Alan,
thanks for your quick response, I use the snapshot from 20020220. and here
is my configuration file. My cisco's IOS is 12.2.5.
file trimed:
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
# This hack changes Ascend's wierd port numberings
# to standard 0-??? port numbers so that the "+" works
# for IP address assignments.
with_ascend_hack = no
ascend_channels_per_line = 23
# Windows NT machines often authenticate themselves as
# NT_DOMAIN\username
#
# If this is set to 'yes', then the NT_DOMAIN portion
# of the user-name is silently discarded.
with_ntdomain_hack = no
# Specialix Jetstream 8500 24 port access server.
#
# If the user name is 10 characters or longer, a "/"
# and the excess characters after the 10th are
# appended to the user name.
#
# If you're not running that NAS, you don't need
# this hack.
with_specialix_jetstream_hack = no
# Cisco sends it's VSA attributes with the attribute
# name *again* in the string, like:
#
# H323-Attribute = "h323-attribute=value".
#
# If this configuration item is set to 'yes', then
# the redundant data in the the attribute text is stripped
# out. The result is:
#
# H323-Attribute = "value"
#
# If you're not running a Cisco NAS, you don't need
# this hack.
with_cisco_vsa_hack = yes
}
# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the "users" file.
# The order of the realm modules will determine the order that
# we try to find a matching realm.
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
preprocess
# counter
# attr_filter
# eap
suffix
# files
sql
# mschap
}
# Authentication.
#
# This section lists which modules are available for authentication.
# Note that it does NOT mean 'try each module in order'. It means
# that you have to have a module from the 'authorize' section add
# a configuration attribute 'Auth-Type := FOO'. That authentication type
# is then used to pick the apropriate module from the list below.
authenticate {
# pam
# unix
sql
# By grouping modules together in an authtype block, that authtype will be
# tried on each module in sequence until one returns REJECT or OK. This
# allows authentication failover if the first SQL server has crashed, for
# example.
# authtype SQL {
# sql
# sql2
# }
# ldap
# mschap
# eap
}
# Pre-accounting. Look for proxy realm in order of realms, then
# acct_users file, then preprocess (hints file).
preacct {
suffix
# files
preprocess
}
# Accounting. Log to detail file, and to the radwtmp file, and maintain
# radutmp.
accounting {
# acct_unique
detail
# counter
# unix
sql
radutmp
# sradutmp
}
# Session database, used for checking Simultaneous-Use. The radutmp module
# handles this
session {
radutmp
}
then start as /radiusd start -X
Module: Loaded preprocess
preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups"
preprocess: hints = "/usr/local/etc/raddb/hints"
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = yes
h323-gw-id = "h323-gw-id=nst.voip.nst.com"
Cisco-AVPair = "h323-incoming-conf-id=C12AF3B7 294911D6 9D8ADDE9
70C1E7C6"
h323-call-origin = "h323-call-origin=originate"
h323-call-type = "h323-call-type=Telephony"
h323-setup-time = "h323-setup-time=17:13:08.734 UTC Mon Feb 25 2002"
h323-connect-time = "h323-connect-time=17:13:12.774 UTC Mon Feb 25
2002"
h323-disconnect-time = "h323-disconnect-time=17:13:12.774 UTC Mon
Feb 25 2002"
h323-disconnect-cause = "h323-disconnect-cause=10"
h323-voice-quality = "h323-voice-quality=0"
h323-conf-id = "h323-conf-id=C12AF3B7 294911D6 9D8ADDE9 70C1E7C6"
Raymond
>From: "Alan DeKok" <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: Cisco VSA Attribute show again in string
>Date: Mon, 25 Feb 2002 10:45:30 -0500
>
>"noway noway" <[EMAIL PROTECTED]> wrote:
> > Please help to solve the Cisco VSA attribute problem in Detail file, it
> > shows the attribute in the value string again like H323-Attribute =
> > "h323-attribute=value". I've enable the with_cisco_vsa_hack=yes, but
>it's
> > only in pre-accouting not accounting call which generates detail files.
>
> The pre-accounting modules edit the request so that the accounting
>function will log the cleaned attributes.
>
> If it's not doing that for you, check your config.
>
> Alan DeKok.
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
