(RADIATOR) Cisco VPN 3000 Dictionary Attributes

Hugh Irvine hugh at open.com.au
Thu Mar 16 15:31:08 CST 2006 

Hello Chris -

There is no need to change the attribute definitions in the  
dictionary, as the strings are only used to decode/encode the radius  
requests inside Radiator. The radius requests themselves contain  
numeric attribute type octets as specified by the RFC's ("doc/ 
rfc2865.txt"). You can run Radiator at trace 5 debug to see the hex- 
dumps of the radius requests received/sent on the wire.

However, if you do decide to change the VENDORATTR definitions, you  
will also need to change the corresponding VALUE definitions in the  
dictionary. This will stop the warning messages you are seeing.

hope that helps

regards

Hugh


On 17 Mar 2006, at 02:03, Deramus, Chris wrote:

> Hey everyone, I have a quick question about the dictionary file  
> that is
> used in Radiator. I have been using this product for the past two  
> weeks
> specifically for RADIUS proxying, and it works beautifully. I did run
> into one problem, and that with the Cisco VPN 3000 series AV pairs
> (VENDORATTR 3076 in the dictionary file). These AV pairs were prefaced
> with Altiga- in the file, but the Cisco Concentrator that we use in
> production must be in CVPN3000- format. I changed the syntax of each
> line for VENDORATTR 3076, and that works great; however, I do get  
> about
> a hundred of the warnings at the base of this E-mail when starting the
> radius daemon. Even though it works, I'd like to clean up the log
> messages which are being generated. What do I need to change to  
> prevent
> radius to look for Altiga attributes, and instead look for CVPN3000?
>
> Thanks in advance!
>
> [radiator]# /usr/bin/radiusd -trace 5
> Thu Mar 16 09:58:00 2006: DEBUG: Reading dictionary file
> '/etc/radiator/dictionary'
> Thu Mar 16 09:58:01 2006: WARNING: There is no attribute named
> Altiga-Allow-Alpha-Only-Passwords-G in file '' before line 4285  
> Ignored
> Thu Mar 16 09:58:01 2006: WARNING: There is no attribute named
> Altiga-Allow-Alpha-Only-Passwords-G in file '' before line 4286  
> Ignored
> Thu Mar 16 09:58:01 2006: WARNING: There is no attribute named
> Altiga-SEP-Card-Assignment-G/U in file '' before line 4288 Ignored
> Thu Mar 16 09:58:01 2006: WARNING: There is no attribute named
> Altiga-SEP-Card-Assignment-G/U in file '' before line 4289 Ignored
> Thu Mar 16 09:58:01 2006: WARNING: There is no attribute named
> Altiga-SEP-Card-Assignment-G/U in file '' before line 4290 Ignored
> Thu Mar 16 09:58:01 2006: WARNING: There is no attribute named
> Altiga-SEP-Card-Assignment-G/U in file '' before line 4291 Ignored
> Thu Mar 16 09:58:01 2006: WARNING: There is no attribute named
> Altiga-SEP-Card-Assignment-G/U in file '' before line 4292 Ignored
>
> Chris DeRamus
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list