PfSense (NAS)

Darkgloble · Jul 11, 2007, 4:27 PM

Hello,

I'm using the pfSense with a NAS and authenticatting in an external RADIUS server (FreeRadius).
My problem is in how to sent specific attributes (no default values) for a RADIUS server.

I tried configuring the file /usr/local/captiveportal/radius_authentication.inc and radius_accounting.inc, but not success!

I must sent a Vendor Specific (WISPr), and attributes.

How can I do it?

Any answer it is appreciated.

Darkgloble · Jul 12, 2007, 3:10 PM

I need to know how can I set attribute for to sent in the Access-Request!

Someone, please! Moderator… Admins... help me!

morbus · Jul 13, 2007, 10:39 AM

I think the file you need to look at is /etc/inc/captiveportal.inc
This does most of the real work for the portal.

Darkgloble · Jul 13, 2007, 7:19 PM

Yes, is true. But this file contain a "include path" pointing the referenced file above.

Below, one example for this file:

// Default attributes
$rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN);
$rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
$rauth->putAttribute(RADIUS_NAS_PORT, $nas_port);

// Extra data to identify the client and nas
$rauth->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, addr);
$rauth->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid);
$rauth->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid);

// Testing - This line is a test of Vendor-Specific Atribute (VSA)
$rauth->putAttribute(RADIUS_VENDOR_SPECIFIC, $vendor, "14122");

How you can see, this configuration don't causes any error message, but in RADIUS Accounting log this attribute is displayed in hexa format.

morbus · Jul 13, 2007, 7:51 PM

ok I think you need to use the putVendorAttribute($vendor, $attrib, $value, $type = null) function.

the radius stuff is done in /etc/inc/radius.inc

try```
$rauth->putAttribute(RADIUS_SERVICE_TYPE, RADIUS_LOGIN);
$rauth->putAttribute(RADIUS_NAS_PORT_TYPE, RADIUS_ETHERNET);
$rauth->putAttribute(RADIUS_NAS_PORT, $nas_port);

// Extra data to identify the client and nas
$rauth->putAttribute(RADIUS_FRAMED_IP_ADDRESS, $clientip, addr);
$rauth->putAttribute(RADIUS_CALLED_STATION_ID, $calledstationid);
$rauth->putAttribute(RADIUS_CALLING_STATION_ID, $callingstationid);

// Testing - This line is a test of Vendor-Specific Atribute (VSA)
$rauth->putVendorAttribute($vendor, RADIUS_VENDOR_SPECIFIC, "14122");

It looks like vendor atribs need the vendor first then the usual params

Darkgloble · Jul 16, 2007, 9:07 PM

Hello, thanks for your post.

With this parameter, is fast displayed an error message when I do the authentication, but in the log message is displayed another especification… like "WISPr-Attr-0 = 0x".

I tried modificatting this attribute with this type:

$racct->putVendorAttribute("14122", $location_id);

Wharever I set after a vendor with "14122", ever displayed the same log message (WISPr-Attr-0 = 0x).

My attempts did are:

$location_id
"location_id"
'location_id'
WISPr-Location-ID
1, $location_id

any types…

Darkgloble · Jul 16, 2007, 10:21 PM

Uff!!!

Finally I got.

After many testing parameters, I obtained success results with this code:

 // Testing (VSA) WISPr
        $racct->putVendorAttribute(14122, 2, "Sao Paulo, SP", $type = string);
        $racct->putVendorAttribute(14122, 1, "isocc=BRA,cc=55,ac=11,network=LinktelHotSpot,ha=Office", $type = string);

The result log message done:

 WISPr-Location-Name = "Sao Paulo, SP"
        WISPr-Location-ID = "isocc=BRA,cc=55,ac=11,network=LinktelHotSpot,ha=Office"