Re: 0.5 to 0.9.3 upgrade breaks auth-proxy
Alan DeKok <[EMAIL PROTECTED]> wrote: >Ben Hockenhull <[EMAIL PROTECTED]> wrote: >> Under 0.9.3, only the first AVPair is sent back. I'm not sure why. > > Read the 'man' page for the 'users' file. I think it's also in the >FAQ. > > Try '+=', instead of '='. Ah ha. That did it. I didn't see mention of that in the FAQ, but it was in the man pages. Thanks. Ben - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.5 to 0.9.3 upgrade breaks auth-proxy
Make sure when you install the new server you get the new man pages as well. Alan DeKok wrote: Ben Hockenhull <[EMAIL PROTECTED]> wrote: Under 0.9.3, only the first AVPair is sent back. I'm not sure why. Read the 'man' page for the 'users' file. I think it's also in the FAQ. Try '+=', instead of '='. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: 0.5 to 0.9.3 upgrade breaks auth-proxy
Ben Hockenhull <[EMAIL PROTECTED]> wrote: > Under 0.9.3, only the first AVPair is sent back. I'm not sure why. Read the 'man' page for the 'users' file. I think it's also in the FAQ. Try '+=', instead of '='. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
0.5 to 0.9.3 upgrade breaks auth-proxy
Hi there, I'm doing testing in preparation to upgrade a server from 0.5 to 0.9.3, and I've run into an issue with Cisco's auth-proxy feature. Under 0.5, it's been working. Upon successful authentication, the radius server sends back the proper Cisco-AVpairs for a temporary ACL. I have a debug from the router and from the 0.5 radiusd at http://www.jpj.net/~benh/rad5.txt Under 0.9.3, only the first AVPair is sent back. I'm not sure why. The radius users file is identical, and the config on the router is identical. the only variable seems to be the version of FreeRADIUS. I have a debug from the router and from the 0.9.3 radiusd at http://www.jpj.net/~benh/rad9.txt. Here's the users file in question: hunter1Auth-Type := Local, Password == "student1" Cisco-AVPair = "auth-proxy:priv-lvl=15", Cisco-AVPair = "auth-proxy:proxyacl#1=deny ip any 192.168.0.0 0.0.0.255", Cisco-AVPair = "auth-proxy:proxyacl#2=permit ip any any" Leaving aside the question of why it's taken so long to upgrade this server, does anyone have any ideas? Thanks Ben -- Ben Hockenhull [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html