There is no "Calling-Station-Id" attribute in access-requests sent in response to radius challenge from pam_radius-1.3.17-2.el6.x86_64 (CentOS release 6.5)
simpot opened this issue · 2 comments
There is no "Calling-Station-Id" attribute in access-requests sent in response to radius challenge from pam_radius-1.3.17-2.el6.x86_64 (CentOS release 6.5)
Hi,
I'm using freeradius for custom 2-factor OTP authentication as below:
RADIUS_CLIENT > Access-Request(User/Pass) > FreeRADIUS(check user pass and if ok -> generates state) > Access-Challenge > RADIUS_CLIENT> Access-Request(User/OTP/state) > FreeRADIUS
In first Access-Request (before Access-Challenge) RADIUS_CLIENT is sending all required attributes well (including "Calling-Station-Id")
My problem is on the second Access-Request (after Access-Challenge). There is no "Calling-Station-Id" attribute on this state for some reason...
I have checked this on the following radius client: pam_radius-1.3.17-2.el6.x86_64 (CentOS release 6.5)
UPDATE1:
the flow is looks as below:
1st Access-Request:
rad_recv: Access-Request packet from host 192.168.64.11 port 17193, id=5, length=98
User-Name = "username"
User-Password = "some password"
NAS-IP-Address = 192.168.64.11
NAS-Identifier = "sshd"
NAS-Port = 16168
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "192.168.65.20"
Sending Access-Challenge of id 5 to 192.168.64.11 port 17193
Reply-Message = "OTP code: "
State = 0x33643539623066642d333162662d313165342d393939332d353235343030613964313334
2nd Access-Request:
rad_recv: Access-Request packet from host 192.168.64.11 port 17193, id=6, length=108
User-Name = "username"
User-Password = "736396"
NAS-IP-Address = 192.168.64.11
NAS-Identifier = "sshd"
NAS-Port = 16168
NAS-Port-Type = Virtual
State = 0x33643539623066642d333162662d313165342d393939332d353235343030613964313334
What I do expect is presence of 'Calling-Station-Id = "192.168.65.20"' in 2nd Access-Request packet as well as it present in 1st Access-Request packet.
Thanks a lot,
Dmitry!
Hi,
suggested patch, which do all the magic for me:
File: pam_radius_auth.c
Add in line 1225:
if (rhost) {
add_attribute(request, PW_CALLING_STATION_ID, (unsigned char *) rhost,
strlen(rhost));
}
Thanks Alan!