FreeRadius - Cisco 7204 - L2TP Tunnel

TS tony at thewordzone.co.uk
Sat Apr 8 16:44:53 CEST 2006 

Hi Phil

Good call.
Thanks for that.
Works a treat now.

Tony

-----Original Message-----
From: freeradius-users-bounces+tony=thewordzone.co.uk at lists.freeradius.org
[mailto:freeradius-users-bounces+tony=thewordzone.co.uk at lists.freeradius.org
] On Behalf Of Phil Mayers
Sent: 08 April 2006 13:17
To: FreeRadius users mailing list
Subject: Re: FreeRadius - Cisco 7204 - L2TP Tunnel

Ok, I see the problem:

>     users: Matched DEFAULT at 171
>     users: Matched DEFAULT at 183
>   modcall[authorize]: module "files" returns ok for request 6
> 
> My users file (without all the commented out lines)
> 
> 
> DEFAULT Service-Type == Framed-User
>         Framed-IP-Address = 255.255.255.254,
>         Framed-MTU = 576,
>         Service-Type = Framed-User,
>         Fall-Through = Yes
> 
> 
> DEFAULT Framed-Protocol == PPP
>         Framed-Protocol = PPP,
>         Framed-Compression = Van-Jacobson-TCP-IP

There's no "Fall-Through = Yes" on this entry (the default entries in 
the users file in current release are a bit historic and not especially 
helpful to be in there uncommented by default, but compatibility 
concerns I imagine block their removal). So processing stops here, and 
never reaches the desired entry:

> 23877 at local.realm.com     Auth-Type = Local, User-Password == "mysecret"
>         Service-Type = Framed-User,
>         Framed-Protocol = PPP,
>         Framed-Address = 10.0.0.1,
>         Framed-Netmask = 255.255.255.255,
>         Framed-Compression = Van-Jacobsen-TCP-IP

So, you can either add a Fall-Though = Yes to the PPP entry, or delete 
it (since you've got the attributes defined on the users entry anyway 
you don't need it, or the Framed-Protocol match further up).

Personally I tend to do:

cp users users.example
 >users

...and start with a clean slate, reading the examples from the old file.

FYI the users file in CVS has by default none of these semi-historic 
uncommented examples.
- 
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Freeradius-Users mailing list