FreeRADIUS/pam_radius

There is no "Calling-Station-Id" attribute in access-requests sent in response to radius challenge from pam_radius-1.3.17-2.el6.x86_64 (CentOS release 6.5)

simpot opened this issue · 2 comments

There is no "Calling-Station-Id" attribute in access-requests sent in response to radius challenge from pam_radius-1.3.17-2.el6.x86_64 (CentOS release 6.5)

Hi,

I'm using freeradius for custom 2-factor OTP authentication as below:
RADIUS_CLIENT > Access-Request(User/Pass) > FreeRADIUS(check user pass and if ok -> generates state) > Access-Challenge > RADIUS_CLIENT> Access-Request(User/OTP/state) > FreeRADIUS

In first Access-Request (before Access-Challenge) RADIUS_CLIENT is sending all required attributes well (including "Calling-Station-Id")
My problem is on the second Access-Request (after Access-Challenge). There is no "Calling-Station-Id" attribute on this state for some reason...
I have checked this on the following radius client: pam_radius-1.3.17-2.el6.x86_64 (CentOS release 6.5)

UPDATE1:
the flow is looks as below:
1st Access-Request:
rad_recv: Access-Request packet from host 192.168.64.11 port 17193, id=5, length=98
User-Name = "username"
User-Password = "some password"
NAS-IP-Address = 192.168.64.11
NAS-Identifier = "sshd"
NAS-Port = 16168
NAS-Port-Type = Virtual
Service-Type = Authenticate-Only
Calling-Station-Id = "192.168.65.20"

Sending Access-Challenge of id 5 to 192.168.64.11 port 17193
Reply-Message = "OTP code: "
State = 0x33643539623066642d333162662d313165342d393939332d353235343030613964313334

2nd Access-Request:
rad_recv: Access-Request packet from host 192.168.64.11 port 17193, id=6, length=108
User-Name = "username"
User-Password = "736396"
NAS-IP-Address = 192.168.64.11
NAS-Identifier = "sshd"
NAS-Port = 16168
NAS-Port-Type = Virtual
State = 0x33643539623066642d333162662d313165342d393939332d353235343030613964313334

What I do expect is presence of 'Calling-Station-Id = "192.168.65.20"' in 2nd Access-Request packet as well as it present in 1st Access-Request packet.

Thanks a lot,
Dmitry!

Hi,

suggested patch, which do all the magic for me:
File: pam_radius_auth.c

Add in line 1225:

    if (rhost) {
        add_attribute(request, PW_CALLING_STATION_ID, (unsigned char *) rhost,
            strlen(rhost));
    }

Thanks Alan!