Sorry for the top-post, but I'm replying to myself and I want to keep my
questions clear. I tried creating two different "ippools" in the
radiusd.conf using the different ranges I want to use, but the client
ignored it and went only to the pool that the Cisco has. I then changed
the Cisco pool to include the entire range of IPs from both pools, but it
still doesn't seem to recognize the FreeRadius pools, and defaults to
whatever the first IP is in the Cisco pool.
I find the examples given in the radiusd.conf a little incomplete, but
this is what I tried (IPs given are just examples)
ippool users_pool {
range-start = 172.16.1.2
range-stop = 172.16.30.253
netmask = 255.255.255.0
cache-size = 251
session-db = ${db_dir}/db.ippool
ip-index = ${db_dir}/db.ipindex
override = yes
}
ippool admin_pool {
range-start = 172.16.30.2
range-stop = 172.16.30.253
netmask = 255.255.255.0
cache-size = 251
session-db = ${db_dir}/db.ippool
ip-index = ${db_dir}/db.ipindex
override = yes
}
The above seems to be clear from the example...but the example for the
raddb/users file is incomplete...here is what I tried:
testuser Service-Type == Framed-User
Group == users, Pool-Name :="users_pool",
Framed-Protocol == PPP,
Framed-IP-Address = 172.16.1.2,
Framed-IP-Netmask = 255.255.255.0,
Framed-Compression = Van-Jacobson-TCP-IP
I'm a little unlcear about the "Group" attribute above, and whether it
pertains to unix groups at all, which I haven't done anything to yet. In
any case, any pointers on how to make different users use different IP
pools would be greatly appreciated.
On Wed, 7 Jan 2009, u...@3.am wrote:
On Wed, 7 Jan 2009, Jeff Crowe wrote:
I was running into this problem on my Redback. The issue was the Redback
wanted an IP address in the same subnet so I had to setup 192.168.1.1/24 as
a sub interface to allow subscribers to be assigned addresses in the
192.168.1.x/24 range. My Shasta was completely different and would allow
any IP address to be returned via radius and it would allow the IP to be
used.
Ok, I just tried assigning a secondary IP from that subnet to faste0/0, since
I can't assign secondary IPs to the VirtualTemplate I/F, since it's IP
unnumbered eth0/0. No go. What I would expect from the Cisco, judging from
my past experience with AS5200s, is for it to allow radius to assign whatever
address it wants, but simply not route it until I fix that part of it, which
is fine.
One fix I would think would start to work would be to simply add this new
subnet to the pool on the Cisco. However, then the DEFAULT users would start
to assign from that pool as well, unless I figure out a way to force it to
assign from the first subnet. If there's a way to force that, I'd appreciate
pointers. I saw the "ippool" option, but I'm not clear how that co-exists
with the pool already configured on the Cisco. Perhaps you need both, it's
just not clear to me.
James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am http://3.am
=========================================================================
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am http://3.am
=========================================================================
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html