Matt Rose <[EMAIL PROTECTED]> wrote: > I've gotten FreeRADIUS working, and almost configured, and have everything > almost the way I want it, the one stumbling block is some dedicated isdn > users we have dialing into an Ascend MAX.
Ascend is wonderful, isn't it? > [mattrose@dogbert mattrose]$ perl check_rad.pl -h radius -u xxxx-isdn > -p xxxxx ... > attr: name=Ascend-Route-IP value=Route-IP-Yes > attr: name=Ascend-Maximum-Channels value=2 These are ascend specific attributes. They're defined in 'dictionary.ascend', which is included by default in the top-level 'dictionary' file. > But when I do it on the Freeradius server I get this: > > [mattrose@dogbert mattrose]$ perl check_rad.pl -h blackbox:1812 -u > pharma-isdn -p digidrugs ... > attr: name=Vendor-Specific value= > attr: name=Vendor-Specific value= So be sure that FreeRADIUS is reading 'raddb/dictionary.ascend'. See 'raddb/dictionary' in the source tree. Note that the 'make install' target does NOT over-write any existing dictionary, which may be the problem. > and the -X flag tells me this: > > rad_recv: Access-Request packet from host 216.191.240.115:3961, id=72, > length=51 User-Name = "pharma-isdn" ... > Ascend-Route-IP = Route-IP-Yes > Ascend-Maximum-Channels = 2 Ah. So the *server* is picking up the right dictionary entries, but the *client* isn't. The problem is that Ascend (in their infinite wisdom) decided to use normal RADIUS attributes for their Ascend-specific insanity. The IETF later assigned those same attributes itself, with different meanings. So using the bare ascend attributes *can* break things. If you want to use the bare ascend attributes, prefix their name in the 'users' file with 'X-'. i.e. 'X-Ascend-Maximum-Channels'. See 'raddb/dictionary.ascend' for more examples. I *strongly* recommend that you don't do this, though. > Now, I can actually get around most of these using attributes in > FreeRADIUS, but I'd like to be able to use the Ascend attributes if > possible. You can. See 'doc/ascend' for information on kicking the Ascend boxes into something resembling sanity. Oh, the 'radclient' program distributed with the server handles ascend attributes properly, unlike the perl script you're using. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
