Re: multiply Cisco-AVPair request attribute process by regular expression
Dear A.L.M.Buxey
you still havent said what you actually want as values. you just say it
doesnt work. you also ignore my
request for debug output to see what/where.
I need "*Azadegan-1 atm 2/16:251:0.35*" from this attribute
:Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
server is running in high load and i do not access to other cisco 1
router to test it for debug mod. for running in debug mod i change this
parameter in site enable but i can not get full debug message in log file :
in authorize section :
auth_log
in accounting section :
detail
sql_log
in post-auth section :
sql_log
reply_log
and then you query/question the other answer provided to you regardoing
multiple
attributes. just do what he said (your first one works because ONE
attribute will
be the parent 'Cisco-AVpair').
i test it , but if i use Cisco-AVPair[0] and Cisco-AVPair[1] first one
and second one is not working.
Do i need to to move them in some variable then use regular exertion
?(soothing like this) :
value0 := %{Cisco-AVPair[0]}
value1 := %{Cisco-AVPair[1]}
if (value0 =~ /^client-mac-address=([a-f0-9]
[a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
{
if (!Calling-Station-Id) {
update request {
Calling-Station-Id :=
"%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
Called-Station-Id := "%{NAS-Identifier}"
}
}
}
if (value1 =~ /^circuit-id-tag=(.*)$/) {
update request {
NAS-Port-Id := "%{1}"
}
}
thanks and best regards.
On Mon, Apr 29, 2013 at 2:21 AM, wrote:
> Hi,
>
> >i have 2 Cisco-AVPair in request attribute :
> >
> >Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
> >
> >and
> >
> >Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
>
> you still havent said what you actually want as values. you just say it
> doesnt work. you also ignore my
> request for debug output to see what/where.
>
>
> and then you query/question the other answer provided to you regardoing
> multiple
> attributes. just do what he said (your first one works because ONE
> attribute will
> be the parent 'Cisco-AVpair').
>
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: question about freeradius
El abr 28, 2013 10:13 p.m., "Tim Reichhart" escribió: > > Hey Guys > > I am just wondering if I can use freeradius for hotspot and dial up accounts on same box or does it have to be separate box for hotspot and dial up accounts? > > > > Tim > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html In same box, with virtual seves. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: How to fix the proxy source port
Okis Chuang wrote: > Can I FIX the source port rather than random src port when proxy request > to other RADIUS server? > > I know it is able to fix src IP address in proxy.conf, but seems no > config about fixed src port. > > What if I set " src_ipaddr = 127.0.0.1:3100 " in proxy.conf, could this > work? >>No. >>Read proxy.conf. Look for "src_ipaddr". This is documented. >>Alan DeKok. Yeah.Actually I almost k knew it that I cannot achieve this hope while seeing the document. But.I just want to know is there any other way to get this done? I know this demand is not too much common. But it's really a real demand in our case. Any idea? Okis List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Quoted from: http://freeradius.1045715.n5.nabble.com/How-to-fix-the-proxy-source-port-tp5 719758p5719762.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: wireshart shows wrong information
On Mon, Apr 29, 2013 at 12:14 AM, Alan DeKok wrote: > Juan Pablo L. wrote: >> Alan, can you please extend a little bot more ... what do you mean that >> you see the correct value i see value "f3 08 48 12" when i m >> actually expecting "0001" . i really dont see where it is >> actually correct. ... thanks!!! > > In the debug log *I* see, it has the correct value. > > In the pcap file *I* see, it has the correct value. > > You're still not being specific. You see a bad value. OK... where? > In what file? In what packet of what file? Which version of FreeRADIUS > are you using? > > You keep waving your hands and saying "something is wrong". I keep > asking you for details, and you keep saying "something is wrong". You > don't understand that those details are *important*. You seem to > believe that if you repeat yourself long enough, I'll understand. > > Well, I won't. I'm asking for those details because I need those > details. When you refuse (repeatedly) to provide those details, it > makes me likely to start ignoring your messages. > > If you can't be bothered to describe what's happening, I can't be > bothered to help you. I assume that the OP has updated the radius dictionary file in Wireshark if any changes were made to the FreeRadius dictionary? It's under the "radius" directory under the main install of Wireshark that needs to have the exact same changes you made (if you made any changes to your FreeRadius dictionary files) to be made in Wireshark. Plus it may depend on the version of Wireshark you're running, if it's old it is sure to be out of date. That would determine if Wireshark correctly decodes the values or not. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
question about freeradius
Hey Guys I am just wondering if I can use freeradius for hotspot and dial up accounts on same box or does it have to be separate box for hotspot and dial up accounts? Tim - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Hi, >i have 2 Cisco-AVPair in request attribute : > >Cisco-AVPair = "client-mac-address=90f6.52d2.384f" > >and > >Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35" you still havent said what you actually want as values. you just say it doesnt work. you also ignore my request for debug output to see what/where. and then you query/question the other answer provided to you regardoing multiple attributes. just do what he said (your first one works because ONE attribute will be the parent 'Cisco-AVpair'). alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Dear Olivier
I am try to test it but why first one is working ?!!! do you check my
regular expression in second one ? i do it correctly ?
and is version 3 stable enough to use ? (your opinion )
Best regards.
On Mon, Apr 29, 2013 at 1:48 AM, Olivier Beytrison wrote:
>
>
> On 28 avr. 2013, at 22:58, Mehdi Ravanbakhsh wrote:
>
> Dear
> A.L.M.Buxey
>
> i have 2 Cisco-AVPair in request attribute :
>
> Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
>
> and
>
> Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
>
>
> You have multiple time the same attribute. Use Cisco-AVPair[X] to access a
> specific instance of them. If you're running version 3 you can use a
> foreach loop
>
>
> for first one i use :
>
>
> if (Cisco-AVpair =~ /^client-mac-address=([a-f0-9]
> [a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
> {
> if (!Calling-Station-Id) {
> update request {
> Calling-Station-Id :=
> "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
> Called-Station-Id :=
> "%{NAS-Identifier}"
> }
>
> }
>}
>
> and it is work
>
>
> for second one i use :
>
> if (Cisco-AVPair =~ /^circuit-id-tag=(.*)$/) {
>
> update request {
> NAS-Port-Id := "%{1}"
> }
> }
>
> But it is not work !
>
> that is the problem.
>
> this is the attribute that come from NAS :
>
> Acct-Session-Id = "04423124"
> Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
> Framed-Protocol = PPP
> Framed-IP-Address = 172.20.10.238
> User-Name = "7734247799"
> Cisco-AVPair = "connect-progress=LAN Ses Up"
> Acct-Authentic = RADIUS
> Acct-Status-Type = Start
> NAS-Port-Type = Ethernet
> NAS-Port = 71446820
> NAS-Port-Id = "0/0/0/0"
> Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
> Service-Type = Framed-User
> NAS-IP-Address = 10.150.21.218
> X-Ascend-Session-Svr-Key = "A4477F54"
> Acct-Delay-Time = 29
> Calling-Station-Id = ""
> Called-Station-Id = ""
> Acct-Unique-Session-Id = "8cd7eadca98e09bf"
> Timestamp = 1367151426
>
>
> Best regards
>
>
> On Mon, Apr 29, 2013 at 1:10 AM, wrote:
>
>> Hi,
>>
>> >but it is not working !
>>
>> what do you mean? what do you want to do (ie what do you want to have/get
>> and what do you actually get?) - what does the server say/do (ie. run in
>> full
>> debug mode to see what its saying/doing to your logic.
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
On 28 avr. 2013, at 22:58, Mehdi Ravanbakhsh wrote:
> Dear
> A.L.M.Buxey
>
> i have 2 Cisco-AVPair in request attribute :
>
> Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
>
> and
>
> Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
You have multiple time the same attribute. Use Cisco-AVPair[X] to access a
specific instance of them. If you're running version 3 you can use a foreach
loop
>
> for first one i use :
>
>
> if (Cisco-AVpair =~ /^client-mac-address=([a-f0-9]
> [a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
> {
> if (!Calling-Station-Id) {
> update request {
> Calling-Station-Id :=
> "%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
> Called-Station-Id := "%{NAS-Identifier}"
> }
>
> }
>}
>
> and it is work
>
>
> for second one i use :
>
> if (Cisco-AVPair =~ /^circuit-id-tag=(.*)$/) {
>
> update request {
> NAS-Port-Id := "%{1}"
> }
> }
>
> But it is not work !
>
> that is the problem.
>
> this is the attribute that come from NAS :
>
> Acct-Session-Id = "04423124"
> Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
> Framed-Protocol = PPP
> Framed-IP-Address = 172.20.10.238
> User-Name = "7734247799"
> Cisco-AVPair = "connect-progress=LAN Ses Up"
> Acct-Authentic = RADIUS
> Acct-Status-Type = Start
> NAS-Port-Type = Ethernet
> NAS-Port = 71446820
> NAS-Port-Id = "0/0/0/0"
> Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
> Service-Type = Framed-User
> NAS-IP-Address = 10.150.21.218
> X-Ascend-Session-Svr-Key = "A4477F54"
> Acct-Delay-Time = 29
> Calling-Station-Id = ""
> Called-Station-Id = ""
> Acct-Unique-Session-Id = "8cd7eadca98e09bf"
> Timestamp = 1367151426
>
>
> Best regards
>
>
> On Mon, Apr 29, 2013 at 1:10 AM, wrote:
>> Hi,
>>
>> >but it is not working !
>>
>> what do you mean? what do you want to do (ie what do you want to have/get
>> and what do you actually get?) - what does the server say/do (ie. run in full
>> debug mode to see what its saying/doing to your logic.
>>
>> alan
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Dear
A.L.M.Buxey
i have 2 Cisco-AVPair in request attribute :
Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
and
Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
for first one i use :
if (Cisco-AVpair =~ /^client-mac-address=([a-f0-9]
[a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
{
if (!Calling-Station-Id) {
update request {
Calling-Station-Id :=
"%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
Called-Station-Id := "%{NAS-Identifier}"
}
}
}
and it is work
for second one i use :
if (Cisco-AVPair =~ /^circuit-id-tag=(.*)$/) {
update request {
NAS-Port-Id := "%{1}"
}
}
But it is not work !
that is the problem.
this is the attribute that come from NAS :
Acct-Session-Id = "04423124"
Cisco-AVPair = "client-mac-address=90f6.52d2.384f"
Framed-Protocol = PPP
Framed-IP-Address = 172.20.10.238
User-Name = "7734247799"
Cisco-AVPair = "connect-progress=LAN Ses Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Ethernet
NAS-Port = 71446820
NAS-Port-Id = "0/0/0/0"
Cisco-AVPair = "circuit-id-tag=Azadegan-1 atm 2/16:251:0.35"
Service-Type = Framed-User
NAS-IP-Address = 10.150.21.218
X-Ascend-Session-Svr-Key = "A4477F54"
Acct-Delay-Time = 29
Calling-Station-Id = ""
Called-Station-Id = ""
Acct-Unique-Session-Id = "8cd7eadca98e09bf"
Timestamp = 1367151426
Best regards
On Mon, Apr 29, 2013 at 1:10 AM, wrote:
> Hi,
>
> >but it is not working !
>
> what do you mean? what do you want to do (ie what do you want to have/get
> and what do you actually get?) - what does the server say/do (ie. run in
> full
> debug mode to see what its saying/doing to your logic.
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: multiply Cisco-AVPair request attribute process by regular expression
Hi, >but it is not working ! what do you mean? what do you want to do (ie what do you want to have/get and what do you actually get?) - what does the server say/do (ie. run in full debug mode to see what its saying/doing to your logic. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
multiply Cisco-AVPair request attribute process by regular expression
Hi All
I have one Cisco 1 NAS inmy network and this is the authenticate
request :
Packet-Type = Access-Request
Cisco-AVPair = "client-mac-address=f43e.6166.dba0"
Framed-Protocol = PPP
User-Name = "7727221873"
NAS-Port-Type = Ethernet
NAS-Port = 71468299
NAS-Port-Id = "0/0/0/0"
Cisco-AVPair = "circuit-id-tag=Kangan-1 atm 7/42:218:0.35"
Service-Type = Framed-User
NAS-IP-Address = 10.150.21.218
Acct-Session-Id = "0442850B"
Calling-Station-Id = "f4:3e:61:66:db:a0"
Called-Station-Id = ""
SQL-User-Name = "7727221873"
i have tow Cisco-AVPair attribute in request and i need to process one of
them that being started by 'circuit-id-tag=' so i use this :
if (Cisco-AVpair =~ /^circuit-id-tag=(.*)$/) {
update request {
Connect-Info := "%{1}"
}
}
but it is not working !
in similar case that i use regular expression for updating request it
work well for example :
if (Cisco-AVpair =~
/^client-mac-address=([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9]).([a-f0-9][a-f0-9])([a-f0-9][a-f0-9])$/)
{
if (!Calling-Station-Id) {
update request {
Calling-Station-Id :=
"%{1}:%{2}:%{3}:%{4}:%{5}:%{6}"
Called-Station-Id := "%{NAS-Identifier}"
}
}
}
in last i think in this case because of multiply Cisco-AVPair attribute
in request regular expression should be different but i can not find
any source that can enplane this problem .
Best regards.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: wireshart shows wrong information
Juan Pablo L. wrote: > Alan, can you please extend a little bot more ... what do you mean that > you see the correct value i see value "f3 08 48 12" when i m > actually expecting "0001" . i really dont see where it is > actually correct. ... thanks!!! In the debug log *I* see, it has the correct value. In the pcap file *I* see, it has the correct value. You're still not being specific. You see a bad value. OK... where? In what file? In what packet of what file? Which version of FreeRADIUS are you using? You keep waving your hands and saying "something is wrong". I keep asking you for details, and you keep saying "something is wrong". You don't understand that those details are *important*. You seem to believe that if you repeat yourself long enough, I'll understand. Well, I won't. I'm asking for those details because I need those details. When you refuse (repeatedly) to provide those details, it makes me likely to start ignoring your messages. If you can't be bothered to describe what's happening, I can't be bothered to help you. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
