CISCO ASA VPN3000 dictionary
Were trying to put together a dictionary for the Cisco ASA VPN3000 box. They have a list of attributes here: http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ref_extserver.html#wp1802187 In that list they have type 'boolean', but RADIUS can't encode attributes smaller than a byte. For boolean does anyone know if they really mean a standard 32bit integer with the values 0/1, or if they're wanting a single byte with the values 0/1, or whether it's some other cisco craziness? -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: CISCO ASA VPN3000 dictionary
Hi Arran. The cisco asa v9.0 and vpn 3000 aren't the same appliance ( different S.O., functions, etc..) The correct guide with attributes: http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/A_RADAtr.html#wp148379 Bye -Mensaje original- De: Arran Cudbard-Bell a.cudba...@freeradius.org Enviado:Mier 28-08-2013 16:15 Asunto: CISCO ASA VPN3000 dictionary Para: FreeRadius users mailing list freeradius-users@lists.freeradius.org; Were trying to put together a dictionary for the Cisco ASA VPN3000 box. They have a list of attributes here: http://www.cisco.com/en/US/docs/security/asa/asa90/configuration/guide/ref_extse rver.html#wp1802187 In that list they have type 'boolean', but RADIUS can't encode attributes smaller than a byte. For boolean does anyone know if they really mean a standard 32bit integer with the values 0/1, or if they're wanting a single byte with the values 0/1, or whether it's some other cisco craziness? -Arran Arran Cudbard-Bell a.cudba...@freeradius.org FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CISCO ASA VPN3000 dictionary
Arran Cudbard-Bell wrote: In that list they have type 'boolean', but RADIUS can't encode attributes smaller than a byte. For boolean does anyone know if they really mean a standard 32bit integer with the values 0/1, or if they're wanting a single byte with the values 0/1, or whether it's some other cisco craziness? My guess is that it's a single byte. In v2.2.x, that's byte type. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: CISCO ASA VPN3000 dictionary
On 28.08.2013 17:48, Alan DeKok wrote: Arran Cudbard-Bell wrote: In that list they have type 'boolean', but RADIUS can't encode attributes smaller than a byte. For boolean does anyone know if they really mean a standard 32bit integer with the values 0/1, or if they're wanting a single byte with the values 0/1, or whether it's some other cisco craziness? My guess is that it's a single byte. In v2.2.x, that's byte type. Well not all attributes changed between the VPN3000 and the ASA. Those indicated as boolean in the ASA documentation were in fact integers in the VPN3000. With Arran we suppose they made a lazy copy-past from the LDAP part of the document. Olivier -- Olivier Beytrison Network Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html