Re: Proxy reply and attr_filter

Tue, 18 Jan 2005 07:57:54 -0800

Hi,
 
I have figured out the real problem was. Actually the attr_filter not consider all other a/v pairs from proxy request and just builts a new proxy reply containing only the tunnel attributes I have set in attrs file.
 
Now the question arises if it is possible to let attr_filter add required a/v pairs keeping the a/v pairs came in the proxy reply?( means just addition of Tunnel a/v pairs in proxy reply)
 
if possible how?
 
Regards,
Raza.

Cool Man <[EMAIL PROTECTED]> wrote:
Hi,

I am trying to assign different VLANs based on realms.
I use rlm_attr_filter and attrs file to acomplish
this.

I have done the following setting in attrs file

labtest.de

Tunnel-Type:1 := VLAN
Tunnel-Medium-Type:1 := IEEE-802
Tunnel-Private-Group-Id:1 := "labtest"

it works perfectly and I receive access accept from
radius server
with following message sent to my NAS

rad_check_password: Auth-Type = Accept, accepting the
user
Sending Access-Accept of id 22 to 129.69.1.50:1812
Tunnel-Type:1 := VLAN
Tunnel-Medium-Type:1 := IEEE-802
Tunnel-Private-Group-Id:1 := "labtest"

but the NAS which is cisco Catalyst 2970 switch
doesn't open the port. Additionally It doesn't
understand the Tunnel attributes.

But when I try for a local user defined in users file

testuser User-Password =="test"
Tunnel-Type:1 = VLAN,
Tunnel-Medium-Type:1 =IEEE-802,
Tunnel-Private-Group-Id:1 = labtest


I see this message in radius debug mode

Sending Access-Accept of id 29 to 129.69.1.50:1812
Tunnel-Type:1 = VLAN
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Private-Group-Id:1 = "labtest"
MS-MPPE-Recv-Key =
0x82d2b417e4803da1402b6b6e09ea33d9a17e7831ab9f4e72168f71e35948c625
MS-MPPE-Send-Key =
0x0f4e0d86d24e2ae90704293d7f1d4e780e5d7fd506339548117e239582d2e91f
EAP-Message = 0x03060004
Message-Authenticator =
0x00000000000000000000000000000000
User-Name = "testuser"


now the only difference I see when Tunnel attributes
are passed to NAS is the operators ":=" for realm and
"=" for local user.

Can any body suggest that what is wrong with my
settings to make attr_filter work fine with post proxy
or I have done something wrong in my settings.

I will be very thankful.

Regards,
Raza.



__________________________________
Do you Yahoo!?
Yahoo! Mail - now with 250MB free storage. Learn more.
http://info.mail.yahoo.com/mail_250

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Do you Yahoo!?
Read only the mail you want - Yahoo! Mail SpamGuard.

Reply via email to