Set Calling-Station-Id in accounting by User-Name attribute if it is undefine #1756
Conversation
| @@ -257,9 +260,8 @@ accounting { | |||
| &control:PacketFence-RPC-User = ${rpc_user} | |||
| &control:PacketFence-RPC-Pass = ${rpc_pass} | |||
| &control:PacketFence-RPC-Proto = ${rpc_proto} | |||
| &request:Calling-Station-Id = "%{User-Name}" | |||
There was a problem hiding this comment.
Unless I don't understand something from this logic but it seems like its going to set the Calling-Station-Id to the User-Name in the request whether it looks like a MAC or not, meaning if its a 802.1x connection with username 'lzammit', its going to put 'lzammit' in the Calling-Station-Id.
Only god knows what will happen if 'lzammit' becomes the value of the Calling-Station-Id
There was a problem hiding this comment.
I think I found a picture of the best case:
There was a problem hiding this comment.
In fact it will set the Calling-Station-Id attribute to the user-name if only Calling-Station-Id is undef.
Btw you are right, i will change the policy to something like that:
rewrite_user_name {
if (&User-Name && (&User-Name =~ /^${policy.mac-addr-regexp}$/i)) {
update request {
&User-Name := "%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}"
&Calling-Station-Id = "%{tolower:%{1}:%{2}:%{3}:%{4}:%{5}:%{6}}"
}
updated
}
else {
noop
}
}
And remove &request:Calling-Station-Id = "%{User-Name}"
| @@ -111,3 +111,16 @@ rewrite_calling_station_id { | |||
| noop | |||
| } | |||
| } | |||
|
|
|||
| set_calling_station_id { | |||
| if (&User-Name && (&User-Name =~ /^${policy.mac-addr-regexp}$/i)) { | |||
There was a problem hiding this comment.
I would be careful here.
policy.mac-addr-regexp would also match "aafacceebb01" which could be a user.
You could overwrite a valid username.
There was a problem hiding this comment.
Yes sure, btw this is only use in accounting.
OK so let's start the name challenge, we have to find a username with a or b or c or d or e or f with 12 characters long !
There was a problem hiding this comment.
I think one of Zayme's cousin is named Abdea Befafa
Which could translate to username abdeabefafa1
Jokes aside, I tend to agree with @fdurand on that point where it is extremely unlikely that will happen and since a few controllers tend to send «vidange requests» then we will fix 99.999999% of the cases and break the remaining.
That seems like a good trade-off and likely the only one we can make as I don't see another way to address this.
There was a problem hiding this comment.
All right then.
Don't come to me when Mr. Befafa complains though 😉
|
Status? |
Description
Set Calling-Station-Id if it doesn't exist by the User-Name attribute if it represent a mac address.
Impacts
RADIUS Accounting
Issue
Fix empty Calling-Station-Id in radius accounting
Delete branch after merge
YES
NEWS file entries
Bug Fixes