uppal/cgrates-radius
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Workaround CGRateS MS-CHAPv2 bug - use *event instead of *radauth

Browse Source 
CGRateS has a bug where *radauth + *mschapv2 looks for MS-CHAP-Response
(attribute 1) instead of MS-CHAP2-Response (attribute 25).
MikroTik sends MS-CHAP2-Response, causing MANDATORY_IE_MISSING error.

This workaround uses *event + *attributes to validate user existence
via attributes subsystem. The actual password validation is NOT done
server-side - MikroTik will handle MS-CHAPv2 locally.

TODO: Report bug to CGRateS - librad.go line 130 should use
MS-CHAP2-Response for MetaMSCHAPV2 case.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Junaid Saeed Uppal
2025-12-23 21:13:38 +05:00
parent 918e9c8cff
commit f6bcdccf9c
1 changed files with 4 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
cgrates.json
View File

@@ -82,27 +82,15 @@
},
"request_processors": [
{
"id": "MSCHAPv2GetPassword",
"id": "PPPoEAuth",
"filters": ["*string:~*vars.*radReqType:*radAuth"],
"flags": ["*authorize", "*attributes", "*continue", "*log"],
"flags": ["*event", "*attributes", "*log"],
"request_fields": [
{"tag": "Account", "path": "*cgreq.Account", "type": "*composed", "value": "~*req.User-Name", "mandatory": true}
],
"reply_fields": [
{"tag": "SessionTimeout", "path": "*rep.Session-Timeout", "type": "*constant", "value": "3600"}
]
},
{
"id": "MSCHAPv2Auth",
"filters": ["*string:~*vars.*radReqType:*radAuth"],
"flags": ["*radauth", "*mschapv2", "*log"],
"request_fields": [
{"tag": "UserPassword", "path": "*vars.UserPassword", "type": "*variable", "value": "~*cgrep.Attributes.Password"}
],
"reply_fields": [
{"tag": "RemoveAddedFields", "filters": ["*notempty:~*cgrep.Error:"], "type": "*removeall", "path": "*rep"},
{"tag": "Code", "path": "*rep.*radReplyCode", "filters": ["*notempty:~*cgrep.Error:"], "type": "*constant", "value": "AccessReject"},
{"tag": "ReplyMessage", "path": "*rep.Reply-Message", "filters": ["*notempty:~*cgrep.Error:"], "type": "*variable", "value": "~*cgrep.Error"}
{"tag": "SessionTimeout", "path": "*rep.Session-Timeout", "type": "*constant", "value": "3600"},
{"tag": "AcctInterimInterval", "path": "*rep.Acct-Interim-Interval", "type": "*constant", "value": "60"}
]
}
]