Re: My question again (was: Netmask HOWTO)

Fri, 02 Jul 2010 09:13:54 -0700 

On 02/07/10 15:18, loki wrote:

At 15:23 2.7.2010, you wrote:

On 02/07/10 12:26, loki wrote:

Hello all.

I need some kind of solution very urgent. My question was - is it
possible to set Framed-IP-Netmask, together with IPs through
sqlippool, somehow by default, via groupreply or something, or to
change sqlippool somewhow to achive this. Or is this only possible
through ippool (txt - version in /etc).
I tried through groupreply but it didn't work.


"It didn't work" is a useless statement.

Show the debug output run with "-X", as advised daily on this list.

I can think of a few ways of doing this, but without more info I can't help.


Thx for your reply.

Unfortunatly it's a production system already in heavy use so I can't
use -X. But I'm only searching for ways of howto, ways not to be
found on the net. This I can try without interrupting radius until one
is working. I tried it with radgroureply (Framed-IP-Netmask) and it
didn't work. I tried it per user (radreply) and this worked. But the
thing is that I want to implement it
in sqlippool. Which per se is already working for stuff that I don't


Allright, then that's easy: No.
rlm_sqlippool only updates Framed-IP-Address. You would either need to patch the module to lookup & add the framed IP, or use another module. 


have to forward netmasks. But now I have to accomplish this with
OpenVPN and there I have to forward different Netmasks
based on groups or pools. It could be that the plugin of OpenVPN
isn't compatible with this but I guess than the user-version wouldn't
work as well. All in all I'm not searching for debugging, I'm searching
for ways of how to do it from someone who maybe had the same problem of setup.
Framed-Netmask is just a radius attribute. You can fill it's contents in any way you like. For example, you might try something like this: 

postauth {
  sqlippool
  update reply {
Framed-Netmask = "%{sql:SELECT mynetmask FROM mynetmasktable WHERE ip='%{Framed-IP-Address}'}" 
  }
}
...if you're running something like Postgres you can be even more sophisticated:
Framed-Netmask = "%{sql:SELECT netmask(net) from mynets where mynet >> '%{Framed-IP-Address}'}" 

...it depends on your SQL schema.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to