(RADIATOR) multiple cisco-avpair problem

Mike McCauley mikem at open.com.au
Mon Jun 2 18:18:09 CDT 2003 

Hello Igor,

I have just tested your config here with Radaitor 3.6 and it works fine: both 
cisco-avpairs get into the reply and are returned to the client. What version 
of Radiator are you on?

Cheers.

On Tue, 3 Jun 2003 01:03 am, Igor Briski wrote:
> Hi all!
>
> I've been having problems using cisco-avpair reply attributes in my
> radiator config. I've read all the notes, searched the archives but
> still can't get the bloody thing to work.
>
> This is my current config:
>
> <AuthBy FILE>
>         Identifier              AuthUsersFilter
>         Filename                %D/users
>         AddToReplyIfNotExist    Service-Type=Framed-User, \
>                                 Framed-Protocol=PPP, \
>                                 Framed-IP-Address=255.255.255.254, \
>                                 Framed-IP-Netmask=255.255.255.255, \
>                                 Framed-Routing=None, \
>                                 Framed-Compression=Van-Jacobsen-TCP-IP,
> \
>                                 Framed-MTU=1500
>         AddToReply \
>             cisco-avpair = "ip:inacl#5=permit ip any 213.191.128.0
> 0.0.0.255", \
>             cisco-avpair = "ip:inacl#99=deny ip any any"
> </AuthBy>
>
> This returns only the first cisco-avpair attribute, the second one gets
> lost. I've also tried to add this cisco-avpair attributes to my users
> file and still the same.
>
> The reply I get from radpwtest is:
> Code:       Access-Accept
> Identifier: 147
> Authentic:  $?i@<143><175><214><221><178>x<205><3>9<247>$<166>
> Attributes:
> 	cisco-avpair = "ip:inacl#5=permit ip any 213.191.128.0 0.0.0.255"
> 	Service-Type = Framed-User
> 	Framed-Protocol = PPP
> 	Framed-IP-Address = 255.255.255.254
> 	Framed-IP-Netmask = 255.255.255.255
> 	Framed-Routing = None
> 	Framed-Compression = Van-Jacobson-TCP-IP
> 	Framed-MTU = 1500
>
> As you can see, the second attribute did not get to my client (or is it
> stripped by radpwtst?).
>
> Has anyone used cisco ACLs with Radiator? How could this be fixed? Is
> there any way to get Radiator to send both attributes regardles of the
> fact that they have the same name?
>
> Thanks!

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list