Re: ascend-data-filter info not returned with radtest?
On Tue, 18 Jan 2005, Scott Baker wrote: I'm attempting to do a global dial-up solution and they're requiring me to use the ascend-data-filter to open up outbound port 25. Simple enough. I've configured my users file to include the attributes they provided and it seems to be accepting the data. However when I query the radius with radtest it returns odd results. In my users file I have four ADF lines, but only three are returned after the query. Also, some of the lines that are returned contain a trailing 0. I'm new to this abinary type so I'm not sure if this is expected behaviour or not. -- users -- bakers User-Password = passwd Fall-Through = Yes DEFAULT X-Ascend-Data-Filter += ip in forward tcp est, X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26, X-Ascend-Data-Filter += ip in drop tcp dstport=25, X-Ascend-Data-Filter += ip in forward, Simultaneous-Use = 1, Session-Timeout = 28800, Idle-Timeout = 3600, Framed-Compression = Van-Jacobson-TCP-IP, Service-Type = Framed-User, Framed-Protocol = PPP, Propel-Accelerate = 0, Framed-MTU = 576 -- radtest output -- [EMAIL PROTECTED] ~]# !radte radtest bakers scottb localhost 10 localhost Sending Access-Request of id 128 to 127.0.0.1:1812 User-Name = bakers User-Password = scottb NAS-IP-Address = snikt NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=128, length=170 X-Ascend-Data-Filter = ip in forward tcp est X-Ascend-Data-Filter = ip in forward dstip 65.182.224.0/26 0 X-Ascend-Data-Filter = ip in forward 0 Session-Timeout = 28800 Idle-Timeout = 3600 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Propel-Accelerate = 0 Framed-MTU = 576 Have you tried running freeradius in debug mode to see what the server is spitting out as well? Is it possible that a few of the attributes you are trying to send are not defined in the dictionary file and the radius server is ignoring those statements? -j - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ascend-data-filter info not returned with radtest?
It's only one attribute X-Ascend-Data-Filter and it's defined just fine. I turned on debugging mode and this is what I get. It doesn't really tell me what I didn't already know. There has to be some configuration error in my users file? I'm just not sure where to start looking. ** rad_recv: Access-Request packet from host 127.0.0.1:41445, id=13, length=58 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = bakers User-Password = scottb NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = bakers, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched bakers at 1 users: Matched DEFAULT at 4 modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 13 to 127.0.0.1:41445 X-Ascend-Data-Filter += ip in forward tcp est X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26 0 X-Ascend-Data-Filter += ip in forward 0 Session-Timeout = 28800 Idle-Timeout = 3600 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Propel-Accelerate = 0 Framed-MTU = 576 Finished request 0 Going to the next request Thread 1 waiting to be assigned a request James Feger wrote: On Tue, 18 Jan 2005, Scott Baker wrote: I'm attempting to do a global dial-up solution and they're requiring me to use the ascend-data-filter to open up outbound port 25. Simple enough. I've configured my users file to include the attributes they provided and it seems to be accepting the data. However when I query the radius with radtest it returns odd results. In my users file I have four ADF lines, but only three are returned after the query. Also, some of the lines that are returned contain a trailing 0. I'm new to this abinary type so I'm not sure if this is expected behaviour or not. -- users -- bakers User-Password = passwd Fall-Through = Yes DEFAULT X-Ascend-Data-Filter += ip in forward tcp est, X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26, X-Ascend-Data-Filter += ip in drop tcp dstport=25, X-Ascend-Data-Filter += ip in forward, Simultaneous-Use = 1, Session-Timeout = 28800, Idle-Timeout = 3600, Framed-Compression = Van-Jacobson-TCP-IP, Service-Type = Framed-User, Framed-Protocol = PPP, Propel-Accelerate = 0, Framed-MTU = 576 -- radtest output -- [EMAIL PROTECTED] ~]# !radte radtest bakers scottb localhost 10 localhost Sending Access-Request of id 128 to 127.0.0.1:1812 User-Name = bakers User-Password = scottb NAS-IP-Address = snikt NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=128, length=170 X-Ascend-Data-Filter = ip in forward tcp est X-Ascend-Data-Filter = ip in forward dstip 65.182.224.0/26 0 X-Ascend-Data-Filter = ip in forward 0 Session-Timeout = 28800 Idle-Timeout = 3600 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Propel-Accelerate = 0 Framed-MTU = 576 Have you tried running freeradius in debug mode to see what the server is spitting out as well? Is it possible that a few of the attributes you are trying to send are not defined in the dictionary file and the radius server is ignoring those statements? -j - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Scott Baker Canby Telephone - Network Administrator - RHCE Ph: 503.266.8253 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: ascend-data-filter info not returned with radtest?
You need a space in the destination port value line. i.e. X-Ascend-Data-Filter += ip in forward tcp est, X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26, X-Ascend-Data-Filter += ip in drop tcp dstport = 25, X-Ascend-Data-Filter += ip in forward, instead of... X-Ascend-Data-Filter += ip in forward tcp est, X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26, X-Ascend-Data-Filter += ip in drop tcp dstport=25, X-Ascend-Data-Filter += ip in forward, Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Baker Sent: Tuesday, January 18, 2005 4:21 PM To: freeradius-users@lists.freeradius.org Subject: Re: ascend-data-filter info not returned with radtest? It's only one attribute X-Ascend-Data-Filter and it's defined just fine. I turned on debugging mode and this is what I get. It doesn't really tell me what I didn't already know. There has to be some configuration error in my users file? I'm just not sure where to start looking. ** rad_recv: Access-Request packet from host 127.0.0.1:41445, id=13, length=58 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = bakers User-Password = scottb NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = bakers, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched bakers at 1 users: Matched DEFAULT at 4 modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 13 to 127.0.0.1:41445 X-Ascend-Data-Filter += ip in forward tcp est X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26 0 X-Ascend-Data-Filter += ip in forward 0 Session-Timeout = 28800 Idle-Timeout = 3600 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Propel-Accelerate = 0 Framed-MTU = 576 Finished request 0 Going to the next request Thread 1 waiting to be assigned a request James Feger wrote: On Tue, 18 Jan 2005, Scott Baker wrote: I'm attempting to do a global dial-up solution and they're requiring me to use the ascend-data-filter to open up outbound port 25. Simple enough. I've configured my users file to include the attributes they provided and it seems to be accepting the data. However when I query the radius with radtest it returns odd results. In my users file I have four ADF lines, but only three are returned after the query. Also, some of the lines that are returned contain a trailing 0. I'm new to this abinary type so I'm not sure if this is expected behaviour or not. -- users -- bakers User-Password = passwd Fall-Through = Yes DEFAULT X-Ascend-Data-Filter += ip in forward tcp est, X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26, X-Ascend-Data-Filter += ip in drop tcp dstport=25, X-Ascend-Data-Filter += ip in forward, Simultaneous-Use = 1, Session-Timeout = 28800, Idle-Timeout = 3600, Framed-Compression = Van-Jacobson-TCP-IP, Service-Type = Framed-User, Framed-Protocol = PPP, Propel-Accelerate = 0, Framed-MTU = 576 -- radtest output -- [EMAIL PROTECTED] ~]# !radte radtest bakers scottb localhost 10 localhost Sending Access-Request of id 128 to 127.0.0.1:1812 User-Name = bakers User-Password = scottb NAS-IP-Address = snikt NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=128, length=170 X-Ascend-Data-Filter = ip in forward tcp est X-Ascend-Data-Filter = ip in forward dstip 65.182.224.0/26 0 X-Ascend-Data-Filter = ip in forward 0 Session-Timeout = 28800 Idle-Timeout = 3600 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Propel-Accelerate = 0 Framed-MTU = 576 Have you tried running freeradius in debug mode to see what the server is spitting out
Re: ascend-data-filter info not returned with radtest?
Excellent! It's returning all the data I expected now! I'm still getting that trailling 0 on the ip in forward dstip and ip in forward. Is that normal? Some fluke in radtest? - [EMAIL PROTECTED] ~]$ radtest bakers scottb localhost 10 localhost Sending Access-Request of id 93 to 127.0.0.1:1812 User-Name = bakers User-Password = scottb NAS-IP-Address = snikt NAS-Port = 10 rad_recv: Access-Accept packet from host 127.0.0.1:1812, id=93, length=204 X-Ascend-Data-Filter = ip in forward tcp est X-Ascend-Data-Filter = ip in forward dstip 65.182.224.0/26 0 X-Ascend-Data-Filter = ip in drop tcp dstport = 25 X-Ascend-Data-Filter = ip in forward 0 Session-Timeout = 28800 Idle-Timeout = 3600 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Propel-Accelerate = 0 Framed-MTU = 576 Brian Fennimore wrote: You need a space in the destination port value line. i.e. X-Ascend-Data-Filter += ip in forward tcp est, X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26, X-Ascend-Data-Filter += ip in drop tcp dstport = 25, X-Ascend-Data-Filter += ip in forward, instead of... X-Ascend-Data-Filter += ip in forward tcp est, X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26, X-Ascend-Data-Filter += ip in drop tcp dstport=25, X-Ascend-Data-Filter += ip in forward, Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Scott Baker Sent: Tuesday, January 18, 2005 4:21 PM To: freeradius-users@lists.freeradius.org Subject: Re: ascend-data-filter info not returned with radtest? It's only one attribute X-Ascend-Data-Filter and it's defined just fine. I turned on debugging mode and this is what I get. It doesn't really tell me what I didn't already know. There has to be some configuration error in my users file? I'm just not sure where to start looking. ** rad_recv: Access-Request packet from host 127.0.0.1:41445, id=13, length=58 --- Walking the entire request list --- Waking up in 31 seconds... Threads: total/active/spare threads = 5/0/5 Thread 1 got semaphore Thread 1 handling request 0, (1 handled so far) User-Name = bakers User-Password = scottb NAS-IP-Address = 255.255.255.255 NAS-Port = 10 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = bakers, looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 users: Matched bakers at 1 users: Matched DEFAULT at 4 modcall[authorize]: module files returns ok for request 0 modcall: group authorize returns ok for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Sending Access-Accept of id 13 to 127.0.0.1:41445 X-Ascend-Data-Filter += ip in forward tcp est X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26 0 X-Ascend-Data-Filter += ip in forward 0 Session-Timeout = 28800 Idle-Timeout = 3600 Framed-Compression = Van-Jacobson-TCP-IP Service-Type = Framed-User Framed-Protocol = PPP Propel-Accelerate = 0 Framed-MTU = 576 Finished request 0 Going to the next request Thread 1 waiting to be assigned a request James Feger wrote: On Tue, 18 Jan 2005, Scott Baker wrote: I'm attempting to do a global dial-up solution and they're requiring me to use the ascend-data-filter to open up outbound port 25. Simple enough. I've configured my users file to include the attributes they provided and it seems to be accepting the data. However when I query the radius with radtest it returns odd results. In my users file I have four ADF lines, but only three are returned after the query. Also, some of the lines that are returned contain a trailing 0. I'm new to this abinary type so I'm not sure if this is expected behaviour or not. -- users -- bakers User-Password = passwd Fall-Through = Yes DEFAULT X-Ascend-Data-Filter += ip in forward tcp est, X-Ascend-Data-Filter += ip in forward dstip 65.182.224.0/26, X-Ascend-Data-Filter += ip in drop tcp dstport=25, X-Ascend-Data-Filter += ip in forward, Simultaneous-Use = 1, Session-Timeout = 28800, Idle-Timeout = 3600, Framed-Compression = Van-Jacobson-TCP-IP, Service-Type = Framed-User
Re: ascend-data-filter info not returned with radtest?
Scott Baker [EMAIL PROTECTED] wrote: Excellent! It's returning all the data I expected now! I'm still getting that trailling 0 on the ip in forward dstip and ip in forward. Is that normal? Some fluke in radtest? It's an artifact of printing. It doesn't affect anything. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ascend-data-filter info not returned with radtest?
Excellent. I think I'm good then! Thanks for all the help everyone. Alan DeKok wrote: Scott Baker [EMAIL PROTECTED] wrote: Excellent! It's returning all the data I expected now! I'm still getting that trailling 0 on the ip in forward dstip and ip in forward. Is that normal? Some fluke in radtest? It's an artifact of printing. It doesn't affect anything. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Scott Baker Canby Telephone - Network Administrator - RHCE Ph: 503.266.8253 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html