1

I am using radiusclient-ng-0.5.6 in my directory ?I have added below lline for VSA attributes. But still my radiusclient binary is not working.please help me with this.

directory

VENDOR  EC       20000
BEGIN-VENDOR EC
        ATTRIBUTE abc1 7777 string
        ATTRIBUTE abc2 7778 string
END-VENDOR   EC


./radiusclient -f /etc/radiusclient-ng/radiusclient.conf User-Name=aaa abc1=aaaaa

error: Apr 21 22:47:53 localhost lt-radiusclient: rc_avpair_parse: unknown attribute abc1

Jatin Bodarya
  • 1,425
  • 2
  • 20
  • 32
  • Your `BEGIN-VENDOR` name doesn't match the `VENDOR` name, which means it's either (a) not parsing the dictionary or (b) generating an error that you're ignoring. – Anya Shenanigans Apr 21 '14 at 13:31
  • sorry, that was my writing mistake. updated strings are above.still getting such error. actually I don't know what should be the command line argument for VSA !! – Jatin Bodarya Apr 21 '14 at 13:38
  • The argument is correct, it looks like the file that contains the dictionary is not being read. Does the config entry for `dictionary` in the `radiusclient.conf` file reference the file containing the attribute? It's not as full featured as the server version which permits includes, so you need a complete list of all the attribute-value pairs (including vendor specific ones) in a single file that is read on the client startup. – Anya Shenanigans Apr 21 '14 at 13:54
  • yes the directory is being reffered. if I wite `ATTRIBUTE abc1 7777 string` only this, it is working properly. but I suppose to add it under vendor specific attribute. but it is give errors like.. rc_avpair_parse: unknown attribute – Jatin Bodarya Apr 21 '14 at 14:28

1 Answers1

1

I tend to use the freeradius radiusclient library, but it's mostly the same code as what was previously developed for the radiusclient-ng library, but the dictionary file format is the same, and doesn't support the BEGIN-VENDOR ... END-VENDOR syntax, so you have to use a slightly different format.

The general format of vendor specific attributes is stated in the RFC as:

0                   1                   2                   3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|     Type      |  Length       |            Vendor-Id
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     Vendor-Id (cont)           | Vendor type   | Vendor length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|    Attribute-Specific...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-

Which means it only supports vendor types from 0 - 255. The use of large numbers (> 255) is intended for internal server use and would not be an acceptable value to use for the attribute id number (i.e. 7777 and 7778 are way too big to be expected vendor types).

You've defined your vendor using the line:

VENDOR EC 20000

And now you need to specify the VSAs using the following format:

ATTRIBUTE abc1 7 string vendor=EC
ATTRIBUTE abc2 8 string vendor=EC

This specifies them with a Vendor type of 7 and 8 respectively.

If you're referencing the proper dictionary file, then the attributes become available to be used and can be passed in:

./radiusclient -f /etc/radiusclient-ng/radiusclient.conf User-Name=aaa abc1=aaaaaa abc2=bbbbb
Anya Shenanigans
  • 91,618
  • 3
  • 107
  • 122
  • To be honest though, unless you have a driving reason for using `radiusclient-ng`, I'd use `radiusclient` from the freeradius project which is (slightly) newer and has a few fixes for issues that exist in the last release of the `-ng` library – Anya Shenanigans Apr 21 '14 at 23:39
  • You do know that the packets are encrypted using the secret specified for the server - are you using the RADIUS dissector from wireshark and setting the secret key in the options? – Anya Shenanigans Apr 22 '14 at 08:02