Date: Fri, 8 Jul 2005 12:47:42 +0800 From: "fooler" <fooler@skyinet.net> To: =?iso-8859-1?Q?Hern=E1n_Freschi?= <drgenio@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: pppoe+radius server Message-ID: <078d01c58378$2d96d120$42764eca@ilo.skyinet.net> References: <25a1a0990507061634655433ec@mail.gmail.com><036f01c582a6$baa0ce90$42764eca@ilo.skyinet.net> <25a1a09905070714551cd551f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message -----
From: "Hernán Freschi" <drgenio@gmail.com>
Cc: <freebsd-net@freebsd.org>
Sent: Friday, July 08, 2005 5:55 AM
Subject: Re: pppoe+radius server
>great great, only one problem. i make the radius server send the
>Filter-Id attr, with value "64:32" for 64 down/32 up. It seems to get
>to ppp: /etc/ppp/ppp.log:
>
>Phase: Filter "64:32"
>
>Notice it says "filter", not filter-id
>
>so my /etc/ppp/ppp.linkup looks like this:
>
>default:
> bg /etc/ppp/addclient.sh USER INTERFACE HISADDR RAD_FILTER_ID
>
>and addclient.sh just:
>
> echo $1 $2 $3 $4 >> /test.log
>
>and /test.log looks like
>
>username tun0 10.20.20.20 RAD_FILTER_ID
>
>seems like ppp doesn't replace RAD_FILTER_ID with the Filter-Id
>attribute from the server. It should do that, right? Or did I got
>something wrong?
RAD_FILTER_ID according to ppp's man page:
RAD_FILTER_ID
If this attribute is supplied, ppp will attempt to use
it
as an additional label to load from the ppp.linkup and
ppp.linkdown files. The load will be attempted before
(and in addition to) the normal label search. If the
label doesn't exist, no action is taken and ppp
proceeds
to the normal load using the current label.
the text content of Filter-ID radius attribute coming from your radius
server serves as label for ppp.linkup and ppp.linkdown files...
for example... sending Filter-ID = "abc" from radius server
inside /etc/ppp/ppp.linkup:
abc:
! sh -c "echo abc label called >> /test.log"
xyz:
! sh -c "echo xyz label called >> /test.log"
you are using label "64:32" which is ambiguous because a label in ppp is a
string starts from the first column of a line followed by a colon...
you can replace your "64:32" to "d64u32" or whatever you like as long as it
is a valid label...
your ppp.linkup and ppp.linkdown file will look like this:
/etc/ppp/ppp.linkup
d64u32:
!bg /etc/ppp/addpipe.sh INTERFACE 64 32
/etc/ppp/ppp.linkdown
MYADDR:
!bg /etc/ppp/delpipe.sh INTERFACE
/etc/ppp/addpipe.sh
extract tunnel number and assign to NTUN variable
NTUN = NTUN * 2 (+ BASE to allow room for other firewall rules)
IN = NTUN
OUT = NTUN + 1
assign IN for incoming pipe number
assign OUT for outgoing pipe number
/etc/ppp/delpipe.sh
extract tunnel number and assign to NTUN variable
NTUN = NTUN * 2 (+ BASE to allow room for other firewall rules)
IN = NTUN
OUT = NTUN + 1
assign IN to delete previous incoming pipe number
assign OUT to delete previous outgoing pipe number
fooler.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?078d01c58378$2d96d120$42764eca>