RE: Cisco-AVPair Help (help!!) Part 1 - *Solution*

Fri, 12 Nov 2004 13:17:40 -0800 

To solve our problem, we modified the rlm_preprocess.c source code to
change the colon ":" to a dash "-". I rebuilt the RPM package, added the
'new' attributes to the /etc/raddb/dictionary file (e.g.
"ip-source-ip"), and everything works! The modified code is shown below:

rlm_preprocess.c

                if ((vp->attribute & 0xffff) == 1) {
                        char *p;
                        char *cp;
                        DICT_ATTR       *dattr;

                        p = vp->strvalue;
                        gettoken(&p, newattr, sizeof(newattr));

                        cp = strchr(newattr, ':'); /* find a ':' */
                        if ( cp )
                          *cp = '-';

                        if (((dattr = dict_attrbyname(newattr)) != NULL)
&&
                            (dattr->type == PW_TYPE_STRING)) {
                                VALUE_PAIR *newvp;

Thanks for the help!
David

-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Alan
DeKok
Sent: Friday, November 05, 2004 10:49 AM
To: [EMAIL PROTECTED]
Subject: Re: Cisco-AVPair Help (help!!) Part 1 

"Billington, David " <[EMAIL PROTECTED]> wrote:
> Thanks for the response. Yes, I was concerned about that as well, but
a
> look at the source code for the hack, copied in part below, seems to
> indicate that the hack should also handle this case. I've also been in
> contact with another user who has followed the same steps I have on a
> Solaris system, and his system is working perfectly (i.e. the
> Cisco-AVPair attributes are being parsed properly).

  If you'll look at it in a little more detail, you'll see that the
Cisco-AVPair attributes which are pulled out via the hack already
exist in the Cisco dictionary.  The ones you're trying to pull out
don't exist in the dictionary.

  And yes, you can add them to the dictionary, but:

  - you have to be VERY careful about the numbers you pick.
    See raddb/dictionary.  Add the attributes there.

  - The ":" in the middle of the attribute name will cause problems.,
    as it's used already to mean "tag" for VLAN attributes.

  I'm not sure you'll ever get it to work without source code
modifications.

  In the CVS snapshot, you can use:

  %{Cisco-AVPair[0]}, %{Cisco-AVPair[1]}, etc.  You can also use
%{Cisco-AVPair[*]}.

  See doc/variables.txt

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to