class attribute wont pass

Fri, 08 Jul 2005 08:09:37 -0700 

Hello,
I'm running freeradius 0.9.3 (I know.. it's old..), operating in a proxy configuration. I'm having issues with freeradius not passing the "class" attribute back to the NAS after receiving it from one of our proxy customers. I can't put the Class attribute in the user's file because the proxy customer uses different values per customer. We only have one customer that passes the class attribute to us, so this is the first instance where we are having this issue. I've tried changing the attribute value from "octet" to "string" in the dictionary file as was suggested previously on the mailing list, but it doesn't make a difference :-( Here is debug output from radiusd: 



rad_recv: Access-Request packet from host 63.110.xxx.xx:3401, id=75, 
length=211

       User-Name = "[EMAIL PROTECTED]"
       User-Password = "6875"
       NAS-IP-Address = 63.215.xx.xxx
       NAS-Port = 807
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Ascend-Data-Rate = 28800
       Ascend-Calling-Id-Type-Of-Num = Unknown
       Ascend-Calling-Id-Number-Plan = Unknown
       Ascend-Xmit-Rate = 50667
       Called-Station-Id = "317270xxxx"
       Calling-Station-Id = "317862xxxx"
       NAS-Identifier = "nas.ind.Level3.net"
       Acct-Session-Id = "483826947"
       NAS-Port-Type = Async
       Ascend-NAS-Port-Format = 4
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 73
 modcall[authorize]: module "attr_filter" returns noop for request 73
   rlm_realm: Looking up realm "realm.com" for User-Name = "[EMAIL PROTECTED]"
   rlm_realm: Found realm "realm.com"
   rlm_realm: Proxying request from user user to realm realm.com
   rlm_realm: Adding Realm = "realm.com"

   rlm_realm: Preparing to proxy authentication request to realm 
"realm.com"

modcall[authorize]: module "suffix" returns updated for request 73
   users: Matched DEFAULT at 537
 modcall[authorize]: module "files" returns ok for request 73
 hints: Matched DEFAULT at 49
 modcall[authorize]: module "preprocess" returns ok for request 73
modcall: group authorize returns updated for request 73
Sending Access-Request of id 1 to 63.174.xxx.xx:1645
       User-Name = "[EMAIL PROTECTED]"
       User-Password = "6875"
       NAS-IP-Address = 63.215.xx.xxx
       NAS-Port = 807
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Ascend-Data-Rate = 28800
       Ascend-Calling-Id-Type-Of-Num = Unknown
       Ascend-Calling-Id-Number-Plan = Unknown
       Ascend-Xmit-Rate = 50667
       Called-Station-Id = "317270xxxx"
       Calling-Station-Id = "317862xxxx"
       NAS-Identifier = "nas.ind.Level3.net"
       Acct-Session-Id = "483826947"
       NAS-Port-Type = Async
       Ascend-NAS-Port-Format = 4
       Proxy-State = 0x3735
Waking up in 1 seconds...

rad_recv: Access-Accept packet from host 63.174.xxx.xx:1645, id=1, 
length=218

       Proxy-State = 0x3735
       Service-Type = Framed-User
       Framed-Protocol = PPP
       Ascend-Data-Filter = "ip in forward tcp est"
       Ascend-Data-Filter = "ip in forward dstip 63.174.xxx.x/24 0"
       Ascend-Data-Filter = "ip in drop tcp dstport = 25"
       Ascend-Data-Filter = "ip in forward 0"
       Idle-Timeout = 1800
       Session-Timeout = 21600
       Propel-Accelerate = 1
       X-Ascend-Idle-Limit = 1800
       X-Ascend-Maximum-Time = 28800
       Class = "IEAS1\005378602\003292"
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 73
attr_filter: Matched entry DEFAULT at line 84
 modcall[authorize]: module "attr_filter" returns updated for request 73
   rlm_realm: Proxy reply, or no User-Name.  Ignoring.
 modcall[authorize]: module "suffix" returns noop for request 73
   users: Matched DEFAULT at 537
 modcall[authorize]: module "files" returns ok for request 73
 hints: Matched DEFAULT at 49
 modcall[authorize]: module "preprocess" returns ok for request 73
modcall: group authorize returns updated for request 73
 rad_check_password:  Found Auth-Type
 rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [EMAIL PROTECTED]/6875] (from client acs223 port 807 cli 3178623267)
Sending Access-Accept of id 75 to 63.110.xxx.xx:3401
       Service-Type := Framed-User
       Framed-IP-Address := 255.255.255.254
       Framed-IP-Netmask := 255.255.255.255
       Framed-Protocol := PPP
       Ascend-Data-Filter = "ip in forward tcp est"
       Ascend-Data-Filter = "ip in forward dstip 63.174.xxx.x/24 0"
       Ascend-Data-Filter = "ip in drop tcp dstport = 25"
       Ascend-Data-Filter = "ip in forward 0"
       Session-Timeout = 21600
       X-Ascend-Maximum-Time = 28800
       Framed-Compression = Van-Jacobson-TCP-IP
       Idle-Timeout = 900
       X-Ascend-Idle-Limit = 900
Finished request 73



--------



As you can see in the debug output, the freeradius server receives the 
class attribute from 63.174.xxx.xx, but when sending back to the NAS at 
63.110.xxx.xx, the Class attribute is not being tagged on.  Any help / 
direction would be greatly appreciated!


Thanks.

Brian Taylor


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





















					Reply via email to