(RADIATOR) multiple cisco-avpair problem
Igor Briski
igor.briski at iskon.hr
Mon Jun 2 10:03:40 CDT 2003
Hi all!
I've been having problems using cisco-avpair reply attributes in my
radiator config. I've read all the notes, searched the archives but
still can't get the bloody thing to work.
This is my current config:
<AuthBy FILE>
Identifier AuthUsersFilter
Filename %D/users
AddToReplyIfNotExist Service-Type=Framed-User, \
Framed-Protocol=PPP, \
Framed-IP-Address=255.255.255.254, \
Framed-IP-Netmask=255.255.255.255, \
Framed-Routing=None, \
Framed-Compression=Van-Jacobsen-TCP-IP,
\
Framed-MTU=1500
AddToReply \
cisco-avpair = "ip:inacl#5=permit ip any 213.191.128.0
0.0.0.255", \
cisco-avpair = "ip:inacl#99=deny ip any any"
</AuthBy>
This returns only the first cisco-avpair attribute, the second one gets
lost. I've also tried to add this cisco-avpair attributes to my users
file and still the same.
The reply I get from radpwtest is:
Code: Access-Accept
Identifier: 147
Authentic: $?i@<143><175><214><221><178>x<205><3>9<247>$<166>
Attributes:
cisco-avpair = "ip:inacl#5=permit ip any 213.191.128.0 0.0.0.255"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-Compression = Van-Jacobson-TCP-IP
Framed-MTU = 1500
As you can see, the second attribute did not get to my client (or is it
stripped by radpwtst?).
Has anyone used cisco ACLs with Radiator? How could this be fixed? Is
there any way to get Radiator to send both attributes regardles of the
fact that they have the same name?
Thanks!
--
Igor Briski <igor.briski at iskon.hr>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list