error when adding Primary-DNS

Bjørn Mork bjorn at mork.no
Tue Dec 19 10:43:32 CET 2017 

Alan DeKok <aland at deployingradius.com> writes:
> On Dec 18, 2017, at 4:35 PM, J E H A N Z A I B <jehanzaib.kiani at gmail.com> wrote:
>> Not inventing, I am reading the guide from Juniper website.
>> https://www.juniper.net/documentation/en_US/junos/topics/reference/general/aaa-access-message-attributes.html
>
>   Juniper is not the same as FreeRADIUS.
>
>   The Juniper documentation assumes you're using the Juniper RADIUS server.
>
>> Primary-DNS and Secondary-DNS are supported by Junos.
>
>   That's nice.  FreeRADIUS doesn't use the Juniper names, because most vendors use horrible names, and they conflict with each other.
>
>> do you think I should add into dictionary ?
>
>  Don't edit the dictionaries.
>
>  Read the "dictionary.juniper" file.  Look for similar names:
>
> ATTRIBUTE	Juniper-Primary-Dns			31	ipaddr
>
>   And use those names.

Note that this can be a bit more complicated with Juniper for hysterical
raisins.  They use two different vendor IDs and dictionaries on JUNOS,
depending on which RADIUS service you're talking about.  The docs above
refer to "AAA for Subscriber Management". That code is inherited from
the ERX platform and is still using the ERX VSAs with vendor ID 4874.

So you need to look in the "dictionary.erx" file for those attributes:

ATTRIBUTE       ERX-Primary-Dns                         4       ipaddr


This code originated from Unisphere. And at some point Juniper decided
to stick to the 'Unisphere' prefix for the 4874 based attributes (not
consistently though - they use 'Jnpr' for a few attributes). In an
attempt to remove some of the confusion, FreeRADIUS syncronized with the
Juniper default names when preparing for v4.x.  So when upgrading from
v3.0 you will have to look in "dictionary.unisphere" instead of
"dictionary.erx".  And the primary DNS attribute is then named

ATTRIBUTE       Unisphere-Primary-Dns                   4       ipaddr


Confused now?  You've seen nothing yet :-)

This has little to do with FreeRADIUS of course, as Alan already pointed
out.  It's mostly a Juniper thing.  You should really use the Juniper
support you most likely are paying for instead of trusting a random
bunch of community bozos.



Bjørn

More information about the Freeradius-Users mailing list