Update 2:
got it most of the way:
in order to get it past the "#" and "=" in the string you must quote ONLY the value not the attribute name as below...
LDAP directory entry....
radiusReplyItem: Cisco-Avpair = 'lcp:interface-config#1=rate-limit input 768000 144000 144000 conform-action continue exceed-action drop'
my only problem now is i need to send two of these for input and output:
radiusReplyItem: Cisco-Avpair = 'lcp:interface-config#1=rate-limit input 768000 144000 144000 conform-action continue exceed-action drop'
radiusReplyItem: Cisco-Avpair = 'lcp:interface-config#1=rate-limit output 3072000 576000 576000 conform-action continue exceed-action drop'
Still working this one out....
Any questions, please let me know.
Thank You,
Joel Prine
Systems Engineer
MCSE, CCNA, CSE
Conneaut Telephone / Suite224 Internet
Phone: (440) 593.7160
Fax: (440) 599.2230
JPrine at suite224.net<mailto:JPrine at suite224.net>
[cid:image001.jpg at 01CA262C.F8CBE910]
1
[cid:image002.jpg at 01CA262C.F8CBE910]
________________________________
P.O. Box 579 | Conneaut, Ohio 44030 | Ph: (440) 593.7113 | TF Ph: (888) 566.7113 | Fax: (440) 599.2230
________________________________
On Mar 10, 2010, at 4:03 PM, Joel Prine wrote:
UPDATE:
It is definitely the "#" that is killing me, if i move the "#" sign anywhere in the string it keeps only the piece prior to the "#" sign of the string, is there a way to escape this character?
Any questions, please let me know.
Thank You,
Joel Prine
Systems Engineer
MCSE, CCNA, CSE
Conneaut Telephone / Suite224 Internet
Phone: (440) 593.7160
Fax: (440) 599.2230
JPrine at suite224.net<mailto:JPrine at suite224.net>
<image001.jpg>
1
<image002.jpg>
________________________________
P.O. Box 579 | Conneaut, Ohio 44030 | Ph: (440) 593.7113 | TF Ph: (888) 566.7113 | Fax: (440) 599.2230
________________________________
On Mar 10, 2010, at 3:55 PM, Joel Prine wrote:
Hello,
I need to pass an odd reply attribute back to my Cisco router to limit DSL users speeds on the interface. I am moving from radiator to freeradius, we are going this fine on radiator from a mysql database.
The ldap entry in the directory is
radiusReplyItem: Cisco-Avpair = lcp:interface-config#1=rate-limit input 512000 96000 96000 conform-action continue exceed-action drop
It appears that it is being truncated at the "#" sign, is this field too long? or is a special character messing it up, is there anyway i can escape the special character if so?
Thanks for any help!
Here is the DEBUG, I have bolded the lines i noticed....
*********************
rad_recv: Access-Request packet from host 72.2.95.130 port 1645, id=121, length=94
Framed-Protocol = PPP
User-Name = "jprine at suitedsl"
User-Password = "overout22"
NAS-Port-Type = Virtual
NAS-Port = 0
NAS-Port-Id = "4/0/0/0"
Service-Type = Framed-User
NAS-IP-Address = 72.2.95.130
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] Looking up realm "suitedsl" for User-Name = "jprine at suitedsl"
[suffix] No such realm "suitedsl"
++[suffix] returns noop
[ldap] performing user authorization for jprine at suitedsl
[ldap] expand: %{Stripped-User-Name} ->
[ldap] ... expanding second conditional
[ldap] expand: %{User-Name} -> jprine at suitedsl
[ldap] expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=jprine at suitedsl)
[ldap] expand: dc=suite224,dc=net -> dc=suite224,dc=net
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] performing search in dc=suite224,dc=net, with filter (uid=jprine at suitedsl)
[ldap] looking for check items in directory...
[ldap] userPassword -> Cleartext-Password == "{CRYPT}$1$j83AynGz$QIU88xh94V3ocCI.zT/1R1"
[ldap] looking for reply items in directory...
[ldap] radiusFramedIPAddress -> Framed-IP-Address = 72.2.84.77
[ldap] extracted attribute Cisco-AVPair from generic item Cisco-Avpair = lcp:interface-config#1=rate-limit input 512000 96000 96000 conform-action continue exceed-action drop
[ldap] Setting Auth-Type = LDAP
[ldap] user jprine at suitedsl authorized to use remote access
[ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
++[expiration] returns noop
++[logintime] returns noop
Found Auth-Type = LDAP
+- entering group LDAP {...}
[ldap] login attempt by "jprine at suitedsl" with password "overout22"
[ldap] user DN: cn=jprine at suitedsl,ou=freeradius,dc=suite224,dc=net
[ldap] (re)connect to 127.0.0.1:389, authentication 1
[ldap] bind as cn=jprine at suitedsl,ou=freeradius,dc=suite224,dc=net/overout22 to 127.0.0.1:389
[ldap] waiting for bind result ...
[ldap] Bind was successful
[ldap] user jprine at suitedsl authenticated succesfully
++[ldap] returns ok
+- entering group post-auth {...}
++[exec] returns noop
Sending Access-Accept of id 121 to 72.2.95.130 port 1645
Framed-IP-Address = 72.2.84.77
Cisco-AVPair = "lcp:interface-config"
Finished request 30.
Any questions, please let me know.
Thank You,
Joel Prine
Systems Engineer
MCSE, CCNA, CSE
Conneaut Telephone / Suite224 Internet
Phone: (440) 593.7160
Fax: (440) 599.2230
JPrine at suite224.net<mailto:JPrine at suite224.net>
<image001.jpg>
1
<image002.jpg>
________________________________
P.O. Box 579 | Conneaut, Ohio 44030 | Ph: (440) 593.7113 | TF Ph: (888) 566.7113 | Fax: (440) 599.2230
________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100310/ef022627/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 2798 bytes
Desc: image001.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100310/ef022627/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 6667 bytes
Desc: image002.jpg
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100310/ef022627/attachment-0001.jpg>