You need a space in the destination port value line. i.e.
>> X-Ascend-Data-Filter += "ip in forward tcp est", >> X-Ascend-Data-Filter += "ip in forward dstip 65.182.224.0/26", >> X-Ascend-Data-Filter += "ip in drop tcp dstport = 25", >> X-Ascend-Data-Filter += "ip in forward", instead of... >> X-Ascend-Data-Filter += "ip in forward tcp est", >> X-Ascend-Data-Filter += "ip in forward dstip 65.182.224.0/26", >> X-Ascend-Data-Filter += "ip in drop tcp dstport=25", >> X-Ascend-Data-Filter += "ip in forward", Brian -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Baker Sent: Tuesday, January 18, 2005 4:21 PM To: freeradius-users@lists.freeradius.org Subject: Re: ascend-data-filter info not returned with radtest? It's only one attribute "X-Ascend-Data-Filter" and it's defined just fine. I turned on debugging mode and this is what I get. It doesn't really tell me what I didn't already know. There has to be some configuration error in my users file? I'm just not sure where to start looking. ****************************************************************** rad_recv: Access-Request packet from host 127.0.0.1:41445, id=13, length=58 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = "bakers" User-Password = "scottb" NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "bakers", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched bakers at 1 users: Matched DEFAULT at 4 modcall[authorize]: module "files" returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 13 to 127.0.0.1:41445 X-Ascend-Data-Filter += "ip in forward tcp est" X-Ascend-Data-Filter += "ip in forward dstip 65.182.224.0/26 0" X-Ascend-Data-Filter += "ip in forward 0" Session-Timeout = 28800 Idle-Timeout = 3600 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Propel-Accelerate = 0 Framed-MTU = 576 Finished request 0 Going to the next request Thread 1 waiting to be assigned a request James Feger wrote: > On Tue, 18 Jan 2005, Scott Baker wrote: > >> I'm attempting to do a global dial-up solution and they're requiring >> me to use the ascend-data-filter to open up outbound port 25. Simple >> enough. >> >> I've configured my users file to include the attributes they provided >> and it seems to be accepting the data. However when I query the radius >> with radtest it returns odd results. In my users file I have four ADF >> lines, but only three are returned after the query. Also, some of the >> lines that are returned contain a trailing 0. I'm new to this >> "abinary" type so I'm not sure if this is expected behaviour or not. >> >> ------------------ users ------------------ >> >> bakers User-Password = "passwd" >> Fall-Through = Yes >> >> DEFAULT >> X-Ascend-Data-Filter += "ip in forward tcp est", >> X-Ascend-Data-Filter += "ip in forward dstip 65.182.224.0/26", >> X-Ascend-Data-Filter += "ip in drop tcp dstport=25", >> X-Ascend-Data-Filter += "ip in forward", >> Simultaneous-Use = 1, >> Session-Timeout = 28800, >> Idle-Timeout = 3600, >> Framed-Compression = Van-Jacobson-TCP-IP, >> Service-Type = Framed-User, >> Framed-Protocol = PPP, >> Propel-Accelerate = 0, >> Framed-MTU = 576 >> >> ------------------ radtest output ------------------ >> [EMAIL PROTECTED] ~]# !radte >> radtest bakers scottb localhost 10 localhost >> Sending Access-Request of id 128 to 127.0.0.1:1812 >> User-Name = "bakers" >> User-Password = "scottb" >> NAS-IP-Address = snikt >> NAS-Port = 10 >> rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=128, >> length=170 >> X-Ascend-Data-Filter = "ip in forward tcp est" >> X-Ascend-Data-Filter = "ip in forward dstip 65.182.224.0/26 0" >> X-Ascend-Data-Filter = "ip in forward 0" >> Session-Timeout = 28800 >> Idle-Timeout = 3600 >> Framed-Compression = Van-Jacobson-TCP-IP >> Service-Type = Framed-User >> Framed-Protocol = PPP >> Propel-Accelerate = 0 >> Framed-MTU = 576 > > > > Have you tried running freeradius in debug mode to see what the server > is spitting out as well? Is it possible that a few of the attributes > you are trying to send are not defined in the dictionary file and the > radius server is ignoring those statements? > > -j > > > - List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > -- Scott Baker Canby Telephone - Network Administrator - RHCE Ph: 503.266.8253 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
