UPDATE: It is definitely the "#" that is killing me, if i move the "#" sign anywhere in the string it keeps only the piece prior to the "#" sign of the string, is there a way to escape this character?
Any questions, please let me know. Thank You, Joel Prine Systems Engineer MCSE, CCNA, CSE Conneaut Telephone / Suite224 Internet Phone: (440) 593.7160 Fax: (440) 599.2230 jpr...@suite224.net<mailto:jpr...@suite224.net> [cid:image001.jpg@01CA262C.F8CBE910] 1 [cid:image002.jpg@01CA262C.F8CBE910] ________________________________ P.O. Box 579 | Conneaut, Ohio 44030 | Ph: (440) 593.7113 | TF Ph: (888) 566.7113 | Fax: (440) 599.2230 ________________________________ On Mar 10, 2010, at 3:55 PM, Joel Prine wrote: Hello, I need to pass an odd reply attribute back to my Cisco router to limit DSL users speeds on the interface. I am moving from radiator to freeradius, we are going this fine on radiator from a mysql database. The ldap entry in the directory is radiusReplyItem: Cisco-Avpair = lcp:interface-config#1=rate-limit input 512000 96000 96000 conform-action continue exceed-action drop It appears that it is being truncated at the "#" sign, is this field too long? or is a special character messing it up, is there anyway i can escape the special character if so? Thanks for any help! Here is the DEBUG, I have bolded the lines i noticed.... ********************* rad_recv: Access-Request packet from host 72.2.95.130 port 1645, id=121, length=94 Framed-Protocol = PPP User-Name = "jpr...@suitedsl" User-Password = "overout22" NAS-Port-Type = Virtual NAS-Port = 0 NAS-Port-Id = "4/0/0/0" Service-Type = Framed-User NAS-IP-Address = 72.2.95.130 +- entering group authorize {...} ++[preprocess] returns ok [suffix] Looking up realm "suitedsl" for User-Name = "jpr...@suitedsl" [suffix] No such realm "suitedsl" ++[suffix] returns noop [ldap] performing user authorization for jpr...@suitedsl [ldap] expand: %{Stripped-User-Name} -> [ldap] ... expanding second conditional [ldap] expand: %{User-Name} -> jpr...@suitedsl [ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=jpr...@suitedsl) [ldap] expand: dc=suite224,dc=net -> dc=suite224,dc=net [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in dc=suite224,dc=net, with filter (uid=jpr...@suitedsl) [ldap] looking for check items in directory... [ldap] userPassword -> Cleartext-Password == "{CRYPT}$1$j83AynGz$QIU88xh94V3ocCI.zT/1R1" [ldap] looking for reply items in directory... [ldap] radiusFramedIPAddress -> Framed-IP-Address = 72.2.84.77 [ldap] extracted attribute Cisco-AVPair from generic item Cisco-Avpair = lcp:interface-config#1=rate-limit input 512000 96000 96000 conform-action continue exceed-action drop [ldap] Setting Auth-Type = LDAP [ldap] user jpr...@suitedsl authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok ++[expiration] returns noop ++[logintime] returns noop Found Auth-Type = LDAP +- entering group LDAP {...} [ldap] login attempt by "jpr...@suitedsl" with password "overout22" [ldap] user DN: cn=jpr...@suitedsl,ou=freeradius,dc=suite224,dc=net [ldap] (re)connect to 127.0.0.1:389, authentication 1 [ldap] bind as cn=jpr...@suitedsl,ou=freeradius,dc=suite224,dc=net/overout22 to 127.0.0.1:389 [ldap] waiting for bind result ... [ldap] Bind was successful [ldap] user jpr...@suitedsl authenticated succesfully ++[ldap] returns ok +- entering group post-auth {...} ++[exec] returns noop Sending Access-Accept of id 121 to 72.2.95.130 port 1645 Framed-IP-Address = 72.2.84.77 Cisco-AVPair = "lcp:interface-config" Finished request 30. Any questions, please let me know. Thank You, Joel Prine Systems Engineer MCSE, CCNA, CSE Conneaut Telephone / Suite224 Internet Phone: (440) 593.7160 Fax: (440) 599.2230 jpr...@suite224.net<mailto:jpr...@suite224.net> <image001.jpg> 1 <image002.jpg> ________________________________ P.O. Box 579 | Conneaut, Ohio 44030 | Ph: (440) 593.7113 | TF Ph: (888) 566.7113 | Fax: (440) 599.2230 ________________________________
<<inline: image001.jpg>>
<<inline: image002.jpg>>
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html