I had incorrectly thought that the "Hint ==" portion of the entry in the hints file tied to the users file entry with the same "Hint ==" part. Sort of a "tie these two things together because they have the same name" or something. The issue is that I do not see the extra attributes passed from the entry in the users file. Service-Type = Framed-User, Framed-Protocol = PPP, X-Ascend-Data-Filter = "IP IN FORWARD TCP EST", X-Ascend-Data-Filter += "IP IN FORWARD 0 DSTIP 192.168.100.100/32", X-Ascend-Data-Filter += "IP IN DROP TCP DSTPORT = 25", X-Ascend-Data-Filter += "IP IN FORWARD 0", X-Ascend-Assign-IP-Pool = 0 So if the hints file is not needed to make sure these attributes are passed to the authenticating user, what does? The user does pass authentication correctly. Thank you, Nicholas Brenckle -----Original Message----- The question was not about "huntgroups", but "hints". hints is used during preprocess and is a packet mangler: it's the only place where you can modify and add all the request items at will. It's mostly often just used to add request items based on the prefix or suffix of the User-Name attribute for historic reasons, but it's much more powerful than just that. The only packets ignored by hints are those without a User-Name attribute (Acct-Start and -Stop mostly), this limitation is for historic reasons. If it works if you don't touch the file, and it doesn't when you do, the solution is simple: don't touch it. Greetings, Stefan Winter -- Stefan WINTER
Brenckle, Nicholas wrote:
I had incorrectly thought that the "Hint ==" portion of the entry in the hints file tied to the users file entry with the same "Hint ==" part. Sort of a "tie these two things together because they have the same name" or something.
No. To reiterate - hints adds items to the incoming request to make them look as if they came from the NAS. Most often, the "Hint" item is set to some kind of service name.
The issue is that I do not see the extra attributes passed from the entry in the users file.
The thing below is an incomplete entry, and your problem is still unclear.
Service-Type = Framed-User, Framed-Protocol = PPP, X-Ascend-Data-Filter = "IP IN FORWARD TCP EST", X-Ascend-Data-Filter += "IP IN FORWARD 0 DSTIP 192.168.100.100/32", X-Ascend-Data-Filter += "IP IN DROP TCP DSTPORT = 25", X-Ascend-Data-Filter += "IP IN FORWARD 0", X-Ascend-Assign-IP-Pool = 0
So if the hints file is not needed to make sure these attributes are passed to the authenticating user, what does? The user does pass authentication correctly.
The users file. You would normally have: user1 User-Password := "pass" Fall-Through = Yes user2 Auth-Type := Reject Reply-Message = "This user is banned", Fall-Through = No DEFAULT Service-Type = Framed-User, Framed-Protocol = PPP, Other-Attributes = Go-Here If you have something along these lines and it isn't working, run the server under debugging mode with the -X argument and post the output.
participants (2)
-
Brenckle, Nicholas -
Phil Mayers