Once upon a time, Paul Gregg <lists-mail-isp-ascend-users at pgregg.com> said: > Thanks, but I thought I had already shown that I knew that. What I wanted > to do was be able to reply with Filter-Id = "userfilter", > and if the APX doesn't have "userfilter" it would generate a RADIUS > auth request for Username "userfilter" Password "ascend" and my radius > would reply with multiple Ascend-Data-Filter = lines... > > I specifically *don't* want to do what you are suggesting, as I noted, it'll > be a real PITA to update a single standard type filter across multiple > users (I've got > 20,000 to worry about). > > The APX manuals suggest this is possible, but I can't get it to work. D'oh, sorry. That'll teach me to reply to one email while reading another and talking to someone over my shoulder. :-) IIRC you have to have read EXTERNAL-AUTH set rad-auth-client allow-auth-config-rqsts = yes before a TNT will do what you are talking about. If you can't get it to work, you could also script updating the users (if you have them in a users file). That's what I did when we started using this. Another possibility (depending on your RADIUS server) would be to use a fall-through user entry. This is possible with Cistron RADIUS like: DEFAULT Service-Type = Framed-User Ascend-Data-Filter = "ip in forward srcip 10.1.1.0/24", Ascend-Data-Filter = "generic in drop 0 0 0", Fall-Through = Yes You'd put that entry in your users file, and then all users below that point would have those attributes applied. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request at bungi.com Archives: http://www.nexial.com/mailinglists/