At 10:18 AM 3/11/2002 -0700, Charlie Watts wrote:
>I'm having trouble with rlm_attr_filter and Ascend-Data-Filter.
>
>Indeed, there is a comment in the source:
>
>/* THIS SECTION NEEDS LOTS OF WORK TO GET THE ATTRIBUTE
> * FILTERING LOGIC WORKING PROPERLY. RIGHT NOW IT DOES
> * THINGS MOSLTY RIGHT. IT HAS SOME ISSUES WHEN YOU HAVE
> * MULTIPLE A/V PAIRS FROM THE SAME ATTRIBUTE ( IE, VSA'S ).
> * THAT NEEDS A BIT OF WORK STILL.... [EMAIL PROTECTED]
> */
Yup, that comment is there, but that's not the problem you're having.
>Here's my config:
>
>attrs:
>acsinc.net
> Ascend-Data-Filter := "ip in forward tcp est",
> Ascend-Data-Filter := "ip in forward dstip 199.45.141.0/24",
> Ascend-Data-Filter := "ip in drop tcp dstport = 25",
> Ascend-Data-Filter := "ip in forward"
Hmmm, perhaps try using the += operator there.
>And here's some output from the debug log:
>Sending Access-Accept of id 173 to 199.45.141.1:1026
> Ascend-Data-Filter = "ip input forward 0"
> Ascend-Data-Filter = "ip input forward 0"
> Ascend-Data-Filter = "ip output drop 0"
> Ascend-Data-Filter = "ip input forward 0"
Here they are set as separate attributes, so it's not a problem with
the rlm_attr_filter module.
>And here's what I get back:
>Vendor-Specific =
>"V529:T242:L34::T1:L1::T1:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0::T0:L0:"
What is this output from?
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
