmp-String-0 := %{1}
 }
   }

   switch %{Tmp-String-0} {


That needs to be:

 switch %{control:Tmp-String-0} {


-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html

That's all working ! Thanks a lot !!!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html