Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running
great. I am now required to add Ascend-Data-Filter (s). After reading
the documentation I came up with the following:
The following in /usr/local/freeradius/etc/raddb/attrs
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
Login-TCP-Port = 65536,
Framed-IP-Address == 255.255.255.254,
Framed-IP-Netmask == 255.255.255.255,
Framed-Protocol == PPP,
Framed-Protocol == SLIP,
Framed-Compression == Van-Jacobson-TCP-IP,
Framed-MTU = 576,
Framed-Filter-ID =~ .*,
Reply-Message =~ .*,
Session-Timeout = 28800,
Idle-Timeout = 600,
Port-Limit = 2,
Ascend-Data-Filter = ip in forward tcp est,
Ascend-Data-Filter = ip in forward dstip ip.of.mail.box/32,
Ascend-Data-Filter = ip in drop tcp dstport = 25,
Ascend-Data-Filter = ip in forward
And the following in /usr/local/freeradus/etc/raddb/radius.conf
authorize {
preprocess
attr_filter
sql
# files
# counter
# attr_filter
# eap
# suffix
# files
# mschap
}
but alas, the filters do not get send. What am I missing?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
Lists [EMAIL PROTECTED] wrote: I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running great. I am now required to add Ascend-Data-Filter (s). After reading the documentation I came up with the following: The following in /usr/local/freeradius/etc/raddb/attrs DEFAULT Service-Type == Framed-User, Service-Type == Login-User, This is wrong. Please read 'man 5 users' for a description of what '==' does. Framed-MTU = 576, This will NEVER do what you think. The Framed-MTU is an attribute which tells the NAS *exactly* what size MTU to use, and NOT a range. Ascend-Data-Filter = ip in forward tcp est, Ascend-Data-Filter = ip in forward dstip ip.of.mail.box/32, Use '+=' here, instead of '='. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 02:16 PM 5/28/2002 -0700, Lists wrote: I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running great. I am now required to add Ascend-Data-Filter (s). After reading the documentation I came up with the following: The following in /usr/local/freeradius/etc/raddb/attrs 8 snip Ascend-Data-Filter = ip in forward tcp est, Ascend-Data-Filter = ip in forward dstip ip.of.mail.box/32, Ascend-Data-Filter = ip in drop tcp dstport = 25, Ascend-Data-Filter = ip in forward but alas, the filters do not get send. What am I missing? := is the operator you want. And you really want to upgrade to the latest release, as there have been changes to the way attrs is parsed and the operators you can use ( two new ones are now available =* and !* ). -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
Chris Parker [EMAIL PROTECTED] wrote: This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) Whoops, sorry. I skimmed the message too quickly, I think. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote: Lists [EMAIL PROTECTED] wrote: I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running great. I am now required to add Ascend-Data-Filter (s). After reading the documentation I came up with the following: The following in /usr/local/freeradius/etc/raddb/attrs DEFAULT Service-Type == Framed-User, Service-Type == Login-User, This is wrong. Please read 'man 5 users' for a description of what '==' does. This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
OK it's getting clearer. Now, when I use radtest, should I see those filters in the output? Cause I am not seeing any. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Chris Parker Sent: Tuesday, May 28, 2002 11:37 AM To: [EMAIL PROTECTED] Subject: Re: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4 At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote: Lists [EMAIL PROTECTED] wrote: I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been running great. I am now required to add Ascend-Data-Filter (s). After reading the documentation I came up with the following: The following in /usr/local/freeradius/etc/raddb/attrs DEFAULT Service-Type == Framed-User, Service-Type == Login-User, This is wrong. Please read 'man 5 users' for a description of what '==' does. This is not 'users'. This is 'attrs'. The operators specified were correct for that usage, apart from the Data-Filter ones, which should have been := ( Set Operator ). :) -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
Well, to answer my own question, I should but I am not. I have the
following entry in radiusd.conf
authorize {
preprocess
attr_filter
sql
}
attr_filter in turn has this:
attr_filter {
attrsfile = ${confdir}/attrs
}
and attrs
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
Login-Service == Telnet,
Login-Service == Rlogin,
Login-Service == TCP-Clear,
Login-TCP-Port = 65536,
Framed-IP-Address == 255.255.255.254,
Framed-IP-Netmask == 255.255.255.255,
Framed-Protocol == PPP,
Framed-Protocol == SLIP,
Framed-Compression == Van-Jacobson-TCP-IP,
Framed-MTU = 576,
Framed-Filter-ID =~ .*,
Reply-Message =~ .*,
Session-Timeout = 28800,
Idle-Timeout = 600,
Port-Limit = 2,
Ascend-Data-Filter += ip in forward tcp est,
Ascend-Data-Filter := ip in forward dstip ip.of.mailbox/32,
Ascend-Data-Filter := ip in drop tcp dstport = 25,
Ascend-Data-Filter := ip in forward,
Fall-Through = yes
what gives?
OK it's getting clearer. Now, when I use radtest, should I see those
filters in the output? Cause I am not seeing any.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Chris
Parker
Sent: Tuesday, May 28, 2002 11:37 AM
To: [EMAIL PROTECTED]
Subject: Re: Need Help: Struggling to add Ascend-Data-Filter in
Freeradius 0.4
At 02:30 PM 5/28/2002 -0400, Alan DeKok wrote:
Lists [EMAIL PROTECTED] wrote:
I am running FreeRADIUS 0.4 with PostgreSQL backend, it's been
running
great. I am now required to add Ascend-Data-Filter (s). After
reading
the documentation I came up with the following:
The following in /usr/local/freeradius/etc/raddb/attrs
DEFAULT
Service-Type == Framed-User,
Service-Type == Login-User,
This is wrong. Please read 'man 5 users' for a description of what
'==' does.
This is not 'users'. This is 'attrs'. The operators specified were
correct for that usage, apart from the Data-Filter ones, which should
have been := ( Set Operator ). :)
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless!\ Director, Engineering
| @ @ |\ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\--
\ Wholesale Internet Services -
http://www.megapop.net
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Need Help: Struggling to add Ascend-Data-Filter in Freeradius 0.4
At 04:46 PM 5/28/2002 -0700, Lists wrote: DEFAULT Service-Type == Framed-User, Service-Type == Login-User, Login-Service == Telnet, Login-Service == Rlogin, Login-Service == TCP-Clear, Login-TCP-Port = 65536, Framed-IP-Address == 255.255.255.254, Framed-IP-Netmask == 255.255.255.255, Framed-Protocol == PPP, Framed-Protocol == SLIP, Framed-Compression == Van-Jacobson-TCP-IP, Framed-MTU = 576, Framed-Filter-ID =~ .*, Reply-Message =~ .*, Session-Timeout = 28800, Idle-Timeout = 600, Port-Limit = 2, Ascend-Data-Filter += ip in forward tcp est, No. Use :=. Ascend-Data-Filter := ip in forward dstip ip.of.mailbox/32, Ascend-Data-Filter := ip in drop tcp dstport = 25, Ascend-Data-Filter := ip in forward, Fall-Through = yes what gives? Run a recent version. Earlier versions have known problems that cannot be fixed except by upgrading. -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
