[2] Problems when using Cisco-AVPairs[*]
Nat
freeradius at connect.com.fj
Tue Sep 13 00:35:33 CEST 2005
Thanks Nicloas, for your reply...
>
>Admin wrote:
>
>> I need some help with Cisco AVPAirs, I am using freeradius + postgresql.
>>
>> When I have the following entries in my radreply table -
>>
>> database=# SELECT * from radreply where username='test' order by id;
>> id | username | attribute | op | value
>> ----+----------+--------------+----+------------------------------------
>> 72 | test | Cisco-AVPair | = | ip:inacl#1=deny tcp any any eq 25
>> 73 | test | Cisco-AVPair | += | ip:inacl#1=permit ip any any
>> 74 | test | Cisco-AVPair | += | ip:outacl#2=deny tcp any any eq 25
>> 75 | test | Cisco-AVPair | += | ip:outacl#2=permit ip any any
>>
>> the access list works.
>
>Indeed. That's how it's documented in doc/rlm_sql.
>
>> However, when I modify the entries
>>
>> database=# SELECT * from radreply where username='test' order by id;
>> id | username | attribute | op | value
>> ----+----------+-----------------+----+------------------------------------
>> 76 | test | Cisco-AVPair[0] | = | ip:inacl#1=deny tcp any any eq 25
>> 77 | test | Cisco-AVPair[1] | = | ip:inacl#1=permit ip any any
>> 78 | test | Cisco-AVPair[2] | = | ip:outacl#2=deny tcp any any eq 25
>> 79 | test | Cisco-AVPair[3] | = | ip:outacl#2=permit ip any any
>>
>> none of the Cisco-AVPairs are passed to the Cisco NAS ( I can see that
>> in the /var/log/radacct/{NAS-IP}/reply-detail file ).
>
>This syntax is not supported in a SQL database. Please let us know if
>the documentation is inaccurate.
Would you/someone know if/when this feature will be enabled for SQL.
>
>--
>Nicolas Baradakis
More information about the Freeradius-Announce
mailing list