Hello, I need to pass an odd reply attribute back to my Cisco router to limit DSL users speeds on the interface. I am moving from radiator to freeradius, we are going this fine on radiator from a mysql database.
The ldap entry in the directory is
radiusReplyItem: Cisco-Avpair = lcp:interface-config#1=rate-limit input 512000
96000 96000 conform-action continue exceed-action drop
It appears that it is being truncated at the "#" sign, is this field too long?
or is a special character messing it up, is there anyway i can escape the
special character if so?
Thanks for any help!
Here is the DEBUG, I have bolded the lines i noticed....
*********************
rad_recv: Access-Request packet from host 72.2.95.130 port 1645, id=121,
length=94
Framed-Protocol = PPP
User-Name = "jpr...@suitedsl"
User-Password = "overout22"
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = "4/0/0/0"
Service-Type = Framed-User
NAS-IP-Address = 72.2.95.130
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "suitedsl" for User-Name = "jpr...@suitedsl"
[suffix] No such realm "suitedsl"
++[suffix] returns noop
[ldap] performing user authorization for jpr...@suitedsl
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> jpr...@suitedsl
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=jpr...@suitedsl)
[ldap] expand: dc=suite224,dc=net -> dc=suite224,dc=net
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=suite224,dc=net, with filter
(uid=jpr...@suitedsl)
[ldap] looking for check items in directory...
[ldap] userPassword -> Cleartext-Password ==
"{CRYPT}$1$j83AynGz$QIU88xh94V3ocCI.zT/1R1"
[ldap] looking for reply items in directory...
[ldap] radiusFramedIPAddress -> Framed-IP-Address = 72.2.84.77
[ldap] extracted attribute Cisco-AVPair from generic item Cisco-Avpair =
lcp:interface-config#1=rate-limit input 512000 96000 96000 conform-action
continue exceed-action drop
[ldap] Setting Auth-Type = LDAP
[ldap] user jpr...@suitedsl authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = LDAP
+- entering group LDAP {...}
[ldap] login attempt by "jpr...@suitedsl" with password "overout22"
[ldap] user DN: cn=jpr...@suitedsl,ou=freeradius,dc=suite224,dc=net
[ldap] (re)connect to 127.0.0.1:389, authentication 1
[ldap] bind as cn=jpr...@suitedsl,ou=freeradius,dc=suite224,dc=net/overout22
to 127.0.0.1:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] user jpr...@suitedsl authenticated succesfully
++[ldap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 121 to 72.2.95.130 port 1645
Framed-IP-Address = 72.2.84.77
Cisco-AVPair = "lcp:interface-config"
Finished request 30.
Any questions, please let me know.
Thank You,
Joel Prine
Systems Engineer
MCSE, CCNA, CSE
Conneaut Telephone / Suite224 Internet
Phone: (440) 593.7160
Fax: (440) 599.2230
jpr...@suite224.net<mailto:jpr...@suite224.net>
[cid:image001.jpg@01CA262C.F8CBE910]
1
[cid:image002.jpg@01CA262C.F8CBE910]
________________________________
P.O. Box 579 | Conneaut, Ohio 44030 | Ph: (440) 593.7113 | TF Ph: (888)
566.7113 | Fax: (440) 599.2230
________________________________
<<inline: image001.jpg>>
<<inline: image002.jpg>>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
