Re: Question on attributes
On 17/01/13 11:29, Tiago wrote: Hello everyone, I'm struggling with something that should be simple to fix. I have a rp-pppoe NAS server here that correctly understand a few attributes (radreply) that come from freeradius 1.x (w/mysql database). Example: Download (for download rates) attribute Simple real example, from pppoe server: # cat /var/run/radattr.ppp479 Framed-Compression Van-Jacobson-TCP-IP Framed-Protocol PPP Framed-MTU 1500 Download 12000 Upload 3072 Download and Upload aren't standard attributes. Where are these defined in dictionary files? Sending Access-Accept of id 192 to NASPPPOE01 port 48956 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Cliente = \000\000\000\000\000\000\000\000\000\000\000\000\000\000\000 Framed-MTU = 1500 WISPr-Bandwidth-Max-Down = 256000 WISPr-Bandwidth-Max-Up = 256000 Finished request 0. Going to the next request What I'm missing? it seems like the attributes are not being sent to NAS, but I could be wrong Correct. Check the attributes are actually defined in a dictionary on the 2.x installation; check raddb/dictionary on the 1.x installation, see if they were defined as custom VSAs or similar. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on attributes
Hello Phil, Thanks for your answer. I have these: ATTRIBUTE Download78 integer ATTRIBUTE Upload 79 integer On /etc/freeradius/dictionary file that is being included as debug showed. including dictionary file /etc/freeradius/dictionary on freeradius v2. Maybe I need to create a separate dictionary file and have a include on this file? What I'm doing wrong? 2013/1/17 Phil Mayers p.may...@imperial.ac.uk: On 17/01/13 11:29, Tiago wrote: Hello everyone, I'm struggling with something that should be simple to fix. I have a rp-pppoe NAS server here that correctly understand a few attributes (radreply) that come from freeradius 1.x (w/mysql database). Example: Download (for download rates) attribute Simple real example, from pppoe server: # cat /var/run/radattr.ppp479 Framed-Compression Van-Jacobson-TCP-IP Framed-Protocol PPP Framed-MTU 1500 Download 12000 Upload 3072 Download and Upload aren't standard attributes. Where are these defined in dictionary files? Sending Access-Accept of id 192 to NASPPPOE01 port 48956 Framed-Protocol = PPP Framed-Compression = Van-Jacobson-TCP-IP Cliente = \000\000\000\000\000\000\000\000\000\000\000\000\000\000\000 Framed-MTU = 1500 WISPr-Bandwidth-Max-Down = 256000 WISPr-Bandwidth-Max-Up = 256000 Finished request 0. Going to the next request What I'm missing? it seems like the attributes are not being sent to NAS, but I could be wrong Correct. Check the attributes are actually defined in a dictionary on the 2.x installation; check raddb/dictionary on the 1.x installation, see if they were defined as custom VSAs or similar. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on attributes
Tiago wrote: I have these: ATTRIBUTE Download78 integer ATTRIBUTE Upload 79 integer On /etc/freeradius/dictionary file that is being included as debug showed. They are wrong. Delete them. including dictionary file /etc/freeradius/dictionary on freeradius v2. Maybe I need to create a separate dictionary file and have a include on this file? What I'm doing wrong? The documentation describes how the dictionaries work. If you're editing the dictionary file, then READ IT. It contains DOCUMENTATION describing how to add new attributes. I honestly don't know why I write *any* documentation. It seems that the bulk of problems on this list are people who fanatically avoid all existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on attributes
Alan, Sorry, I did that. But I think I didn't understod it correctly, maybe due english not being my first lang. From man I have: The names have no meaning outside of the RADIUS server itself, and are never exchanged between server and clients. That is, editing the dictionaries will have NO EFFECT on anything other than the server that is reading those files. Adding new attributes to the dictioĆ¢ naries will have NO EFFECT on RADIUS clients, and will not make RADIUS clients magically understand those attributes. The dictionaries are solely for local administrator convenience, and are specific to each version of FreeRADIUS. May I ask you a bit of patience helping me on this? So, can I conclude that adding attributes to dictionary file will not make freeradius to send those to NAS? But are they necessary to create sql pairs and so got from sql radreply? Yet, On the dictionary file I have: # If you want to add entries to the dictionary file, # which are NOT going to be placed in a RADIUS packet, # add them here. The numbers you pick should be between # 3000 and 4000. So I didnt understand that, so entries with 3000-4000 numbers aren't placed on radius packet, can I conclude that the others are? but on the man it says that attributes are never exchanged. So I'm a bit confused here. What I need to do to radius server send the attributes that are collected from my mysql database (radreply attrib)? Thanks again. 2013/1/17 Alan DeKok al...@deployingradius.com: Tiago wrote: I have these: ATTRIBUTE Download78 integer ATTRIBUTE Upload 79 integer On /etc/freeradius/dictionary file that is being included as debug showed. They are wrong. Delete them. including dictionary file /etc/freeradius/dictionary on freeradius v2. Maybe I need to create a separate dictionary file and have a include on this file? What I'm doing wrong? The documentation describes how the dictionaries work. If you're editing the dictionary file, then READ IT. It contains DOCUMENTATION describing how to add new attributes. I honestly don't know why I write *any* documentation. It seems that the bulk of problems on this list are people who fanatically avoid all existing documentation. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on attributes
Tiago wrote: From man I have: Please don't quote the documentation here. I've read it. May I ask you a bit of patience helping me on this? So, can I conclude that adding attributes to dictionary file will not make freeradius to send those to NAS? That is what the documentation says. But are they necessary to create sql pairs and so got from sql radreply? I'm not sure what you mean by that. So I didnt understand that, so entries with 3000-4000 numbers aren't placed on radius packet, can I conclude that the others are? No. but on the man it says that attributes are never exchanged. So I'm a bit confused here. It says the NAMES are never exchanged. NAMES. Not ATTRIBUTES. What I need to do to radius server send the attributes that are collected from my mysql database (radreply attrib)? Use attributes that are *supposed* to go into a RADIUS packet. It has nothing to do with MySQL. The attributes can come from anywhere. You can't simply invent attribute numbers. They are assigned via a controlled process. The numbers you used 78 and 79 are *already* assigned to different attributes. You need to read the documentation for the PPOE server to see which attributes it understands. There's also a dictionary.roaringpenguin file distributed with FreeRADIUS. It defines attributes for the RP PPPoE server, for upload and download rate limiting. Use that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on attributes
Alan, 2013/1/17 Alan DeKok al...@deployingradius.com: Tiago wrote: From man I have: Please don't quote the documentation here. I've read it. May I ask you a bit of patience helping me on this? So, can I conclude that adding attributes to dictionary file will not make freeradius to send those to NAS? That is what the documentation says. But are they necessary to create sql pairs and so got from sql radreply? I'm not sure what you mean by that. So I didnt understand that, so entries with 3000-4000 numbers aren't placed on radius packet, can I conclude that the others are? No. but on the man it says that attributes are never exchanged. So I'm a bit confused here. It says the NAMES are never exchanged. NAMES. Not ATTRIBUTES. What I need to do to radius server send the attributes that are collected from my mysql database (radreply attrib)? Use attributes that are *supposed* to go into a RADIUS packet. It has nothing to do with MySQL. The attributes can come from anywhere. You can't simply invent attribute numbers. They are assigned via a controlled process. The numbers you used 78 and 79 are *already* assigned to different attributes. You need to read the documentation for the PPOE server to see which attributes it understands. There's also a dictionary.roaringpenguin file distributed with FreeRADIUS. It defines attributes for the RP PPPoE server, for upload and download rate limiting. Use that. Thanks, can I add an attribute to dictionary.roaringpenguin besides the ones listed there? I'm asking that to avoid broking my production environment. I saw there this (dictionary.roaringpenguin): # Downstream speed limit in kb/s ATTRIBUTE RP-Downstream-Speed-Limit 2 integer Can I add at the end? ATTRIBUTE Download 6 integer Do I need to make any attribute number change on my pppoe/nas server to understand the new defined here? I'm asking that because the old freeradius/pppoe are working using those attributes numbers, which is already defined by another attributes as you stated. Thanks Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on attributes
On 17/01/13 12:42, Tiago wrote: Hello Phil, Thanks for your answer. I have these: ATTRIBUTE Download78 integer ATTRIBUTE Upload 79 integer On /etc/freeradius/dictionary file that is being included as debug showed. including dictionary file /etc/freeradius/dictionary on freeradius v2. Maybe I need to create a separate dictionary file and have a include on this file? What I'm doing wrong? These attributes are already allocated; you've stolen them from the main attribute space, and are probably having problems with dictionary precedence - IIRC there were changes in this area in FR2. The correct thing to do is either use a valid, allocated attribute, or assign your own from a valid, allocated enterprise number that you own. What is processing these attributes? Since you are using rp-pppoe, I suspect you are using an ip-up script and processing them in shell script? In that case, find an allocated attribute with similar purpose, and use that. Use grep to search the dictionaries. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on attributes
Tiago wrote: Alan, Please also learn to edit the messages to this list. There is NO need to quote the entire message again. Thanks, can I add an attribute to dictionary.roaringpenguin besides the ones listed there? I'm asking that to avoid broking my production environment. Are you in charge of roaring penguin? I saw there this (dictionary.roaringpenguin): # Downstream speed limit in kb/s ATTRIBUTE RP-Downstream-Speed-Limit 2 integer Can I add at the end? ATTRIBUTE Download 6 integer Why? And where did you get the number 6 from? Did you just invent it? In case it was not clear before: DO NOT EDIT THE DICTIONARIES. DO NOT INVENT NUMBERS. YOU DO NOT CONTROL VENDOR DICTIONARIES. DO NOT EDIT THEM. Is that clearer? Do I need to make any attribute number change on my pppoe/nas server to understand the new defined here? You have absolutely no idea how RADIUS works. As a result, you have NO BUSINESS editing the dictionaries. I'm asking that because the old freeradius/pppoe are working using those attributes numbers, which is already defined by another attributes as you stated. How about reading the roaring penguin documentation to see which attributes it needs? You are obsessed with editing the dictionaries. DON'T DO THAT. Instead, read the documentation. It's not hard. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Question on attributes
2013/1/17 Phil Mayers p.may...@imperial.ac.uk: On 17/01/13 12:42, Tiago wrote: Hello Phil, Thanks for your answer. I have these: ATTRIBUTE Download78 integer ATTRIBUTE Upload 79 integer On /etc/freeradius/dictionary file that is being included as debug showed. including dictionary file /etc/freeradius/dictionary on freeradius v2. Maybe I need to create a separate dictionary file and have a include on this file? What I'm doing wrong? These attributes are already allocated; you've stolen them from the main attribute space, and are probably having problems with dictionary precedence - IIRC there were changes in this area in FR2. Thanks for clarification. The correct thing to do is either use a valid, allocated attribute, or assign your own from a valid, allocated enterprise number that you own. Any suggestion/tip on how can I migrate from v1 to v2 considering that I have few invalid attributes on production today (Download/Upload for example) that it was implemented using the numbers I already mentioned here, so I don't need to mess with 11,000 of customers radreply attributes (that are configured with Download/Upload values) without naming-change? Maybe it will not be there best thing to do, but as a next step. What is processing these attributes? Since you are using rp-pppoe, I suspect you are using an ip-up script and processing them in shell script? In that case, find an allocated attribute with similar purpose, and use that. Use grep to search the dictionaries. Yes, that's correct, its being processed on ip-up. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
