Hints File and Users file and I am lost
First let me say I have worked on this for a day, read pretty much all i can
find, docs etc, and am getting more confused as I go, so its time to step back
and ask for some help om what I am doing wrong.
I am trying to get a default profile to work
I can't put on in the users file cause the billling program auto creates a
file, and its the culprit
that won't input the ascend-data-filter in the correct format.
So I can't create a default profile in the users file
I use a users txt file for users to auth thats imported by our billing program
This works great, etc and users auth, etc aok all works and is in production
The issue came up when the ascend data filter would not work
well it turns out the billing program sends the info wrong it just
not chageable at the billing software
Ascend-Data-Filter = ip in forward tcp est, --- note no + as +=
And of course without the += when its sent out to the nas its only seeing the
1st line and doesn't read the rest
of the filters
The issue is its importing the ascend data filter attribute incorrectly and
theirs no way to change it
at the rodopi billing end
I won't get into details of that for its just not possible to get that to
happen
So I need to come up with a way add that info at the radius level
I have played with the hints file but i am not sure thats my answer, and for
some reason its not even appearing to see it ie the preprocess is uncommented
in radiusd.conf authorize section and in accounting section
Heres the example
Heres whats happening on a user with what i have been trying
First I have two realms
example
realm sakeoftest.net {
type = radius
authhost = LOCAL
accthost = LOCAL
nostrip
realm sakeoftest2.net {
type = radius
authhost = LOCAL
accthost = LOCAL
nostrip
---
Heres the hints file entry
DEFAULT Suffix == , Strip-User-Name = No
Hint = test,
Framed-Protocol = PPP,
Service-Type = Framed-User,
Session-Timeout = 14400,
Ascend-Data-Filter += ip in forward tcp est,
Ascend-Data-Filter += ip in forward dstip *.*.*.*/32,
Ascend-Data-Filter += ip in forward dstip *.*.*.*/32,
Ascend-Data-Filter += ip in forward dstip *.*.*.*/32,
Ascend-Data-Filter += ip in forward dstip *.*.*.*/32,
Ascend-Data-Filter += ip in drop tcp dstport = 25,
Ascend-Data-Filter += ip in forward,
Port-Limit = 1
---
Heres the entry for the users.txt file
joetest
Hint = test,
Fall-Through = no
Any ideas anyone Please!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
Jeff wrote: I am trying to get a default profile to work I can't put on in the users file cause the billling program auto creates a file, and its the culprit Then post-process the file to fix it. ... well it turns out the billing program sends the info wrong it just not chageable at the billing software Ascend-Data-Filter = ip in forward tcp est, --- note no + as += And of course without the += when its sent out to the nas its only seeing the 1st line and doesn't read the rest of the filters ... So I need to come up with a way add that info at the radius level You can't. You have to re-write the file. I have played with the hints file but i am not sure thats my answer, It's not. Heres the hints file entry The hints file re-writes the *request*. This is documented. The Ascend-Data-Filters go into the *reply*. Heres the entry for the users.txt file joetest Hint = test, Fall-Through = no That is *not* the correct format for a users file entry. See man users, and read the examples in the users file for how to use Hint correctly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
You (should) already have a DEFAULT entry (profile) in users file for
Service-Type Framed-User. Just add Ascend-Data-Filter, Port-Limit etc.
entries to it. That is if by default profile you mean one that
should apply to everyone. If not, you will need to create groups and
apply DEFAULT profile to them.
Ivan Kalik
Kalik Informatika ISP
Dana 28/6/2007, suganthi velusamy [EMAIL PROTECTED] piše:
Hi all
In the file radiusd.c, i am not able to understand the following...
what is fake request and what is duplicate requests??? when a request
is considered as duplicate???
/*
* fake requests MUST NEVER be in the request list.
*
* They're used internally in the server. Any reply
* is a reply to the local server, and any proxied packet
* gets sent outside of the tunnel.
*/
rad_assert((curreq-options RAD_REQUEST_OPTION_FAKE_REQUEST) == 0);
/*
* The current request isn't finished, which
* means that the NAS sent us a new packet, while
* we are still processing the old request.
*/
if (!curreq-finished) {
/*
* If the authentication vectors are identical,
* then the NAS is re-transmitting it, trying to
* kick us into responding to the request.
*/
if (memcmp(curreq-packet-vector, packet-vector,
sizeof(packet-vector)) == 0) {
RAD_SNMP_INC(rad_snmp.auth.total_dup_requests);
/* /*
* It's not finished because the request
* was proxied, but there was no reply
* from the home server.
*/
if (curreq-proxy !curreq-proxy_reply) {
/*
* We're taking care of sending
* duplicate proxied packets, so
* we ignore any duplicate
* requests from the NAS.
*
* FIXME: Make it ALWAYS synchronous!
*/
if (!mainconfig.proxy_synchronous) {
RAD_SNMP_TYPE_INC(listener,
total_packets_dropped);
DEBUG2(Ignoring duplicate packet
from client
%s:%d - ID: %d, due to
outstanding proxied request %d.,
client_name(packet-src_ipaddr),
packet-src_port, packet-id,
curreq-number);
Thanks
-
Once upon a time there was 1 GB storage on Yahoo! Mail. Click here for happy
ending!
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
could i do a attr_rewrite to fix the ascend being written long and place it in ost process section? _ From: Alan DeKok [mailto:[EMAIL PROTECTED] To: FreeRadius users mailing list [mailto:[EMAIL PROTECTED] Sent: Thu, 28 Jun 2007 03:03:30 -0400 Subject: Re: Hints File and Users file and I am lost Jeff wrote: I am trying to get a default profile to work I can't put on in the users file cause the billling program auto creates a file, and its the culprit Then post-process the file to fix it. ... well it turns out the billing program sends the info wrong it just not chageable at the billing software Ascend-Data-Filter = ip in forward tcp est, --- note no + as += And of course without the += when its sent out to the nas its only seeing the 1st line and doesn't read the rest of the filters ... So I need to come up with a way add that info at the radius level You can't. You have to re-write the file. I have played with the hints file but i am not sure thats my answer, It's not. Heres the hints file entry The hints file re-writes the *request*. This is documented. The Ascend-Data-Filters go into the *reply*. Heres the entry for the users.txt file joe test Hint = test, Fall-Through = no That is *not* the correct format for a users file entry. See man users, and read the examples in the users file for how to use Hint correctly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
Jeff wrote: could i do a attr_rewrite to fix the ascend being written long and place it in ost process section? No. Fix the files written by your billing software to be correct, OR create entries yourself that follow the documented format. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
gotcha thanks _ From: Alan DeKok [mailto:[EMAIL PROTECTED] To: FreeRadius users mailing list [mailto:[EMAIL PROTECTED] Sent: Thu, 28 Jun 2007 08:50:45 -0400 Subject: Re: Hints File and Users file and I am lost Jeff wrote: could i do a attr_rewrite to fix the ascend being written long and place it in ost process section? No. Fix the files written by your billing software to be correct, OR create entries yourself that follow the documented format. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
