Re: filters being dropped while proxied
Shohab Baig [EMAIL PROTECTED] wrote: thats correct and I know theseops but the line I wrote for filters , those are on remote servers which are not Free radius. so that why they are using = sigh Does FreeRADIUS receive only one of those attributes from the remote server? If so, then stop asking questions about a non-FreeRADIUS server on this list. If FreeRADIUS *does* receive all 4 attributes, and sends out onle 1, then we have something for discussion. The issue is that your description of the problem was vague and unclear. There is little than anyone can do to help you unless you describe EXACTLY what problem you're seeing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
yeah thats corrects. FreeRADIUS *does* receive all 4 attributes, and sends out only 1. Sorry if I did not describe the problem exactly. Shohab - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 28, 2003 4:20 AM Subject: Re: filters being dropped while proxied Shohab Baig [EMAIL PROTECTED] wrote: thats correct and I know theseops but the line I wrote for filters , those are on remote servers which are not Free radius. so that why they are using = sigh Does FreeRADIUS receive only one of those attributes from the remote server? If so, then stop asking questions about a non-FreeRADIUS server on this list. If FreeRADIUS *does* receive all 4 attributes, and sends out onle 1, then we have something for discussion. The issue is that your description of the problem was vague and unclear. There is little than anyone can do to help you unless you describe EXACTLY what problem you're seeing. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
Shohab Baig [EMAIL PROTECTED] wrote: yeah thats corrects. FreeRADIUS *does* receive all 4 attributes, and sends out only 1. Sorry if I did not describe the problem exactly. I have a hard time seeing that happen. When the server uses the reply from the home server as the basis for it's own reply, it is *completely* independent of any operators '=' or '+='. I'll bet that your local FreeRADIUS configuration tries to add it's own Ascend filter attributes, and that causes the ones from the home server to be lost. In any case, I don't think it's a good idea to pass through attributes such as those to your NAS's. The home server can use those filters to pass/deny traffic from the customer inside of your local network. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
Thanks. On my local Freeradius server, those realms are just configured for proxy to remote server. I tried to find out, how my server can strip off those attributes. As I tried to look at diff files, attr and other files but could not find any clue that why its doing that. One thing interesting, it does work with one of my client. We receive those A/v from them and pass on to upstream. But from 3 clients, I do see them coming into my server but just one a/v makes to upstream. which is X-Ascend-Data-Filter = ip input forward 0 , hence cant implement filters on end-user. Any help , why its doing so. Could be because of Ascend-Data-Filter's format at remote end. The remote one which is working , Ascend-Data-filter is configured as Radius Standard as far as vendor goes, not as Ascend. Rest remote servers are configured as Ascend as I cant find option in them to change it to Radius Standard. Thanks for your kind help. Shohab - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, January 28, 2003 4:41 AM Subject: Re: filters being dropped while proxied Shohab Baig [EMAIL PROTECTED] wrote: yeah thats corrects. FreeRADIUS *does* receive all 4 attributes, and sends out only 1. Sorry if I did not describe the problem exactly. I have a hard time seeing that happen. When the server uses the reply from the home server as the basis for it's own reply, it is *completely* independent of any operators '=' or '+='. I'll bet that your local FreeRADIUS configuration tries to add it's own Ascend filter attributes, and that causes the ones from the home server to be lost. In any case, I don't think it's a good idea to pass through attributes such as those to your NAS's. The home server can use those filters to pass/deny traffic from the customer inside of your local network. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
Shohab Baig [EMAIL PROTECTED] wrote: Thanks. On my local Freeradius server, those realms are just configured for proxy to remote server. I tried to find out, how my server can strip off those attributes. It doesn't. I've tried it with 0.8.1 and the latest CVS. It works. As I tried to look at diff files, attr and other files but could not find any clue that why its doing that. One thing interesting, it does work with one of my client. We receive those A/v from them and pass on to upstream. But from 3 clients, I do see them coming into my server but just one a/v makes to upstream. I think you're seriously missing the point, and *again* you're confusing the issue. Did you run the server in debug mode, and watch it send the attributes to the client? If the answer is no, then stop wasting our time. This information, that it's a per-client problem, is something that you've carefully hidden until now. This means with 99% probability that the client *is* receiving all 4 attributes, but is only using one of them. In that case, no amount of poking at the RADIUS server, or complaining to this list, will change anything. You've got to fix the client. I'm at a loss for what you think you're trying to do here. Do you really think it helps to solve your problem if you only post small, misleading bits of information, and then correct or update it in later messages? How the heck do you expect anyone to help you if you refuse to tell them what's going on? In short, you're wasting your time (and mine) by being difficult. Stop it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
filters being dropped while proxied
Hi I have fr 8.0 running on redhat 7.3. FR is working as proxy for some realms. At remote end, customers have setup ascend-data-filter to implement and when I use radtest to check from the proxy server, I see all four lines as Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip x.x.x.x/27 Ascend-Data-Filter = ip in forward tcp dstport = 25 Ascend-Data-Filter = ip in forward But when I use radtest from another mahcine pointing to proxy server ( which is proxying) , it does'nt return all the filters It just returns: X-Ascend-Data-Filter = ip input forward 0 and rest 3 lines are cut. Plus, this is happening on 75 % of the realms which we are proxying, not on all. We do get filters from few clients radius. If anyone can give me a tip, why its doing so and Do I need to make a change at my end. Thanks Shohab - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
Shohab Baig [EMAIL PROTECTED] wrote: I have fr 8.0 running on redhat 7.3. FR is working as proxy for some realms. At remote end, customers have setup ascend-data-filter to implement and when I use radtest to check from the proxy server, I see all four lines as Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip x.x.x.x/27 ... But when I use radtest from another mahcine pointing to proxy server ( which is proxying) , it does'nt return all the filters It just returns: X-Ascend-Data-Filter = ip input forward 0 and rest 3 lines are cut. Do: $ man 5 users and read the resulting documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
Thanks for replying I did and it tells me about sun/freebsd compatibility commands. ?? sorry I did not get your point. I did look into attr file and but could not find a clue why its doing for some cleints whish are on diff OS like windows,Sun etc. Please if you can give me a bit more guidance about it. Thanks Shohab - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 27, 2003 10:05 AM Subject: Re: filters being dropped while proxied Shohab Baig [EMAIL PROTECTED] wrote: I have fr 8.0 running on redhat 7.3. FR is working as proxy for some realms. At remote end, customers have setup ascend-data-filter to implement and when I use radtest to check from the proxy server, I see all four lines as Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip x.x.x.x/27 ... But when I use radtest from another mahcine pointing to proxy server ( which is proxying) , it does'nt return all the filters It just returns: X-Ascend-Data-Filter = ip input forward 0 and rest 3 lines are cut. Do: $ man 5 users and read the resulting documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
Shohab Baig [EMAIL PROTECTED] wrote: Thanks for replying I did and it tells me about sun/freebsd compatibility commands. ?? sigh Please learn how to use 'man' on your system. On Sun, do: $ man -s 5 users The short answer is that in section 5 of the 'man' pages, FreeRADIUS installs documentation describing the 'users' file. Or, go to the web page: http://www.freeradius.org/doc/ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
I do know about doing man and did as you told you. But I dont know why are we going to users file as I am not authenticating with users file. I am just proxying auth requests to several remote servers. For example, I have two relams test1.com and test2.com both remote servers are configured with these reply attributes Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip 22.1123.121/28 Ascend-Data-Filter = ip in forward tcp dstport = 25 Ascend-Data-Filter = ip in forward When one user connects from test1.com, that user does get the filters implemented. The other realm test2.com ( ussed debug mode to observer it) , users connects from this realm, it gives only this line when user gets authenticated X-Ascend-Data-Filter = ip input forward 0 so just wonderding that why its dropping first three lines of reply attributes for test2.com realm. Thanks for your help. Shohab - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 27, 2003 10:48 AM Subject: Re: filters being dropped while proxied Shohab Baig [EMAIL PROTECTED] wrote: Thanks for replying I did and it tells me about sun/freebsd compatibility commands. ?? sigh Please learn how to use 'man' on your system. On Sun, do: $ man -s 5 users The short answer is that in section 5 of the 'man' pages, FreeRADIUS installs documentation describing the 'users' file. Or, go to the web page: http://www.freeradius.org/doc/ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
Alan if you can please provide some guidance on it.. Thanks Shohab - Original Message - From: Shohab Baig [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 27, 2003 4:15 PM Subject: Re: filters being dropped while proxied I do know about doing man and did as you told you. But I dont know why are we going to users file as I am not authenticating with users file. I am just proxying auth requests to several remote servers. For example, I have two relams test1.com and test2.com both remote servers are configured with these reply attributes Ascend-Data-Filter = ip in forward tcp est Ascend-Data-Filter = ip in forward dstip 22.1123.121/28 Ascend-Data-Filter = ip in forward tcp dstport = 25 Ascend-Data-Filter = ip in forward When one user connects from test1.com, that user does get the filters implemented. The other realm test2.com ( ussed debug mode to observer it) , users connects from this realm, it gives only this line when user gets authenticated X-Ascend-Data-Filter = ip input forward 0 so just wonderding that why its dropping first three lines of reply attributes for test2.com realm. Thanks for your help. Shohab - Original Message - From: Alan DeKok [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 27, 2003 10:48 AM Subject: Re: filters being dropped while proxied Shohab Baig [EMAIL PROTECTED] wrote: Thanks for replying I did and it tells me about sun/freebsd compatibility commands. ?? sigh Please learn how to use 'man' on your system. On Sun, do: $ man -s 5 users The short answer is that in section 5 of the 'man' pages, FreeRADIUS installs documentation describing the 'users' file. Or, go to the web page: http://www.freeradius.org/doc/ Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
At 04:40 PM 1/27/2003 -0600, Shohab Baig wrote: Alan if you can please provide some guidance on it.. In the goal of killing this endless thread, look at documentation surrounding the use of 'Operators'. When you have read about 'Operators', the following will make sense: = != == != := != += Hope this helps, -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: filters being dropped while proxied
thats correct and I know theseops but the line I wrote for filters , those are on remote servers which are not Free radius. so that why they are using = Shohab - Original Message - From: Chris Parker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, January 27, 2003 4:52 PM Subject: Re: filters being dropped while proxied At 04:40 PM 1/27/2003 -0600, Shohab Baig wrote: Alan if you can please provide some guidance on it.. In the goal of killing this endless thread, look at documentation surrounding the use of 'Operators'. When you have read about 'Operators', the following will make sense: = != == != := != += Hope this helps, -Chris -- \\\|||/// \ StarNet Inc. \ Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html