From 21b2541d98b02602dc2301e57c2ca7efddbc6cff Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Fri, 10 Jan 2025 21:02:59 +0100 Subject: radius: T7039: fix broken IPv6 source address When configuring RADIUS to use IPv6 as connection to the server with an optional source-address set system login radius server 2001:db8::4 key '9LMVCtPYpG' set system login radius source-address '2001:db8::1' It will error out: pam_radius_auth(sshd:auth): Failed looking up source IP address [2001:db8::1] for server [2001:db8::4]:1812 (error=System error) The source address is not allowed to be in [] - thus the brackets need to be removed. --- data/templates/login/pam_radius_auth.conf.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'data') diff --git a/data/templates/login/pam_radius_auth.conf.j2 b/data/templates/login/pam_radius_auth.conf.j2 index 75437ca71..f9b8d5e87 100644 --- a/data/templates/login/pam_radius_auth.conf.j2 +++ b/data/templates/login/pam_radius_auth.conf.j2 @@ -9,7 +9,7 @@ {% if address | is_ipv4 %} {% set source_address.ipv4 = address %} {% elif address | is_ipv6 %} -{% set source_address.ipv6 = "[" + address + "]" %} +{% set source_address.ipv6 = address %} {% endif %} {% endfor %} {% endif %} @@ -21,7 +21,7 @@ {% if server | is_ipv4 %} {{ server }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv4 if source_address.ipv4 is vyos_defined }} {% else %} -[{{ server }}]:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }} +{{ server | bracketize_ipv6 }}:{{ options.port }} {{ "%-25s" | format(options.key) }} {{ "%-10s" | format(options.timeout) }} {{ source_address.ipv6 if source_address.ipv6 is vyos_defined }} {% endif %} {% endfor %} {% endif %} -- cgit v1.2.3