Alan,
thanks for your quick response, I use the snapshot from 20020220. and here
is my configuration file. My cisco's IOS is 12.2.5.
file trimed:
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
# This hack changes Ascend's wierd port numberings
# to standard 0-??? port numbers so that the + works
# for IP address assignments.
with_ascend_hack = no
ascend_channels_per_line = 23
# Windows NT machines often authenticate themselves as
# NT_DOMAIN\username
#
# If this is set to 'yes', then the NT_DOMAIN portion
# of the user-name is silently discarded.
with_ntdomain_hack = no
# Specialix Jetstream 8500 24 port access server.
#
# If the user name is 10 characters or longer, a /
# and the excess characters after the 10th are
# appended to the user name.
#
# If you're not running that NAS, you don't need
# this hack.
with_specialix_jetstream_hack = no
# Cisco sends it's VSA attributes with the attribute
# name *again* in the string, like:
#
# H323-Attribute = h323-attribute=value.
#
# If this configuration item is set to 'yes', then
# the redundant data in the the attribute text is stripped
# out. The result is:
#
# H323-Attribute = value
#
# If you're not running a Cisco NAS, you don't need
# this hack.
with_cisco_vsa_hack = yes
}
# Authorization. First preprocess (hints and huntgroups files),
# then realms, and finally look in the users file.
# The order of the realm modules will determine the order that
# we try to find a matching realm.
# Make *sure* that 'preprocess' comes before any realm if you
# need to setup hints for the remote radius server
authorize {
preprocess
# counter
# attr_filter
# eap
suffix
# files
sql
# mschap
}
# Authentication.
#
# This section lists which modules are available for authentication.
# Note that it does NOT mean 'try each module in order'. It means
# that you have to have a module from the 'authorize' section add
# a configuration attribute 'Auth-Type := FOO'. That authentication type
# is then used to pick the apropriate module from the list below.
authenticate {
# pam
# unix
sql
# By grouping modules together in an authtype block, that authtype will be
# tried on each module in sequence until one returns REJECT or OK. This
# allows authentication failover if the first SQL server has crashed, for
# example.
# authtype SQL {
# sql
# sql2
# }
# ldap
# mschap
# eap
}
# Pre-accounting. Look for proxy realm in order of realms, then
# acct_users file, then preprocess (hints file).
preacct {
suffix
# files
preprocess
}
# Accounting. Log to detail file, and to the radwtmp file, and maintain
# radutmp.
accounting {
# acct_unique
detail
# counter
# unix
sql
radutmp
# sradutmp
}
# Session database, used for checking Simultaneous-Use. The radutmp module
# handles this
session {
radutmp
}
then start as /radiusd start -X
Module: Loaded preprocess
preprocess: huntgroups = /usr/local/etc/raddb/huntgroups
preprocess: hints = /usr/local/etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = yes
h323-gw-id = h323-gw-id=nst.voip.nst.com
Cisco-AVPair = h323-incoming-conf-id=C12AF3B7 294911D6 9D8ADDE9
70C1E7C6
h323-call-origin = h323-call-origin=originate
h323-call-type = h323-call-type=Telephony
h323-setup-time = h323-setup-time=17:13:08.734 UTC Mon Feb 25 2002
h323-connect-time = h323-connect-time=17:13:12.774 UTC Mon Feb 25
2002
h323-disconnect-time = h323-disconnect-time=17:13:12.774 UTC Mon
Feb 25 2002
h323-disconnect-cause = h323-disconnect-cause=10
h323-voice-quality = h323-voice-quality=0
h323-conf-id = h323-conf-id=C12AF3B7 294911D6 9D8ADDE9 70C1E7C6
Raymond
From: Alan DeKok [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: Cisco VSA Attribute show again in string
Date: Mon, 25 Feb 2002 10:45:30 -0500
noway noway [EMAIL PROTECTED] wrote:
Please help to solve the Cisco VSA attribute problem in Detail file, it
shows the attribute in the value string again like H323-Attribute