Hints File and Users file and I am lost
First let me say I have worked on this for a day, read pretty much all i can find, docs etc, and am getting more confused as I go, so its time to step back and ask for some help om what I am doing wrong. I am trying to get a default profile to work I can't put on in the users file cause the billling program auto creates a file, and its the culprit that won't input the ascend-data-filter in the correct format. So I can't create a default profile in the users file I use a users txt file for users to auth thats imported by our billing program This works great, etc and users auth, etc aok all works and is in production The issue came up when the ascend data filter would not work well it turns out the billing program sends the info wrong it just not chageable at the billing software Ascend-Data-Filter = ip in forward tcp est, --- note no + as += And of course without the += when its sent out to the nas its only seeing the 1st line and doesn't read the rest of the filters The issue is its importing the ascend data filter attribute incorrectly and theirs no way to change it at the rodopi billing end I won't get into details of that for its just not possible to get that to happen So I need to come up with a way add that info at the radius level I have played with the hints file but i am not sure thats my answer, and for some reason its not even appearing to see it ie the preprocess is uncommented in radiusd.conf authorize section and in accounting section Heres the example Heres whats happening on a user with what i have been trying First I have two realms example realm sakeoftest.net { type = radius authhost = LOCAL accthost = LOCAL nostrip realm sakeoftest2.net { type = radius authhost = LOCAL accthost = LOCAL nostrip --- Heres the hints file entry DEFAULT Suffix == , Strip-User-Name = No Hint = test, Framed-Protocol = PPP, Service-Type = Framed-User, Session-Timeout = 14400, Ascend-Data-Filter += ip in forward tcp est, Ascend-Data-Filter += ip in forward dstip *.*.*.*/32, Ascend-Data-Filter += ip in forward dstip *.*.*.*/32, Ascend-Data-Filter += ip in forward dstip *.*.*.*/32, Ascend-Data-Filter += ip in forward dstip *.*.*.*/32, Ascend-Data-Filter += ip in drop tcp dstport = 25, Ascend-Data-Filter += ip in forward, Port-Limit = 1 --- Heres the entry for the users.txt file joetest Hint = test, Fall-Through = no Any ideas anyone Please! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
Jeff wrote: I am trying to get a default profile to work I can't put on in the users file cause the billling program auto creates a file, and its the culprit Then post-process the file to fix it. ... well it turns out the billing program sends the info wrong it just not chageable at the billing software Ascend-Data-Filter = ip in forward tcp est, --- note no + as += And of course without the += when its sent out to the nas its only seeing the 1st line and doesn't read the rest of the filters ... So I need to come up with a way add that info at the radius level You can't. You have to re-write the file. I have played with the hints file but i am not sure thats my answer, It's not. Heres the hints file entry The hints file re-writes the *request*. This is documented. The Ascend-Data-Filters go into the *reply*. Heres the entry for the users.txt file joetest Hint = test, Fall-Through = no That is *not* the correct format for a users file entry. See man users, and read the examples in the users file for how to use Hint correctly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
You (should) already have a DEFAULT entry (profile) in users file for Service-Type Framed-User. Just add Ascend-Data-Filter, Port-Limit etc. entries to it. That is if by default profile you mean one that should apply to everyone. If not, you will need to create groups and apply DEFAULT profile to them. Ivan Kalik Kalik Informatika ISP Dana 28/6/2007, suganthi velusamy [EMAIL PROTECTED] piše: Hi all In the file radiusd.c, i am not able to understand the following... what is fake request and what is duplicate requests??? when a request is considered as duplicate??? /* * fake requests MUST NEVER be in the request list. * * They're used internally in the server. Any reply * is a reply to the local server, and any proxied packet * gets sent outside of the tunnel. */ rad_assert((curreq-options RAD_REQUEST_OPTION_FAKE_REQUEST) == 0); /* * The current request isn't finished, which * means that the NAS sent us a new packet, while * we are still processing the old request. */ if (!curreq-finished) { /* * If the authentication vectors are identical, * then the NAS is re-transmitting it, trying to * kick us into responding to the request. */ if (memcmp(curreq-packet-vector, packet-vector, sizeof(packet-vector)) == 0) { RAD_SNMP_INC(rad_snmp.auth.total_dup_requests); /* /* * It's not finished because the request * was proxied, but there was no reply * from the home server. */ if (curreq-proxy !curreq-proxy_reply) { /* * We're taking care of sending * duplicate proxied packets, so * we ignore any duplicate * requests from the NAS. * * FIXME: Make it ALWAYS synchronous! */ if (!mainconfig.proxy_synchronous) { RAD_SNMP_TYPE_INC(listener, total_packets_dropped); DEBUG2(Ignoring duplicate packet from client %s:%d - ID: %d, due to outstanding proxied request %d., client_name(packet-src_ipaddr), packet-src_port, packet-id, curreq-number); Thanks - Once upon a time there was 1 GB storage on Yahoo! Mail. Click here for happy ending! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
could i do a attr_rewrite to fix the ascend being written long and place it in ost process section? _ From: Alan DeKok [mailto:[EMAIL PROTECTED] To: FreeRadius users mailing list [mailto:[EMAIL PROTECTED] Sent: Thu, 28 Jun 2007 03:03:30 -0400 Subject: Re: Hints File and Users file and I am lost Jeff wrote: I am trying to get a default profile to work I can't put on in the users file cause the billling program auto creates a file, and its the culprit Then post-process the file to fix it. ... well it turns out the billing program sends the info wrong it just not chageable at the billing software Ascend-Data-Filter = ip in forward tcp est, --- note no + as += And of course without the += when its sent out to the nas its only seeing the 1st line and doesn't read the rest of the filters ... So I need to come up with a way add that info at the radius level You can't. You have to re-write the file. I have played with the hints file but i am not sure thats my answer, It's not. Heres the hints file entry The hints file re-writes the *request*. This is documented. The Ascend-Data-Filters go into the *reply*. Heres the entry for the users.txt file joe test Hint = test, Fall-Through = no That is *not* the correct format for a users file entry. See man users, and read the examples in the users file for how to use Hint correctly. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
Jeff wrote: could i do a attr_rewrite to fix the ascend being written long and place it in ost process section? No. Fix the files written by your billing software to be correct, OR create entries yourself that follow the documented format. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Hints File and Users file and I am lost
gotcha thanks _ From: Alan DeKok [mailto:[EMAIL PROTECTED] To: FreeRadius users mailing list [mailto:[EMAIL PROTECTED] Sent: Thu, 28 Jun 2007 08:50:45 -0400 Subject: Re: Hints File and Users file and I am lost Jeff wrote: could i do a attr_rewrite to fix the ascend being written long and place it in ost process section? No. Fix the files written by your billing software to be correct, OR create entries yourself that follow the documented format. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html