[PacketFence-users] NEAP on Avaya Switches

Fri, 15 Oct 2021 01:26:48 -0700 

I opened this bug ticket today, and I feel that it's probably more along the 
line of the PacketFence Users sort of issue, as it's working if I have a work 
around. But, I want to remove the work around.

Describe the bug
NEAP requests on Nortel/Avaya/Extreme ERS switches do not present as NEAP to 
PacketFence and are not processed.

To Reproduce
Steps to reproduce the behavior:
Have an Avaya ERS switch send a NEAP request to PacketFence.

RADIUS Request
User-Name = "00e04c680308"
User-Password = "******"
NAS-IP-Address = 172.18.11.250
NAS-Port = 2
Service-Type = Login-User
Proxy-State = 0x3737
NAS-Port-Type = Ethernet
Event-Timestamp = "Oct 13 2021 13:16:16 ADT"
Message-Authenticator = 0xa3a68bfab325a4fb3c5a28fb08c424f4
Fabric-Attach-Switch-Mode = 0
Stripped-User-Name = "00e04c680308"
Realm = "null"
FreeRADIUS-Client-IP-Address = 10.5.13.30
PacketFence-KeyBalanced = "f6c19f849bbb643962fafb82f03ed25f"
PacketFence-Radius-Ip = "10.5.13.32"
Module-Failure-Message = "rest: Server returned:"
Module-Failure-Message = "rest: 
{\"control:PacketFence-Authorization-Status\":\"allow\",\"Reply-Message\":\"Authentication
 failed on PacketFence\"}"
SQL-User-Name = "00e04c680308"

RADIUS Reply
Proxy-State = 0x3737
REST-HTTP-Status-Code = 401
The request does not appear to be parsed correctly as Calling-Station-ID and 
Called-Station-ID are missing from the initial request.

Expected behavior
The Avaya.pm code to process the Called-Station-ID and Calling-Station-ID into 
the request and process it normally. But, it doesn't look like that sub routine 
does not get called unless the radius request already has the 
Calling-Station-ID populated.

Additional context
If you add in the following section to /usr/local/pf/raddb/hints it processes 
correctly:

DEFAULT User-Name =~ 
"([0-9a-fA-f]{2})([0-9a-fA-f]{2})([0-9a-fA-f]{2})([0-9a-fA-f]{2})([0-9a-fA-f]{2})([0-9a-fA-f]{2})"
       Called-Station-Id := "FakeEAP",
       Calling-Station-Id := "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
Which takes the User-Name and Populates it to the Calling-Station-ID and then 
throws garbage data into the Called-Station-ID. This is not ideal, as it's 
global. I'd prefer to have it fixed for the applicable switch code, like in 
Avaya.pm.

Thoughts?

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users














    











					Reply via email to