Alan DeKok wrote:
Christopher Carver <[EMAIL PROTECTED]> wrote:
I'm having some trouble getting all the Ascend-Data-Filter attributes I
set in the users file returned in an access-accept packet. Its strange
because some of the filters get returned, but others do not.
The ones that don't get returned are probably not being parsed
correctly. Create a test user containing just those entries, run the
server in debugging mode, and see what it says.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for the reply Alan. It looks like you're right. First I tried
adding it to the radreply table in sql to get around this problem, but
it looks like it parses it the same and runs into the same problem.
Here's the message from radiusd -X this time:
rlm_sql: Failed to create the pair: failed to parse Ascend binary
attribute: Unknown string "dstip" in IP data filter
rlm_sql (sql): Error getting data from database
rlm_sql (sql): Released sql socket id: 4
Then it returns the same list of attributes. I looked in
dictionary.ascend and I think I have the format of my rules right:
# IP FILTERS:
#
# ip dir action [ dstip n.n.n.n/nn ] [ srcip n.n.n.n/nn ]
# [ proto [ dstport cmp value ] [ srcport cmd value ] [ est ] ]
Here is what I'm using:
| 34 | mailAccess | Ascend-Data-Filter | += | ip in forward 0 dstip
xxx.xxx.xxx.xxx/32 | 0 |
| 27 | firewallGroup | Ascend-Data-Filter | += | ip in forward 0 dstip
xxx.xxx.xxx.xxx/32 | 0 |
| 28 | firewallGroup | Ascend-Data-Filter | += | ip in forward 0 dstip
xxx.xxx.xxx.xxx/32 | 0 |
| 29 | firewallGroup | Ascend-Data-Filter | += | ip in forward 0 dstip
xxx.xxx.xxx.xxx/30 | 0 |
| 30 | firewallGroup | Ascend-Data-Filter | += | ip in forward 0 dstip
xxx.xxx.xxx.xxx/30 | 0 |
Is this wrong? I would appreciate any other help in this matter.
Thanks,
Chris Carver
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
