Re: [(ASCEND) Ascend-Data-Filter Attribute produces error - why?]

To: ascend-users@bungi.com, nmlist@logic.bm
Subject: Re: [(ASCEND) Ascend-Data-Filter Attribute produces error - why?]
From: "hameedf@mindspring.com" <hameedf@mindspring.com>
Date: Wed, 28 Apr 1999 13:26:54 -0700
Reply-To: hameedf@mindspring.com
Sender: owner-ascend-users@max.bungi.com

Hi Neil,

I tested your profile on my radius server running
on sun solaris and I was able to authenticate
without any problems. I have included the radif log,
and the user profile I used. You need to look closely
how your radius server is set-up.



> radif
RADIF debug display is ON
 > RADIF: radius type Auth ID = 18
RADIF: authenticating <6:filter> with PAP
RADIF 12:38:43> _radiusRequest: id 18, user name <7:filter>
RADIF: _radiusReq: challenge len = <0>
RADIF: _radiusReq: socket 6 len 104 ipaddr 172.24.1.55 port 65534->1812
RADIF:_radiusReq: id 18 <7:filter>, starting timer (10 sec)
RADIF: _radCallback: buf=B05E2840 from 172.24.1.55 1812
RADIF: _radCallback, authcode = 2, id 18
RADIF: _radCallback: id 18, killing timer
RADIF: Authentication Ack
RADIF: attribute 6, len 6, 00 00 00 02
RADIF: attribute 7, len 6, 00 00 00 01
RADIF: attribute 61, len 6, 00 00 00 00
RADIF: attribute 242, len 34, 01 01 01 00
RADIF: attribute 242, len 34, 01 01 01 00
RADIF: attribute 242, len 34, 01 01 01 00
RADIF: attribute 242, len 34, 01 01 01 00
RADIF: attribute 242, len 34, 01 01 00 00
RADIF: attribute 244, len 6, 00 00 04 b0
RADIF:_freeInfoClassSess
RADIF: radius type Acct ID = 123
RADIF: _radiusAcctRequest: type 0 id 123, user name <7:filter>
RADIF: _radiusAcctReq: socket 0 len 125 IP 0.0.0.0 port 0=>0, ID=123
RADIF: radius type Acct ID = 124
RADIF: _radiusAcctRequest: type 1 id 124, user name <7:filter>
RADIF: _radiusAcctReq: socket 7 len 125 IP 172.31.172.5 port 1026=>1646,
ID=124
RADIF: _radCallback: buf=B05CF7E0 from 172.31.172.5 1646
RADIF: _radProcAcctRsp: user:<7:filter>, ID=124
RADIF:_freeInfoClassSess
RADIF: _radCallback: processed acct server type=1
RADIF: radius type Acct ID = 125
RADIF: _radiusAcctRequest: type 0 id 125, user name <7:filter>
RADIF: _radiusAcctReq: socket 0 len 125 IP 0.0.0.0 port 0=>0, ID=125
RADIF: radius type Acct ID = 126
RADIF: _radiusAcctRequest: type 0 id 126, user name <7:filter>
RADIF: _radiusAcctReq: socket 0 len 125 IP 0.0.0.0 port 0=>0, ID=126
RADIF: radius type Acct ID = 127
RADIF: _radiusAcctRequest: type 0 id 127, user name <7:filter>
RADIF: _radiusAcctReq: socket 0 len 125 IP 0.0.0.0 port 0=>0, ID=127
RADIF: radius type Acct ID = 128
RADIF: _radiusAcctRequest: type 0 id 128, user name <7:filter>
RADIF: _radiusAcctReq: socket 0 len 125 IP 0.0.0.0 port 0=>0, ID=128
RADIF: radius type Acct ID = 129
RADIF: _radiusAcctRequest: type 0 id 129, user name <7:filter>
RADIF: _radiusAcctReq: socket 0 len 125 IP 0.0.0.0 port 0=>0, ID=129

 > radif
RADIF debug display is OFF
 >


filter  Password = "test"
        User-Service = Framed-User,
        Framed-Protocol = PPP,
        NAS-Port-Type = Async,
        Ascend-Data-Filter = "ip in forward dstip 10.10.10.5/24",
        Ascend-Data-Filter = "ip in forward dstip 10.10.10.4/24",
        Ascend-Data-Filter = "ip in forward dstip 10.10.10.3/24",
        Ascend-Data-Filter = "ip in forward dstip 10.10.10.2/24",
        Ascend-Data-Filter = "ip out forward",
        Ascend-Idle-Limit = 1200



fh@sun:/export/home/fh/radius/radius-971222/radius-1.16-ascend/ascendd>
./radiusd -v
./radiusd: RADIUS version 1.16 (plus Ascend extensions) 1997/12/22
 BINARY_FILTERS ASCEND_SECRET ASCEND_LOGOUT ACE SOLARIS
fh@sun:/export/home/fh/radius/radius-971222/radius-1.16-ascend/ascendd>

Neil Movold <nmlist@logic.bm> wrote:
I have been using the Ascend-Data-Filter attribute within a Radius
profile
under Ascend Radius V1.16 on a Sun Solaris system, and I cannot get it
to
work.  I have followed the examples on the Ascend FAQ, but I keep
getting
an error.  My profile is as follows :

testfilter Password = "testfilter"
        User-Service = Framed-User,
        Framed-Protocol = PPP,
        NAS-Port-Type = Async,
        Ascend-Data-Filter = "ip in forward dstip 10.10.10.5/24",
        Ascend-Data-Filter = "ip in forward dstip 10.10.10.4/24",
        Ascend-Data-Filter = "ip in forward dstip 10.10.10.3/24",
        Ascend-Data-Filter = "ip in forward dstip 10.10.10.2/24",
        Ascend-Data-Filter = "ip in forward dstip 10.10.10..1/24",
        Ascend-Data-Filter = "ip out forward",
        Ascend-Idle-Limit = 900

In the Radius log, I see the following error when a login occurs :

Tue Apr 27 18:51:14 1999: ip filter error: do not recognize ip in ip in
forward dstip 10.10.10.5/24
Tue Apr 27 18:51:14 1999: Authenticate: from filtertest-tsm-b.ron.com -
Binary Filter Error: testfilter


If anyone has an idea what this is about, I would appreciate it.  I do
not
see any reason why this is not working.

  Thanks,
   Neil


--------------------------------------------------------------------------

Neil Movold                             Phone: (441) 296-9628
Director of Technology                  Fax: (441) 295-1149
Logic Communications Ltd.               E-Mail: neil@logic.bm
P.O. Box HM 2445                        WWW: http://www.logic.bm
Hamilton, Bermuda, HM JX                WWW: http://www.ibl.bm

++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) NAT and passive ftp
Next by Date: Re: (ASCEND) Re: Our first Max dies today!
Prev by thread: (ASCEND) NAT and passive ftp
Next by thread: Re: (ASCEND) Max 6000
Index(es):
- Date
- Thread