dictionary handling

Alan Dekok aland at deployingradius.com
Fri May 25 11:18:18 CEST 2007


Wolfgang Rosenauer wrote:
> since I just begun to use freeradius in production I found some strangeness.
> The default configuration is to include all dictionaries but I wonder
> how they are evaluated?

  As documented.

> I have a Cisco NAS which sends (at least I think) VSA records and so I
> configured the Cisco VSA hack.

  The Cisco doesn't always send VSA's.

> For accounting reasons I'm interested in Cisco-PreSession-Time which is 198.
> In the detail log I found X-Ascend-PreSession-Time instead of
> Cisco-PreSession-Time though.
> If I grep through the dictionaries I found:

  Multiple attributes.  You do realize that a VSA of '198' for Cisco
isn't the same attribute as a VSA of '192' for another vendor?

  Again, this is documented.

> So I find it strange that freeradius logs X-Ascend-PreSession-Time at
> all since it's not the first match and not the last one.

  It is the first match.

  And running "grep" over the dictionary files doesn't return the
attributes in the same order as the server reads them.

> In addition I wonder if it makes sense that dictionary.ascend has two
> definitions for 198.

  Yes.

> I was under the impression that the correct dictionary would be chosen
> by the vendor ID (9 in case of Cisco).

  No.  Cisco sometimes sends non-VSA attributes.

> So any idea why freeradius logs Ascend attributes then?

  Because Cisco uses the same non-VSA numbers.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list