I'm trying to get Cisco-AVPairs working correctly with Freeradius via my
SQL database. I have a group setup which I attach to usernames which
send all the AV pair reply items. As I understand it, when the data is
pulled from mysql, the format of the reply packet is Attribute = Value
which as an example would expand into something like:
Cisco-AVPair = ipsec:key-exchange=ike
The problem with this is when I have the same attributes in my group,
the default "=" only adds an attribute to the reply list if it isn't
there already. That problem gives entires like this:
mysql> select * from radgroupreply where GroupName = "IPSEC";
+----+-----------+-----------------+-----------------------------------+
----+
| id | GroupName | Attribute | Value |
op |
+----+-----------+-----------------+-----------------------------------+
----+
| 5 | IPSEC | Cisco-AVPair | ipsec:key-exchange=ike |
|
| 6 | IPSEC | Cisco-AVPair | ipsec:key-exchange=preshared-key |
|
| 7 | IPSEC | Cisco-AVPair | ipsec:addr-pool=vpnpool1 |
|
| 9 | IPSEC | Cisco-AVPair | ipsec:inacl=ipsec |
|
| 10 | IPSEC | Tunnel-Type | IP ESP |
|
| 11 | IPSEC | Tunnel-Password | cisco123 |
|
| 12 | IPSEC | Cisco-AVPair | ipsec:default-domain=fastvibe.com |
|
| 13 | IPSEC | Cisco-AVPair | ipsec:dns-servers=216.7.221.3 |
|
+----+-----------+-----------------+-----------------------------------+
----+
8 rows in set (0.00 sec)
mysql>
Radius responses like this:
Mon Aug 26 15:04:21 2002 : Auth: Login OK: [cisco3000] (from client
frn1-r3.tor port 0 cli 172.17.7.129)
Sending Access-Accept of id 161 to 172.16.2.3:1645
Cisco-AVPair = "ipsec:key-exchange=ike"
Tunnel-Password:0 =
"\375\346\036\257\037\255*\337\265\363A\374I\036{\207\227\266"
Mon Aug 26 15:04:21 2002 : Debug: Finished request 16
Mon Aug 26 15:04:21 2002 : Debug: Going to the next request
Mon Aug 26 15:04:21 2002 : Debug: Thread 2 waiting to be assigned a
request
The subsequent Cisco-AVPair reply items aren't being sent.
Is there a way to replace "=" with "+="?
Regards,
--
Jason Lixfeld
Senior IP Network Engineer
Fastvibe Corporation
--
tel://416.341.0099:223
fax://416.341.0088
mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html