Re: using user-defined attributes and radreply
You were spot on. This was exactly the problem. I needed to create my own VENDOR and attribute set below 256. Thanks, Arun. - Original Message - From: <[EMAIL PROTECTED]> To: Sent: Friday, April 29, 2005 6:55 PM Subject: Re: using user-defined attributes and radreply Hi, ATTRIBUTE myattrib 340 string ATTRIBUTE myattrib2 341 integer VALUE myattrib2 value0 0 VALUE myattrib2 value1 1 VALUE myattrib2 value2 2 Now im not entirely sure whether this is right. Using the limited documentation, it appears that values 340 & 341 are currently unused and seem to correct ones to use for the required reply (I have also tried other unused values in other free ranges, e.g. 2000 &2001). IIRC, RADIUS defines attributes to be just one byte, i.e. the value must be less than 256. Everything with a larger value is either for server's internal use only (and since it just can't be transmitted according to protocol specs, that's a nice trick to mark those) or maybe a somewhat "strange" representation for a vendor specific attribute (those are the way to get around that limitation of 256 attributes). I'd recommend to read a bit about "vendor specific attributes", and use those for your own attributes. Essentially, just additionally define a new "Vendor ID" and then define attributes for that new "vendor", using 1,2,... instead of 340,341, ... HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: using user-defined attributes and radreply
Hi, > ATTRIBUTE myattrib 340 string > > ATTRIBUTE myattrib2 341 integer > > VALUE myattrib2 value0 0 > > VALUE myattrib2 value1 1 > > VALUE myattrib2 value2 2 > > > > Now im not entirely sure whether this is right. Using the limited > documentation, it appears that values 340 & 341 are currently unused and seem > to correct ones to use for the required reply (I have also tried other unused > values in other free ranges, e.g. 2000 &2001). IIRC, RADIUS defines attributes to be just one byte, i.e. the value must be less than 256. Everything with a larger value is either for server's internal use only (and since it just can't be transmitted according to protocol specs, that's a nice trick to mark those) or maybe a somewhat "strange" representation for a vendor specific attribute (those are the way to get around that limitation of 256 attributes). I'd recommend to read a bit about "vendor specific attributes", and use those for your own attributes. Essentially, just additionally define a new "Vendor ID" and then define attributes for that new "vendor", using 1,2,... instead of 340,341, ... HTH, Stefan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
using user-defined attributes and radreply
I am new to freeradius, and i was wondering if anyone could help with a basic problem i am having creating user-defined attributes. I have set up a dictionary file with the following entries. ATTRIBUTE myattrib 340 string ATTRIBUTE myattrib2 341 integer VALUE myattrib2 value0 0 VALUE myattrib2 value1 1 VALUE myattrib2 value2 2 Now im not entirely sure whether this is right. Using the limited documentation, it appears that values 340 & 341 are currently unused and seem to correct ones to use for the required reply (I have also tried other unused values in other free ranges, e.g. 2000 &2001). Now invoking this with the following radreply db entries (postgress), using user4 and the correct password and secret key:- id | username | attribute | op | value +--+--++--- 1 | user4 | myattrib | = | hello 3 | user4 | myattrib2 | = | 1 2 | user4 | service-type | = | 1 Results in a response:- ---25/04/2005 14:02:25 Test started [MYTASK]- Info:Sending Access-Request of id 0 to 10.101.2.5:1812 User-Name = "user4" Password = "user3" Info: Access-Accept packet from host 10.101.2.5:1812, id=0, length=26 Service-Type = Login-User 25/04/2005 14:02:25 Test finished [MYTASK]- That is, only the system defined attribute is returned (login-user), not the other two. As a test, if I change 340, 341 to values that are already defined by system, say, 245 & 246. Then the response is. 25/04/2005 11:56:08 Test started [MYTASK]- Info:Sending Access-Request of id 0 to 10.101.2.5:1812 User-Name = "user4" Password = "user3" Info: Access-Accept packet from host 10.101.2.5:1812, id=0, length=39 X-Ascend-Preempt-Limit = 0x68656c6c6f Service-Type = Login-User X-Ascend-Callback = 1 25/04/2005 11:56:08 Test finished [MYTASK]- Here you can see three results including, X-Ascend-Preempt-Limit and X-Ascend-Callback Corresponding to the duplicate values defined in the system dictionary file. As these essentially overwrite my attributes, but the service-type entry still works, which suggest that though the db is working correctly and my attributes are being read, they are being ignored. Thus, what i think must be happening is that either Im missing some part of the configuration indicating the values I use (345 & 346) may be used as return values, or the attribute values are not setup properly. Does anyone know what im doing wrong? Ive looked at all the other configuration files nothing is obvious. Any suggestions? regards, Arun Mundray.
Re: user-defined attributes
Sorry! i will go through the docs first. thanks, Payam Shabanian shabanip -at- avapajoohesh.com > On Fri, 25 Feb 2005, shabanip wrote: > >> can i define or get unstanderds attributes in freeradius? > > Yes. Please stop asking questions without reading anything first. > >> >> >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 210 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: user-defined attributes
On Fri, 25 Feb 2005, shabanip wrote: can i define or get unstanderds attributes in freeradius? Yes. Please stop asking questions without reading anything first. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
user-defined attributes
can i define or get unstanderds attributes in freeradius? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
