(RADIATOR) Ascend-Data-Filter vs VENDORATTR 529 Ascend-Data-Filter

Hugh Irvine hugh at open.com.au
Tue Jul 20 17:56:35 CDT 2004 

Hello Jon -

Yes the dictionaries were rationalised some time ago.

Here is the comment block from "dictionary.ascend":

#
# This file (dictionary.ascend) contains the Ascend attributes
# that were used by Ascend prior to the adoption of vendor specifics.
# This file can be used if the original encoding of attribute names
# is required by doing something like this in the Radiator 
configuration file:
#
# DictionaryFile %D/dictionary, %D/dictionary.ascend
#

Of course a much cleaner solution is to use cisco-avpair's to do the 
filtering properly.

regards

Hugh


On 21 Jul 2004, at 08:18, Jon Lewis wrote:

> I'm having some issues with cisco access-servers not accepting
> Ascend-Data-Filters.  They give me an error "RADIUS: unrecognized 
> Vendor
> code 529".  A cisco TAC person has suggested that the radius server is
> sending the Ascend-Data-Filters as Ascend VSA's (thus the 529) rather 
> than
> just attribute 242.  I see our dictionary has Ascend-Data-Filter twice:
>
> # Radiator understands abinary, but if you are just
> # forwarding abinary attributes, use string instead
>
> ATTRIBUTE       Ascend-Data-Filter              242     abinary
> ATTRIBUTE       Ascend-Call-Filter              243     abinary
> #ATTRIBUTE      Ascend-Data-Filter              242     string
> #ATTRIBUTE      Ascend-Call-Filter              243     string
> ATTRIBUTE       Ascend-Idle-Limit               244     integer
> ATTRIBUTE       Ascend-Preempt-Limit            245     integer
> ...then much later in the file...
> VENDORATTR      529     Ascend-Data-Filter              242     abinary
>
> Is there a simple change that would cause radiator to not send these as
> 529's but just as plain 242's?  Can I just comment out the later
> VENDORATTR version from the dictionary?
>
> AFAIK, we had this working with our older radiator servers, which I've
> just noticed used an older dictionary that didn't have the Ascend
> VENDORATTR 529 section.
>
> How bad an idea would it be to rename the old Ascend-Data-Filter
> attribute Old-Ascend-Data-Filter and use Old-Ascend-Data-Filter in our
> profiles?
>
> --
> ----------------------------------------------------------------------
>  Jon Lewis                   |  I route
>  Senior Network Engineer     |  therefore you are
>  Atlantic Net                |
> _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list