(RADIATOR) multiple cisco-avpair problem

Igor Briski igor.briski at iskon.hr
Mon Jun 2 10:03:40 CDT 2003

Hi all!

I've been having problems using cisco-avpair reply attributes in my
radiator config. I've read all the notes, searched the archives but
still can't get the bloody thing to work. 

This is my current config:

<AuthBy FILE>
        Identifier              AuthUsersFilter
        Filename                %D/users
        AddToReplyIfNotExist    Service-Type=Framed-User, \
                                Framed-Protocol=PPP, \
                                Framed-IP-Address=, \
                                Framed-IP-Netmask=, \
                                Framed-Routing=None, \
        AddToReply \
            cisco-avpair = "ip:inacl#5=permit ip any", \
            cisco-avpair = "ip:inacl#99=deny ip any any"

This returns only the first cisco-avpair attribute, the second one gets
lost. I've also tried to add this cisco-avpair attributes to my users
file and still the same. 

The reply I get from radpwtest is:
Code:       Access-Accept
Identifier: 147
Authentic:  $?i@<143><175><214><221><178>x<205><3>9<247>$<166>
	cisco-avpair = "ip:inacl#5=permit ip any"
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Framed-IP-Address =
	Framed-IP-Netmask =
	Framed-Routing = None
	Framed-Compression = Van-Jacobson-TCP-IP
	Framed-MTU = 1500

As you can see, the second attribute did not get to my client (or is it
stripped by radpwtst?). 

Has anyone used cisco ACLs with Radiator? How could this be fixed? Is
there any way to get Radiator to send both attributes regardles of the
fact that they have the same name? 


Igor Briski <igor.briski at iskon.hr>

Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list