CODEWITHSUNDEEP
linuxradiusfreeradiusradius-protocol
Jatin Bodarya
Jatin Bodarya

Reputation: 1455

VSA in radiusrequest

I am using radiusclient-ng-0.5.6 in my directory ?I have added below lline for VSA attributes. But still my radiusclient binary is not working.please help me with this.

directory

VENDOR  EC       20000
BEGIN-VENDOR EC
        ATTRIBUTE abc1 7777 string
        ATTRIBUTE abc2 7778 string
END-VENDOR   EC


./radiusclient -f /etc/radiusclient-ng/radiusclient.conf User-Name=aaa abc1=aaaaa

error: Apr 21 22:47:53 localhost lt-radiusclient: rc_avpair_parse: unknown attribute abc1

Upvotes: 1

Views: 637

Answers (1)

Anya Shenanigans
Anya Shenanigans

Reputation: 94654

I tend to use the freeradius radiusclient library, but it's mostly the same code as what was previously developed for the radiusclient-ng library, but the dictionary file format is the same, and doesn't support the BEGIN-VENDOR ... END-VENDOR syntax, so you have to use a slightly different format.

The general format of vendor specific attributes is stated in the RFC as:

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |  Length       |            Vendor-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     Vendor-Id (cont)           | Vendor type   | Vendor length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Attribute-Specific...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Which means it only supports vendor types from 0 - 255. The use of large numbers (> 255) is intended for internal server use and would not be an acceptable value to use for the attribute id number (i.e. 7777 and 7778 are way too big to be expected vendor types).

You've defined your vendor using the line:

VENDOR EC 20000

And now you need to specify the VSAs using the following format:

ATTRIBUTE abc1 7 string vendor=EC
ATTRIBUTE abc2 8 string vendor=EC

This specifies them with a Vendor type of 7 and 8 respectively.

If you're referencing the proper dictionary file, then the attributes become available to be used and can be passed in:

./radiusclient -f /etc/radiusclient-ng/radiusclient.conf User-Name=aaa abc1=aaaaaa abc2=bbbbb

Upvotes: 1

Related Questions