ascend-data-filters missing from access-accept

[Christopher Carver]

Alan DeKok wrote:
> Christopher Carver <ccarver at pennswoods.net> wrote:
>   
>> I'm having some trouble getting all the Ascend-Data-Filter attributes I 
>> set in the users file returned in an access-accept packet.  Its strange 
>> because some of the filters get returned, but others do not.
>>     
>
>   The ones that don't get returned are probably not being parsed
> correctly.  Create a test user containing just those entries, run the
> server in debugging mode, and see what it says.
>
>   Alan DeKok.
>
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   

Thanks for the reply Alan.  It looks like you're right.  First I tried 
adding it to the radreply table in sql to get around this problem, but 
it looks like it parses it the same and runs into the same problem.  
Here's the message from radiusd -X this time:

rlm_sql: Failed to create the pair: failed to parse Ascend binary 
attribute: Unknown string "dstip" in IP data filter
rlm_sql (sql): Error getting data from database
rlm_sql (sql): Released sql socket id: 4

Then it returns the same list of attributes.  I looked in 
dictionary.ascend and I think I have the format of my rules right:

#  IP FILTERS:
#
#       ip dir action [ dstip n.n.n.n/nn ] [ srcip n.n.n.n/nn ]
#           [ proto [ dstport cmp value ] [ srcport cmd value ] [ est ] ]

Here is what I'm using:

| 34 | mailAccess    | Ascend-Data-Filter | += | ip in forward 0 dstip 
xxx.xxx.xxx.xxx/32  |    0 |
| 27 | firewallGroup | Ascend-Data-Filter | += | ip in forward 0 dstip 
xxx.xxx.xxx.xxx/32   |    0 |
| 28 | firewallGroup | Ascend-Data-Filter | += | ip in forward 0 dstip 
xxx.xxx.xxx.xxx/32  |    0 |
| 29 | firewallGroup | Ascend-Data-Filter | += | ip in forward 0 dstip 
xxx.xxx.xxx.xxx/30 |    0 |
| 30 | firewallGroup | Ascend-Data-Filter | += | ip in forward 0 dstip 
xxx.xxx.xxx.xxx/30 |    0 |


Is this wrong?  I would appreciate any other help in this matter.

Thanks,

Chris Carver