Ascend-Data-Filter with srcip from ippool
Andreas Kalb (akalb)
akalb at cisco.com
Wed Apr 2 00:40:36 CEST 2008
Hello again,
based on the last experience having different servers existing, I build
the system from scratch and stood as closely as possible to defaults.
All is working well concerning the ip-pool. It was the duplicated
server, Alan pointed out.
Now I'm back to my original problem, where I wanted to use an
Ascend-filter with entries matching IP-address from pool. I still don't
know, how to change order of modules to make the IP-address known to the
files-module and appreciated your uidance again.
Kind Regards,
Andreas
users:
DEFAULT User-Name := "test_...", Pool-Name := test_pool,
Cleartext-Password := cisco
Service-Type == Framed-User,
Framed-Protocol = PPP,
Session-Timeout = 65000,
Idle-Timeout = 3600,
Ascend-Maximum-Time = 64000,
Ascend-Idle-Limit = 3600,
Ascend-Data-Filter := "ip in forward srcip
%{reply:Framed-IP-Address}/32 dstip 1.1.1.2/32"
debugs:
...
++[unix] returns notfound
users: Matched entry DEFAULT at line 125
expand: ip in forward srcip %{reply:Framed-IP-Address}/32 dstip
1.1.1.2/32 -> ip in forward srcip /32 dstip 1.1.1.2/32
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
rad_check_password: Found Auth-Type
auth: type "PAP"
+- entering group PAP
rlm_pap: login attempt with password "cisco"
rlm_pap: Using clear text password "cisco"
rlm_pap: User authenticated successfully
++[pap] returns ok
Login OK: [test_001/cisco] (from client bb-10k port 808583209)
+- entering group post-auth
expand: %{NAS-IP-Address} %{NAS-Port} -> 172.16.1.7 808583209
rlm_ippool: MD5 on 'key' directive maps to:
4c8d9b7e94410e9a58cd8ec24b47f8b1
rlm_ippool: Searching for an entry for key:
'4c8d9b7e94410e9a58cd8ec24b47f8b1'
rlm_ippool: Allocating ip to key: '4c8d9b7e94410e9a58cd8ec24b47f8b1'
rlm_ippool: num: 1
rlm_ippool: Allocated ip 172.16.100.69 to client key:
4c8d9b7e94410e9a58cd8ec24b47f8b1
++[test_pool] returns ok
Service-Type == Framed-User
Framed-Protocol = PPP
Session-Timeout = 65000
Idle-Timeout = 3600
Ascend-Maximum-Time = 64000
Ascend-Idle-Limit = 3600
Ascend-Data-Filter := "ip in forward dstip 1.1.1.2/32 0"
Framed-IP-Address = 172.16.100.69
Framed-IP-Netmask = 255.255.255.0
Finished request 1.
More information about the Freeradius-Users
mailing list