Fajar A. Nugraha-2 wrote > > On Fri, Mar 30, 2012 at 4:29 PM, IVB <ivb@> wrote: >> I need help. >> >> Software: FreeRADIUS v2.1.11, MySQL v5.1.61. >> Hardware: RB SE100 under SEOS-6.4.1.4-Release >> >> BRAS sends Opt-82 related attributes in following format: >> > > What format? >
Agent-Remote-Id = 0x0006001e58ab0304 ADSL-Agent-Remote-Id = "\000\006\000\036X\253\003\004" Agent-Circuit-Id = 0x000403fc0001 ADSL-Agent-Circuit-Id = "\000\004\003\374\000\001" >> >> Attributes Agent-* described in radius dictionary as 'octets'. Attributes >> ADSL-Agent-* described in radius dictionary as 'string'. > > AFAIK those are not DHCP dictionary. They're part of "normal" radius > dictionary. So you just treat them like any other attribute. > >> >> I was try to store needed data in MySQL database from which Radius gets >> 'check' attributes: > INSERT INTO `radcheck` ( `UserName`, `Attribute`, `Value`, `op` ) VALUES ( '00:12:23:56:78:9A', 'Cleartext-Password', 'Redback', ':=' ), ( '00:12:23:56:78:9A', 'Agent-Circuit-ID', x'000403fc0001', '==' ), ( '00:12:23:56:78:9A', 'Agent-Remote-ID', x'0006001e58ab0304', '==' ) (most important part of message disappears from my post) >> >> to Radius select that attributes to authenticate. But I got 'Login >> incorrect' message in Radius log. >> >> If I remove both Agent-* attributes from DB (that means that I dont >> validate >> Opt-82 parameters) - I got 'Login OK'. >> >> I think that I use wrong format for Agent-* attributes, but I was try >> some >> different variants without success. >> >> I was try to use ADSL-Agent-* instead Agent-* in DB, but I receive 'Login >> OK' with _any_ attributes values - match and mismatch. >> >> So I need help. Very need. > > You need to know what the NAS (i.e. BRAS) sends. An easy way to get > that is to run FR in debug mode (-X) while the NAS is sending > authentication packet. > Yes, I know about debug mode, but BRAS and Radius are in project mode (using PPPoE authorisation now). DHCP testing uses same context and same Radius server. To run different Radius in debug mode I need to configure different context... > Then compare to what you have on radcheck. Note the operators (you > probably need "=="). > > Then you need to find out what's going on. Again, debug mode would be > the best way. > > -- > Fajar > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > -- View this message in context: http://freeradius.1045715.n5.nabble.com/FreeRADIUS-MySQL-DHCP-Opt82-tp5606148p5606373.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
