Alan, thanks for your quick response, I use the snapshot from 20020220. and here is my configuration file. My cisco's IOS is 12.2.5.
file trimed: preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints # This hack changes Ascend's wierd port numberings # to standard 0-??? port numbers so that the "+" works # for IP address assignments. with_ascend_hack = no ascend_channels_per_line = 23 # Windows NT machines often authenticate themselves as # NT_DOMAIN\username # # If this is set to 'yes', then the NT_DOMAIN portion # of the user-name is silently discarded. with_ntdomain_hack = no # Specialix Jetstream 8500 24 port access server. # # If the user name is 10 characters or longer, a "/" # and the excess characters after the 10th are # appended to the user name. # # If you're not running that NAS, you don't need # this hack. with_specialix_jetstream_hack = no # Cisco sends it's VSA attributes with the attribute # name *again* in the string, like: # # H323-Attribute = "h323-attribute=value". # # If this configuration item is set to 'yes', then # the redundant data in the the attribute text is stripped # out. The result is: # # H323-Attribute = "value" # # If you're not running a Cisco NAS, you don't need # this hack. with_cisco_vsa_hack = yes } # Authorization. First preprocess (hints and huntgroups files), # then realms, and finally look in the "users" file. # The order of the realm modules will determine the order that # we try to find a matching realm. # Make *sure* that 'preprocess' comes before any realm if you # need to setup hints for the remote radius server authorize { preprocess # counter # attr_filter # eap suffix # files sql # mschap } # Authentication. # # This section lists which modules are available for authentication. # Note that it does NOT mean 'try each module in order'. It means # that you have to have a module from the 'authorize' section add # a configuration attribute 'Auth-Type := FOO'. That authentication type # is then used to pick the apropriate module from the list below. authenticate { # pam # unix sql # By grouping modules together in an authtype block, that authtype will be # tried on each module in sequence until one returns REJECT or OK. This # allows authentication failover if the first SQL server has crashed, for # example. # authtype SQL { # sql # sql2 # } # ldap # mschap # eap } # Pre-accounting. Look for proxy realm in order of realms, then # acct_users file, then preprocess (hints file). preacct { suffix # files preprocess } # Accounting. Log to detail file, and to the radwtmp file, and maintain # radutmp. accounting { # acct_unique detail # counter # unix sql radutmp # sradutmp } # Session database, used for checking Simultaneous-Use. The radutmp module # handles this session { radutmp } then start as /radiusd start -X Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = yes h323-gw-id = "h323-gw-id=nst.voip.nst.com" Cisco-AVPair = "h323-incoming-conf-id=C12AF3B7 294911D6 9D8ADDE9 70C1E7C6" h323-call-origin = "h323-call-origin=originate" h323-call-type = "h323-call-type=Telephony" h323-setup-time = "h323-setup-time=17:13:08.734 UTC Mon Feb 25 2002" h323-connect-time = "h323-connect-time=17:13:12.774 UTC Mon Feb 25 2002" h323-disconnect-time = "h323-disconnect-time=17:13:12.774 UTC Mon Feb 25 2002" h323-disconnect-cause = "h323-disconnect-cause=10" h323-voice-quality = "h323-voice-quality=0" h323-conf-id = "h323-conf-id=C12AF3B7 294911D6 9D8ADDE9 70C1E7C6" Raymond >From: "Alan DeKok" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Re: Cisco VSA Attribute show again in string >Date: Mon, 25 Feb 2002 10:45:30 -0500 > >"noway noway" <[EMAIL PROTECTED]> wrote: > > Please help to solve the Cisco VSA attribute problem in Detail file, it > > shows the attribute in the value string again like H323-Attribute = > > "h323-attribute=value". I've enable the with_cisco_vsa_hack=yes, but >it's > > only in pre-accouting not accounting call which generates detail files. > > The pre-accounting modules edit the request so that the accounting >function will log the cleaned attributes. > > If it's not doing that for you, check your config. > > Alan DeKok. > >- >List info/subscribe/unsubscribe? See >http://www.freeradius.org/list/users.html _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html