Forum Discussion
paul_73820
Apr 02, 2012Nimbostratus
RADIUS iRule to insert vendor attributes
Hi There,
I have been writing a RADIUS iRule, one of the new requirements is for the F5 to insert a few VSA's into attribute 26.
I have had no issues with inserting/updating or reading other attributes, however AVP 26 can be multi valued and that is causing me some issues.
At the moment the rule is going to be along the lines of:
when SERVER_DATA {
if { [RADIUS::code] == 2 } {
RADIUS::avp replace 26 "[RADIUS:avp 26] "
}
}
This is on a UDP VIP with a RADIUS profile set.
What i havent had any luck with is getting those new VSA's to go in.
Has anyone done much with this attribute?
Am i going to need to convert it to an octet string before it is inserted?
Paul
- Sam_Pickles_110NimbostratusHi Paul;
- paul_73820NimbostratusHi Sam,
- Nat_ThirasuttakornEmployeeHi Paul,
- paul_73820NimbostratusHi Nat,
- Nat_ThirasuttakornEmployeehere is how to recalculate authenticator.
after all RADIUS::avp insert command set secret "secret" binary scan [UDP::payload] a1a1a2a16a* code id len auth attrs if you didn't use Radius iRule to insert new attribute, length may need to be recalculated you could probably do something like (assume radius packet contains no padding byte) set len [binary format S [UDP::payload length]] per RFC (don't remember which one 🙂 ) Code + Identifier + Length + 16 zero octets + request attributes + shared secret set zero "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" set newauth [md5 "${code}${id}${len}${zero}${attrs}${secret}"] UDP::payload replace 4 16 $newauth
Recent Discussions
Related Content
Â
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects