FreeRadius/LDAP Generic Reply Attribute

Joel Prine jprine at suite224.net
Wed Mar 10 22:03:10 CET 2010


UPDATE:

It is definitely the "#" that is killing me, if i move the "#" sign anywhere in the string it keeps only the piece prior to the "#" sign of the string, is there a way to escape this character?

Any questions, please let me know.

Thank You,
Joel Prine
Systems Engineer
MCSE, CCNA, CSE
Conneaut Telephone / Suite224 Internet
Phone: (440) 593.7160
Fax: (440) 599.2230
JPrine at suite224.net<mailto:JPrine at suite224.net>

[cid:image001.jpg at 01CA262C.F8CBE910]
1
[cid:image002.jpg at 01CA262C.F8CBE910]




________________________________
P.O. Box 579 | Conneaut, Ohio 44030 | Ph: (440) 593.7113 | TF Ph: (888) 566.7113 | Fax:  (440) 599.2230
________________________________




On Mar 10, 2010, at 3:55 PM, Joel Prine wrote:

Hello,

I need to pass an odd reply attribute back to my Cisco router to limit DSL users speeds on the interface. I am moving from radiator to freeradius, we are going this fine on radiator from a mysql database.

The ldap entry in the directory is
radiusReplyItem: Cisco-Avpair = lcp:interface-config#1=rate-limit input 512000 96000 96000 conform-action continue exceed-action drop

It appears that it is being truncated at the "#" sign, is this field too long? or is a special character messing it up, is there anyway i can escape the special character if so?

Thanks for any help!



Here is the DEBUG, I have bolded the lines i noticed....
*********************
rad_recv: Access-Request packet from host 72.2.95.130 port 1645, id=121, length=94
        Framed-Protocol = PPP
        User-Name = "jprine at suitedsl"
        User-Password = "overout22"
        NAS-Port-Type = Virtual
        NAS-Port = 0
        NAS-Port-Id = "4/0/0/0"
        Service-Type = Framed-User
        NAS-IP-Address = 72.2.95.130
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "suitedsl" for User-Name = "jprine at suitedsl"
[suffix] No such realm "suitedsl"
++[suffix] returns noop
[ldap] performing user authorization for jprine at suitedsl
[ldap]  expand: %{Stripped-User-Name} ->
[ldap]  ... expanding second conditional
[ldap]  expand: %{User-Name} -> jprine at suitedsl
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=jprine at suitedsl)
[ldap]  expand: dc=suite224,dc=net -> dc=suite224,dc=net
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=suite224,dc=net, with filter (uid=jprine at suitedsl)
[ldap] looking for check items in directory...
  [ldap] userPassword -> Cleartext-Password == "{CRYPT}$1$j83AynGz$QIU88xh94V3ocCI.zT/1R1"
[ldap] looking for reply items in directory...
  [ldap] radiusFramedIPAddress -> Framed-IP-Address = 72.2.84.77
  [ldap] extracted attribute Cisco-AVPair from generic item Cisco-Avpair = lcp:interface-config#1=rate-limit input 512000 96000 96000 conform-action continue exceed-action drop
[ldap] Setting Auth-Type = LDAP
[ldap] user jprine at suitedsl authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = LDAP
+- entering group LDAP {...}
[ldap] login attempt by "jprine at suitedsl" with password "overout22"
[ldap] user DN: cn=jprine at suitedsl,ou=freeradius,dc=suite224,dc=net
  [ldap] (re)connect to 127.0.0.1:389, authentication 1
  [ldap] bind as cn=jprine at suitedsl,ou=freeradius,dc=suite224,dc=net/overout22 to 127.0.0.1:389
  [ldap] waiting for bind result ...
  [ldap] Bind was successful
[ldap] user jprine at suitedsl authenticated succesfully
++[ldap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 121 to 72.2.95.130 port 1645
        Framed-IP-Address = 72.2.84.77
        Cisco-AVPair = "lcp:interface-config"
Finished request 30.


Any questions, please let me know.

Thank You,
Joel Prine
Systems Engineer
MCSE, CCNA, CSE
Conneaut Telephone / Suite224 Internet
Phone: (440) 593.7160
Fax: (440) 599.2230
JPrine at suite224.net<mailto:JPrine at suite224.net>

<image001.jpg>
1
<image002.jpg>




________________________________
P.O. Box 579 | Conneaut, Ohio 44030 | Ph: (440) 593.7113 | TF Ph: (888) 566.7113 | Fax:  (440) 599.2230
________________________________





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100310/4a4e4df5/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2798 bytes
Desc: image001.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100310/4a4e4df5/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 6667 bytes
Desc: image002.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100310/4a4e4df5/attachment-0001.jpg>


More information about the Freeradius-Users mailing list