Problems when using Cisco-AVPairs[*]
Nicolas Baradakis
nbk at sitadelle.com
Mon Sep 12 10:47:19 CEST 2005
Admin wrote:
> I need some help with Cisco AVPAirs, I am using freeradius + postgresql.
>
> When I have the following entries in my radreply table -
>
> database=# SELECT * from radreply where username='test' order by id;
> id | username | attribute | op | value
> ----+----------+--------------+----+------------------------------------
> 72 | test | Cisco-AVPair | = | ip:inacl#1=deny tcp any any eq 25
> 73 | test | Cisco-AVPair | += | ip:inacl#1=permit ip any any
> 74 | test | Cisco-AVPair | += | ip:outacl#2=deny tcp any any eq 25
> 75 | test | Cisco-AVPair | += | ip:outacl#2=permit ip any any
>
> the access list works.
Indeed. That's how it's documented in doc/rlm_sql.
> However, when I modify the entries
>
> database=# SELECT * from radreply where username='test' order by id;
> id | username | attribute | op | value
> ----+----------+-----------------+----+------------------------------------
> 76 | test | Cisco-AVPair[0] | = | ip:inacl#1=deny tcp any any eq 25
> 77 | test | Cisco-AVPair[1] | = | ip:inacl#1=permit ip any any
> 78 | test | Cisco-AVPair[2] | = | ip:outacl#2=deny tcp any any eq 25
> 79 | test | Cisco-AVPair[3] | = | ip:outacl#2=permit ip any any
>
> none of the Cisco-AVPairs are passed to the Cisco NAS ( I can see that
> in the /var/log/radacct/{NAS-IP}/reply-detail file ).
This syntax is not supported in a SQL database. Please let us know if
the documentation is inaccurate.
--
Nicolas Baradakis
More information about the Freeradius-Users
mailing list