Problem with rlm_ippool PW_STATUS_ACCOUNTING_ON/OFF
When radiusd received a request of accounting on/off from NAS, ippool cannot free IP that have been allocated to radclient via NAS. I see the file rlm_ippool.c and find it doesn't deal with this request of accounting on/off. Why? And How can I free those pathetic IP? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool
Hi, I'm trying to use rlm_ipool with 2 subnets, but it doesn't work. Look: ippool pool_1 { range-start = X.X.1.1 range-stop = X.X.1.254 netmask = 255.255.255.255 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } ippool pool_2 { range-start = X.X.3.1 range-stop = X.X.3.254 netmask = 255.255.255.255 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } The 2 pools are listed in pre-auth and accounting sessions... id GroupName Attribute op Value 4 broadband Pool-Name := pool_2 3 broadband Pool-Name := pool_1 When the 1st pool is full, the rlm_ippool don't allocate any more ip's for my customers... Any advice? Thanks! - Enviado pelo WebMail LIFE: http://webmail.life.com.br - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
=?ISO-8859-1?B?Um9kcmlnbyBBLiBTaW31ZXM=?= [EMAIL PROTECTED] wrote: The 2 pools are listed in pre-auth and accounting sessions... You mean post-auth... When the 1st pool is full, the rlm_ippool don't allocate any more ip's for my customers... Any advice? Read doc/configurable_failover You've got to set it up in post-auth so that the first pool is always used, and if it fail, then use the second pool. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
Citando Alan DeKok [EMAIL PROTECTED]: =?ISO-8859-1?B?Um9kcmlnbyBBLiBTaW31ZXM=?= [EMAIL PROTECTED] wrote: The 2 pools are listed in pre-auth and accounting sessions... You mean post-auth... When the 1st pool is full, the rlm_ippool don't allocate any more ip's for my customers... Any advice? Read doc/configurable_failover You've got to set it up in post-auth so that the first pool is always used, and if it fail, then use the second pool. Thanks Alan! I have 2 questions: - The 2 pool's will use the same DB files? - I need to specify only 1 pool name on radgroupcheck? Thanks! Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Rodrigo A. Simões Life Soluções em Internet http://www.life.com.br - Enviado pelo WebMail LIFE: http://webmail.life.com.br - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
=?ISO-8859-1?B?Um9kcmlnbyBBLiBTaW31ZXM=?= [EMAIL PROTECTED] wrote: The 2 pool's will use the same DB files? Never. They need seperate databases. - I need to specify only 1 pool name on radgroupcheck? Hmm.. you may have to specify both. I'm not sure. ALan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
Is the profile using the 2 pools? On Sat, 2003-12-06 at 12:51, Rodrigo A. Simões wrote: Hi, I'm trying to use rlm_ipool with 2 subnets, but it doesn't work. Look: ippool pool_1 { range-start = X.X.1.1 range-stop = X.X.1.254 netmask = 255.255.255.255 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } ippool pool_2 { range-start = X.X.3.1 range-stop = X.X.3.254 netmask = 255.255.255.255 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } The 2 pools are listed in pre-auth and accounting sessions... id GroupName Attribute op Value 4 broadband Pool-Name := pool_2 3 broadband Pool-Name := pool_1 When the 1st pool is full, the rlm_ippool don't allocate any more ip's for my customers... Any advice? Thanks! - Enviado pelo WebMail LIFE: http://webmail.life.com.br - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool way to realize an entry is stale
Hi there: I messed with rlm_ippool sources in the past but I decided to give the 0.9.2 version a try, as I hadn't touched anything since July. Not doing stress, full load tests, but took a look at the sources and remembered how stale entries are found and fixed. The ippool array is indexed by nas/port, so if we're to assign an IP address to a dialup user using the same nas/port combination than a previous (currently marked as active) one, then the latter must be a stale entry. This works great (any real-life experiencies to share, anyone?) for just one ippool instance, but not when there are several. I'll see if I can merge my hacked version and 0.9.2's. Jonathan Ruano - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool way to realize an entry is stale
On Fri, 31 Oct 2003, Jonathan Ruano wrote: Hi there: I messed with rlm_ippool sources in the past but I decided to give the 0.9.2 version a try, as I hadn't touched anything since July. Not doing stress, full load tests, but took a look at the sources and remembered how stale entries are found and fixed. The ippool array is indexed by nas/port, so if we're to assign an IP address to a dialup user using the same nas/port combination than a previous (currently marked as active) one, then the latter must be a stale entry. This works great (any real-life experiencies to share, anyone?) for just one ippool instance, but not when there are several. Why? However many instances you may have they will all check for a stale entry for that nas/port combination in their respective databases. So where exactly do you see a problem? I'll see if I can merge my hacked version and 0.9.2's. Jonathan Ruano - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool update and call for testing
OK, I've committed a new rlm_ippool_tool that works with the latest rlm_ippool.c. As such, anyone using rlm_ippool and FreeRADIUS can now easily upgrade to the new rlm_ippool code without losing data. http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radiusd/src/modules/rlm_ippool/rlm_ippool.c?rev=1.25content-type=text/plain http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radiusd/src/modules/rlm_ippool/rlm_ippool_tool.c?rev=1.3content-type=text/plain If you need a copy of the old rlm_ippool_tool, the one in branch_0_9 will work with the earlier version of rlm_ippool. This is (for reading the DBs which is what's important here) functionally identical to ippooltool which is probably known to those of you who've suffered problems with rlm_ippool before. http://www.freeradius.org/cgi-bin/cvsweb.cgi/~checkout~/radiusd/src/modules/rlm_ippool/rlm_ippool_tool.c?rev=1.3.2.1content-type=text/plain And if all else fails, you can extract your IPpool details from radwho -r if you're using utmp support. So now we need testers. I'm running the new code myself, and its on track for 0.9.2, barring new failure reports. Unless anything else comes up, this will go into branch_0_9 on Wednesday next week, and 0.9.2 will hopefully happen on Thursday or Friday. (And keep in mind that's probably on Australian time, so I could be 16 hours ahead of you.) Here're the scripts I used to update my installation with the minimum of downtime: (Assuming you're in the dir with db.main* and have a copy of the old rlm_ippool_tool compiled here as rlm_ippool_tool.091) /etc/init.d/freeradius stop ./rlm_ippool_tool.091 -v db.mainpool db.mainindex | ./poolfromiptool.pl |sort -k 5 1 radwho -r | ./poolfromradwho.pl |sort -k 5 2 diff 1 2 No differences is good. Otherwise you have to work out which is more correct and use it below. mkdir save mv db.main* save (Install new FreeRADIUS with new rlm_ippool code. Start and stop server) This generates new db.mainpool and db.mainindex files for you bash 1 Or 2 if you prefer. :-) rlm_ippool_tool -v db.mainpool db.mainindex | ./poolfromiptool.pl |sort -k 5 3 diff3 1 2 3 Again, no differences is good. 3 should match whichever of 1 or 2 you used /etc/init.d/freeradius start Test wildly. :-) And now for the scripts: poolfromradwho.pl: #! /usr/bin/perl while () { next unless /^.*,.*,PPP,S(\d+),.*,(\d+\.\d+\.\d+\.\d+),(\d+\.\d+\.\d+\.\d+)$/; my ($tty, $nas, $ip) = ($1, $2, $3); # Only want pool IPs next unless $ip =~ /^150\.203\.110\.(\d+)/; # Skip static IPs next if ($1 217); print rlm_ippool_tool -n db.mainpool db.mainindex $ip $nas $tty\n } poolfromiptool.pl #! /usr/bin/perl while () { next unless /NAS:(\d+\.\d+\.\d+\.\d+) port:(0x[0-9a-fA-Z]+) - ipaddr:(\d+\.\d+\.\d+\.\d+) active:1/; my ($nas, $tty, $ip) = ($1, hex($2), $3); # Only want pool IPs next unless $ip =~ /^150\.203\.110\.(\d+)/; # Skip static IPs next if ($1 217); print rlm_ippool_tool -n db.mainpool db.mainindex $ip $nas $tty\n } -- Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] On a sidewalk near Portland State University someone wrote `Trust Jesus', and someone else wrote `But Cut the Cards'. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FW: new feature patch for rlm_ippool: reject-on-drain
-Original Message- From: Berk D. Demir [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 12:13 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: new feature patch for rlm_ippool: reject-on-drain Hi, rlm_ippool return NOOP when there are no available addresses in the pool. We considered using server side ip pool mgmt to simulate Group based Simultaneous-Use enforcement. This patch adds the ability to send Access-Reject in the post-auth section to rlm_ippool with a boolean parameter reject-on-drain in case there are no available addresses in the pool. Possible use case: In a scenario where a backbone provider gives virtual ISP service. The agreement is generally on simultaneous use of port capacity basis. For example maximum 1024 simultaneous connections nation-wide. This scenario holds at least for one ISP on the planet, the one that I work for :) Patches are below. The first one is relative to 0.9.1 release and the latter is relative to the current CVS tree. They're also reachable from the URLs below http://mindcast.org/~bdd/freeradius/freeradius-0.9.1-rlm_ippoo l-reject_on_drain.patch http://mindcast.org/~bdd/freeradius/freeradius-CVS_current-rlm _ippool-reject_on_drain.patch ---[ relative to 0.9.1 ]--- diff -urN freeradius-0.9.1.orig/raddb/radiusd.conf.in freeradius-0.9.1/raddb/radiusd.conf.in --- freeradius-0.9.1.orig/raddb/radiusd.conf.in 2003-08-26 15:25:40.0 +0300 +++ freeradius-0.9.1/raddb/radiusd.conf.in2003-10-01 10:18:43.748129000 +0300 @@ -1330,6 +1330,10 @@ # override: Will this ippool override a Framed-IP-Address already set override = no + + # reject-on-drain: Will we return an Access-Reject packet in case + # there are no available addresses in the pool + reject-on-drain = no } # ANSI X9.9 token support. Not included by default. diff -urN freeradius-0.9.1.orig/src/modules/rlm_ippool/rlm_ippool.c freeradius-0.9.1/src/modules/rlm_ippool/rlm_ippool.c --- freeradius-0.9.1.orig/src/modules/rlm_ippool/rlm_ippool.c 2003-07-14 20:29:30.0 +0300 +++ freeradius-0.9.1/src/modules/rlm_ippool/rlm_ippool.c 2003-10-01 10:17:34.770721000 +0300 @@ -85,6 +85,7 @@ uint32_t netmask; int cache_size; int override; + int reject_on_drain; GDBM_FILE gdbm; GDBM_FILE ip; pthread_mutex_t session_mutex; @@ -119,6 +120,7 @@ { netmask, PW_TYPE_IPADDR, offsetof(rlm_ippool_t,netmask), NULL, 0 }, { cache-size, PW_TYPE_INTEGER, offsetof(rlm_ippool_t,cache_size), NULL, 1000 }, { override, PW_TYPE_BOOLEAN, offsetof(rlm_ippool_t,override), NULL, no }, + { reject-on-drain, PW_TYPE_BOOLEAN, offsetof(rlm_ippool_t,reject_on_drain), NULL, no }, { NULL, -1, 0, NULL, NULL } }; @@ -667,7 +669,10 @@ } else{ DEBUG(rlm_ippool: No available ip addresses in pool.); - return RLM_MODULE_NOOP; + if(data-reject_on_drain) + return RLM_MODULE_REJECT; + else + return RLM_MODULE_NOOP; } return RLM_MODULE_OK; ---[ relative to 0.9.1 ]--- ---[ relative to current ]- Index: raddb/radiusd.conf.in === RCS file: /source/radiusd/raddb/radiusd.conf.in,v retrieving revision 1.157 diff -u -r1.157 radiusd.conf.in --- raddb/radiusd.conf.in 30 Sep 2003 16:36:34 - 1.157 +++ raddb/radiusd.conf.in 1 Oct 2003 07:43:06 - @@ -1436,6 +1436,10 @@ # override: Will this ippool override a Framed-IP-Address already set override = no + + # reject-on-drain: Will we return an Access-Reject packet in case + # there are no available addresses in the pool + reject-on-drain = no } # ANSI X9.9 token support. Not included by default. Index: src/modules/rlm_ippool/rlm_ippool.c === RCS file: /source/radiusd/src/modules/rlm_ippool/rlm_ippool.c,v retrieving revision 1.24 diff -u -r1.24 rlm_ippool.c --- src/modules/rlm_ippool/rlm_ippool.c 23 Sep 2003 13:59:59 -1.24 +++ src/modules/rlm_ippool/rlm_ippool.c 1 Oct 2003 07:43:06 - @@ -95,6 +95,7 @@ uint32_t netmask; int cache_size; int override; + int reject_on_drain; GDBM_FILE gdbm; GDBM_FILE ip; pthread_mutex_t op_mutex; @@ -129,6 +130,7 @@ { netmask, PW_TYPE_IPADDR, offsetof(rlm_ippool_t,netmask), NULL, 0 }, { cache-size, PW_TYPE_INTEGER, offsetof(rlm_ippool_t,cache_size), NULL, 1000 }, { override, PW_TYPE_BOOLEAN
RE: new feature patch for rlm_ippool: reject-on-drain
From: Ali Gunduz Sent: Wednesday, 1 October 2003 9:18 PM -Original Message- From: Berk D. Demir [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 01, 2003 12:13 To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: new feature patch for rlm_ippool: reject-on-drain Hi, rlm_ippool return NOOP when there are no available addresses in the pool. We considered using server side ip pool mgmt to simulate Group based Simultaneous-Use enforcement. This patch adds the ability to send Access-Reject in the post-auth section to rlm_ippool with a boolean parameter reject-on-drain in case there are no available addresses in the pool. Possible use case: In a scenario where a backbone provider gives virtual ISP service. The agreement is generally on simultaneous use of port capacity basis. For example maximum 1024 simultaneous connections nation-wide. This scenario holds at least for one ISP on the planet, the one that I work for :) This _could_ be handled with the configurable-failover, setting a REJECT upon NOOP, I think... In modules: always reject { rcode = reject } In post-auth: group { my_pool { fail = return notfound = return noop = 1 ok = return updated = return reject = return userlock = return invalid = return handled = return } reject } This will also reject people who haven't _gotten_ a Pool-Name check item... So you may want to use the Post-Auth-Type support to only apply this to people who've dialled in on these accounts. I guess it also depends what else you want to do in post-auth. -- Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] On a sidewalk near Portland State University someone wrote `Trust Jesus', and someone else wrote `But Cut the Cards'. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
After 3 days of testing, I am still having the same problem. Now out of the entire class C, I aways have the same 7 IP addresses available for the pool. Here's is IP Tool output: NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 What next ? Mohsen - Original Message - From: Mohsen Chirara [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 5:05 PM Subject: Re: rlm_ippool feedback from CVS version Ok I installed rlm_ippool from cvs branch - I will let you know if everything is OK within 2 days. - Original Message - From: Chris van Meerendonk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 1:20 PM Subject: RE: rlm_ippool feedback from CVS version Hi Paul, I can install a recent (cvs) version, but I'd like to know how to check This is gonna take some time. I installed rlm_ippool only from cvs (the rest is still 0.9.0 release), but by server is crashing with it. I'll let you know when I have something interesting. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
On Mon, 1 Sep 2003, Mohsen Chirara wrote: After 3 days of testing, I am still having the same problem. Now out of the entire class C, I aways have the same 7 IP addresses available for the pool. Here's is IP Tool output: NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 What next ? So your pool started with only 7 ip's in it or did it shrink? If you have enabled detail file accct logging can you find tge corresponding acct-stop packets for the active nas/port pairs in it or where they lost? If you try and log in through an already active nas/port pair isn't the corresponding entry freed? Thanks for the feedback Mohsen - Original Message - From: Mohsen Chirara [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 5:05 PM Subject: Re: rlm_ippool feedback from CVS version Ok I installed rlm_ippool from cvs branch - I will let you know if everything is OK within 2 days. - Original Message - From: Chris van Meerendonk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 1:20 PM Subject: RE: rlm_ippool feedback from CVS version Hi Paul, I can install a recent (cvs) version, but I'd like to know how to check This is gonna take some time. I installed rlm_ippool only from cvs (the rest is still 0.9.0 release), but by server is crashing with it. I'll let you know when I have something interesting. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Ce mail ne contient pas de virus. This mail is virus free Scann? par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Ce mail ne contient pas de virus. This mail is virus free Scann? par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
No, I shrunk. My pool is an entire class C. (172.16.4.1-172.16.4.254) If you have enabled detail file accct logging can you find tge corresponding acct-stop packets for the active nas/port pairs in it or where they lost? I do get a stop packet but only for the 7 Ip addresses available. I configured my cisco to assign an IP address if rlm_ippool does not do its job. Here is a stop packet: Mon Sep 1 09:37:03 2003 NAS-IP-Address = w.x.y.z NAS-Port = 26 NAS-Port-Type = Async User-Name = user Called-Station-Id = 2060 Calling-Station-Id = 8643233 Acct-Status-Type = Stop Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = 31A5 Framed-Protocol = PPP Framed-IP-Address = 172.16.4.145 Acct-Terminate-Cause = User-Request Acct-Input-Octets = 3026 Acct-Output-Octets = 8864 Acct-Input-Packets = 64 Acct-Output-Packets = 54 Acct-Session-Time = 25 Acct-Delay-Time = 0 Client-IP-Address = w.x.y.z Acct-Unique-Session-Id = 9ef15654266b31bb If you try and log in through an already active nas/port pair isn't the corresponding entry freed? No sure I understand what you mean. If nas/port pair is active, how can I log in to again. The cisco will do it ... Or do you mean testing it through radpingtest or so ? - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Monday, September 01, 2003 9:30 AM Subject: Re: rlm_ippool feedback from CVS version On Mon, 1 Sep 2003, Mohsen Chirara wrote: After 3 days of testing, I am still having the same problem. Now out of the entire class C, I aways have the same 7 IP addresses available for the pool. Here's is IP Tool output: NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 What next ? So your pool started with only 7 ip's in it or did it shrink? If you have enabled detail file accct logging can you find tge corresponding acct-stop packets for the active nas/port pairs in it or where they lost? If you try and log in through an already active nas/port pair isn't the corresponding entry freed? Thanks for the feedback Mohsen - Original Message - From: Mohsen Chirara [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 5:05 PM Subject: Re: rlm_ippool feedback from CVS version Ok I installed rlm_ippool from cvs branch - I will let you know if everything is OK within 2 days. - Original Message - From: Chris van Meerendonk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 1:20 PM Subject: RE: rlm_ippool feedback from CVS version Hi Paul, I can install a recent (cvs) version, but I'd like to know how to check This is gonna take some time. I installed rlm_ippool only from cvs (the rest is still 0.9.0 release), but by server is crashing with it. I'll let you know when I have something interesting. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Ce mail ne contient pas de virus. This mail is virus free Scann? par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- - Ce mail ne contient pas de virus. This mail is virus free Scann? par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
Well, it seems I've got it up and running now. I'm running today's cvs-snapshot. Because I'm testing it on a MaxTNT I also got the Ascend-hack set in the config. The results so far aren't very good, I'm ip's aren't freed after calls are closed. In the radacct logging the start and stop records are logged. I'll try to get more info. Regards, Chris On Thu, 2003-08-28 at 15:20, Chris van Meerendonk wrote: Hi Paul, I can install a recent (cvs) version, but I'd like to know how to check This is gonna take some time. I installed rlm_ippool only from cvs (the rest is still 0.9.0 release), but by server is crashing with it. I'll let you know when I have something interesting. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
From: Mohsen Chirara Sent: Monday, 1 September 2003 7:08 PM After 3 days of testing, I am still having the same problem. Now out of the entire class C, I aways have the same 7 IP addresses available for the pool. Here's is IP Tool output: NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 What next ? If that's with iptool -v, then we're in trouble, the fix didn't solve it. iptool -v shows every entry, active or not. Oh, I forgot to say. You probably needed to recreate your db files for rlm_ippool when you upgraded to CVS's rlm_ippool, or otherwise confirm that the situation hasn't gotten worse since you installed the CVS rlm_ippool. In fact, I've just had a look at my own server (which has been running the same fix from CVS for a while now) and my 230-odd pool has been depleted to 26, of which only 15 have been used. I had to repair mine last on July 26th, and its not a busy server. However, that's not decisive as the fix was only comitted on the 28th, and I dunno how long I held off on installing it on my production server. I'll repair mine, and then see if I suffer further. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
See below my answers: After 3 days of testing, I am still having the same problem. Now out of the entire class C, I aways have the same 7 IP addresses available for the pool. Here's is IP Tool output: NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 What next ? If that's with iptool -v, then we're in trouble, the fix didn't solve it. iptool -v shows every entry, active or not. the output above is iptool -v. Oh, I forgot to say. You probably needed to recreate your db files for rlm_ippool when you upgraded to CVS's rlm_ippool, or otherwise confirm that the situation hasn't gotten worse since you installed the CVS rlm_ippool. I did recreate the pool after upgrading cvs's rlm_ippool. The situation is worse as my pool shrunk even more. Conclusion: THE SITUATION IS GETTING WORSE. In fact, I've just had a look at my own server (which has been running the same fix from CVS for a while now) and my 230-odd pool has been depleted to 26, of which only 15 have been used. I had to repair mine last on July 26th, and its not a busy server. However, that's not decisive as the fix was only comitted on the 28th, and I dunno how long I held off on installing it on my production server. I'll repair mine, and then see if I suffer further. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
On Mon, 1 Sep 2003, Mohsen Chirara wrote: After 3 days of testing, I am still having the same problem. Now out of the entire class C, I aways have the same 7 IP addresses available for the pool. Here's is IP Tool output: NAS:w.x.y.z port:0x36 - ipaddr:172.16.4.147 active:1 cli:0 num:1 NAS:w.x.y.z port:0x4e38 - ipaddr:172.16.4.6 active:1 cli:0 num:1 NAS:w.x.y.z port:0x20 - ipaddr:172.16.4.75 active:1 cli:0 num:1 NAS:w.x.y.z port:0x6 - ipaddr:172.16.4.145 active:1 cli:0 num:1 NAS:w.x.y.z port:0x13 - ipaddr:172.16.4.200 active:1 cli:0 num:1 NAS:w.x.y.z port:0x25 - ipaddr:172.16.4.244 active:1 cli:0 num:1 NAS:w.x.y.z port:0x2 - ipaddr:172.16.4.198 active:1 cli:0 num:1 What next ? Mohsen OK i 've most probably found the problem. Since it involves a lot of code rewriting I 'll commit a fix tomorrow. Thanks for the help -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
Hi Paul, I can install a recent (cvs) version, but I'd like to know how to check This is gonna take some time. I installed rlm_ippool only from cvs (the rest is still 0.9.0 release), but by server is crashing with it. I'll let you know when I have something interesting. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
Ok I installed rlm_ippool from cvs branch - I will let you know if everything is OK within 2 days. - Original Message - From: Chris van Meerendonk [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 28, 2003 1:20 PM Subject: RE: rlm_ippool feedback from CVS version Hi Paul, I can install a recent (cvs) version, but I'd like to know how to check This is gonna take some time. I installed rlm_ippool only from cvs (the rest is still 0.9.0 release), but by server is crashing with it. I'll let you know when I have something interesting. Chris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool feedback from CVS version
I'm looking for feedback from people using a CVS snapshot more recent than Tue Jul 29 18:40:50 2003 UTC and using rlm_ippool. There's an intended bugfix for the problem of ippool entries disappearing on busy servers, but it's not been shown to be correct yet. The version of rlm_ippool.c with the bugfix is 1.23. The reason I ask is that the bugfix is fairly important for 0.9.1 but I don't want to pull code changes in like this one without knowing that they fix the bug. (I'm using the code myself, but my RADIUS server's not busy enough to trigger the bug repeatably.) Someone on this list had a test harness setup I think to fire massive piles of requests at a FreeRADIUS server, and had helped to identify the this bug. I'd _love_ to hear from that person as to whether they can still do that test, and whether the CVS fix works so I can roll it into 0.9.1 assured that it's good. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool feedback from CVS version
Hi Paul, I can install a recent (cvs) version, but I'd like to know how to check which ip-addresses are assigned according to the radius-server. On the NAS I can check that, just need to know how to compare these. Radius keeps these things in memory, doesn't it? Are there tools for tracking this? Chris On Wed, 2003-08-27 at 10:38, Paul Hampson wrote: I'm looking for feedback from people using a CVS snapshot more recent than Tue Jul 29 18:40:50 2003 UTC and using rlm_ippool. There's an intended bugfix for the problem of ippool entries disappearing on busy servers, but it's not been shown to be correct yet. The version of rlm_ippool.c with the bugfix is 1.23. The reason I ask is that the bugfix is fairly important for 0.9.1 but I don't want to pull code changes in like this one without knowing that they fix the bug. (I'm using the code myself, but my RADIUS server's not busy enough to trigger the bug repeatably.) Someone on this list had a test harness setup I think to fire massive piles of requests at a FreeRADIUS server, and had helped to identify the this bug. I'd _love_ to hear from that person as to whether they can still do that test, and whether the CVS fix works so I can roll it into 0.9.1 assured that it's good. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
From: Chris van Meerendonk Sent: Wednesday, 27 August 2003 7:12 PM I can install a recent (cvs) version, but I'd like to know how to check which ip-addresses are assigned according to the radius-server. On the NAS I can check that, just need to know how to compare these. Radius keeps these things in memory, doesn't it? Are there tools for tracking this? To check the IP pool records, you need ippooltool (available on the 'net, we'd integrate it into FreeRADIUS if the original author would reply to my emails...) You need to stop FreeRADIUS to look at the files Otherwise they'll appear blank due to GDBM file locking. Basically, the problem is that under high load, IP addresses will disappear from the pool. It's not a problem with the NAS, it's purely internal to FreeRADIUS. Basically, the list output from ippooltool gets shorter, but it _should_ stay the same length. Eventually you find you've got half your maximum users, but no IPs to allocate. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool feedback from CVS version
Wauw, that's fun! I'll try if I can find any bugs... Thanks, Chris On Wed, 2003-08-27 at 14:31, Paul Hampson wrote: From: Chris van Meerendonk Sent: Wednesday, 27 August 2003 7:12 PM I can install a recent (cvs) version, but I'd like to know how to check which ip-addresses are assigned according to the radius-server. On the NAS I can check that, just need to know how to compare these. Radius keeps these things in memory, doesn't it? Are there tools for tracking this? To check the IP pool records, you need ippooltool (available on the 'net, we'd integrate it into FreeRADIUS if the original author would reply to my emails...) You need to stop FreeRADIUS to look at the files Otherwise they'll appear blank due to GDBM file locking. Basically, the problem is that under high load, IP addresses will disappear from the pool. It's not a problem with the NAS, it's purely internal to FreeRADIUS. Basically, the list output from ippooltool gets shorter, but it _should_ stay the same length. Eventually you find you've got half your maximum users, but no IPs to allocate. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Again - rlm_ippool problem.
From: Kleyson Rios Sent: Tuesday, 19 August 2003 9:52 PM In my lib directory exist the files. /usr/local/freeradius/lib/rlm_ippool-0.9.0.so Try: ldd /usr/local/freeradius/lib/rlm_ippool-0.9.0.so and make sure it's able to resolve it's linked libraries. radiusd.conf[1258] Failed to link to module 'rlm_ippool': file not found -- Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Again - rlm_ippool problem.
Please, someone can help-me !!! I have installed freeradius and i need to use ippool, but when enable the option in post-auth {} i get the follow error : radiusd.conf[1258] Failed to link to module 'rlm_ippool': file not found In my lib directory exist the files. # ll /usr/local/freeradius/lib/rlm_ippool* lrwxrwxrwx1 root root 13 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool-0.9.0.la - rlm_ippool.la -rwxr-xr-x1 root root50606 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool-0.9.0.so -rw-r--r--1 root root91296 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.a -rwxr-xr-x1 root root 770 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.la lrwxrwxrwx1 root root 19 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.so - rlm_ippool-0.9.0.so my_server:/usr/local/freeradius/sbin # ./radiusd -X -p 1645 Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/freeradius/etc/raddb/clients.conf Config: including file: /usr/local/freeradius/etc/raddb/snmp.conf Config: including file: /usr/local/freeradius/etc/raddb/postgresql.conf main: prefix = /usr/local/freeradius main: localstatedir = /usr/local/freeradius/var main: logdir = /usr/local/freeradius/var/log/radius main: libdir = /usr/local/freeradius/lib main: radacctdir = /usr/local/freeradius/var/log/radius/radacct ... radiusd.conf[1258] Failed to link to module 'rlm_ippool': file not found Where is the problem ? Tanks. Kleyson Rios. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool problem.
Hi, # ll /usr/local/freeradius/lib/rlm_ippool* lrwxrwxrwx1 root root 13 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool-0.9.0.la - rlm_ippool.la -rwxr-xr-x1 root root50606 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool-0.9.0.so -rw-r--r--1 root root91296 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.a -rwxr-xr-x1 root root 770 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.la lrwxrwxrwx1 root root 19 Aug 7 11:12 /usr/local/freeradius/lib/rlm_ippool.so - rlm_ippool-0.9.0.so my_server:/usr/local/freeradius/sbin # ./radiusd -X -p 1645 Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/freeradius/etc/raddb/clients.conf Config: including file: /usr/local/freeradius/etc/raddb/snmp.conf Config: including file: /usr/local/freeradius/etc/raddb/postgresql.conf main: prefix = /usr/local/freeradius main: localstatedir = /usr/local/freeradius/var main: logdir = /usr/local/freeradius/var/log/radius main: libdir = /usr/local/freeradius/lib main: radacctdir = /usr/local/freeradius/var/log/radius/radacct ... radiusd.conf[1258] Failed to link to module 'rlm_ippool': file not found Where is the problem ? Tanks. Kleyson Rios. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool and ippooltool
From: Gustavo Lozano Sent: Monday, 28 July 2003 1:44 PM So are you rewriting the rlm_ippool already? Yes. I have a preliminary patch, but I haven't posted it since it doesn't do ML-PPP, and I haven't tested it due to my development/testing machine's hard disk biting the dust. The problem with the current module seems very populated and as a matter of fact It is very persistent. Yes. I think the problem is also inherent to the design of the current module, and can't be easily worked around without rewriting it to use a different DB layout. Currently, we have to change the key of the IP pool list entries to record where they are. It just seems _bad_. If you're interested in the patch, I could post it as it is, and would appreciate the testing. There's also a patch posted by Johnathan (last name escapes me) a while ago, but it doesn't apply to current CVS. :-( Based on my design though, so it ought to be pretty much the same. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool and ippooltool
Paul Hampson [EMAIL PROTECTED] wrote: Here's my patch to ippooltool... There was some discussion of ippooltool being added to the FreeRADIUS CVS earlier. Was that ever decided for or against? Tools which administer the files used *only* by FreeRADIUS should be part of the server. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool and ippooltool
Post it please :) I can check it... Rgds On Mon, 2003-07-28 at 11:12, Paul Hampson wrote: From: Gustavo Lozano Sent: Monday, 28 July 2003 1:44 PM So are you rewriting the rlm_ippool already? Yes. I have a preliminary patch, but I haven't posted it since it doesn't do ML-PPP, and I haven't tested it due to my development/testing machine's hard disk biting the dust. The problem with the current module seems very populated and as a matter of fact It is very persistent. Yes. I think the problem is also inherent to the design of the current module, and can't be easily worked around without rewriting it to use a different DB layout. Currently, we have to change the key of the IP pool list entries to record where they are. It just seems _bad_. If you're interested in the patch, I could post it as it is, and would appreciate the testing. There's also a patch posted by Johnathan (last name escapes me) a while ago, but it doesn't apply to current CVS. :-( Based on my design though, so it ought to be pretty much the same. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool and ippooltool
On Tue, 29 Jul 2003, Paul Hampson wrote: From: Gustavo Lozano Sent: Monday, 28 July 2003 1:44 PM So are you rewriting the rlm_ippool already? Yes. I have a preliminary patch, but I haven't posted it since it doesn't do ML-PPP, and I haven't tested it due to my development/testing machine's hard disk biting the dust. The problem with the current module seems very populated and as a matter of fact It is very persistent. Yes. I think the problem is also inherent to the design of the current module, and can't be easily worked around without rewriting it to use a different DB layout. Currently, we have to change the key of the IP pool list entries to record where they are. It just seems _bad_. If you're interested in the patch, I could post it as it is, and would appreciate the testing. There's also a patch posted by Johnathan (last name escapes me) a while ago, but it doesn't apply to current CVS. :-( Based on my design though, so it ought to be pretty much the same. I 've made a few changes to the ippool module. Mainly maintan a transaction mutex instead of per file mutexes and make MPPP work. I haven't tested it (i don't use ippool) so feel free to test it (cvs update) and report any problems. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool and ippooltool
Paul. Not everybody uses Linux :), inet_aton() is not present in Solaris as example, dont ask my why, I didnt checked, so may be you can use another function to do the translation of the Ip address into data. Rgds Gustavo On Sat, 2003-07-26 at 00:40, Paul Hampson wrote: (I'm assuming all interested developers are _also_ on the -users list...) I've just hit the problem others have hit before about the ippool shrinking for no apparent reason. I'm not sure what does it exactly, as I'm more interested in the rewrite of rlm_ippool I proposed earlier and someone else actually _did_, which I'm now more motivated to test, and write transition code for. (I was earlier waiting for the 0.9.0 release, which is now done. :-) Anyway, in order to get my services back up and running, I modified ippooltool 1.0 to also be able to _add_ entries, as well as remove them. I deleted the pool dbs, restarted radius to recreate the DBs, stopped radius, and then used this plus the info from radwho to rebuild the ippool DBs. The code currents assumes that you've -r'd the IP address already, if neccessary. (If not, it does nothing, happily) It also assumes you're wanting the 'num' set to 1. (That's the number of ports that IP's assigned to. It's for the (broken, AFAIK) multilink allocation) I realise this code could be neater, but I was in a hurry. :-) Tested fine here, and deals with ports 0x7fff. -n then -r produces expected results, and people are once again dialling in here... I know that's good 'cause if I send the NAS an IP address it already thinks I've allocated, then it will reject me. So I'm happy this works. Oh, all the debugging output says 'iptool2' since that's what I was calling the file. :-) Here's my patch to ippooltool... There was some discussion of ippooltool being added to the FreeRADIUS CVS earlier. Was that ever decided for or against? --- iptool.c 2003-05-23 23:09:21.0 +1000 +++ iptool2.c 2003-07-26 15:10:07.0 +1000 @@ -41,6 +41,7 @@ int cflag=0; int rflag=0; int vflag=0; +int nflag=0; typedef struct ippool_info { uint32_tipaddr; @@ -58,6 +59,150 @@ #define MATCH_IP(ip1,ip2) ((ip1)==NULL || strcmp((ip1),(ip2))==0) #define MATCH_ACTIVE(info) ((info).active==1 || !aflag) +void addip(char *sessiondbname,char *indexdbname,char *ipaddress, char* NASname, char*NASport) { +GDBM_FILE sessiondb; +GDBM_FILE indexdb; +datum key_datum,keynext_datum,data_datum; + datum nextkey; +ippool_key key; +ippool_info entry; +struct in_addr ipaddr; +int num; +int mode=GDBM_WRITER; +int rcode; + char *cli = NULL; + int delete = 0; + +sessiondb=gdbm_open(sessiondbname,512,mode,0,NULL); +indexdb=gdbm_open(indexdbname,512,mode,0,NULL); + + if (inet_aton(ipaddress, ipaddr) == 0) + { + printf(iptool2: Unable to convert IP address '%s'\n, ipaddress); + return; + } + +if (sessiondb==NULL) + { + printf(iptools: Unable to open DB '%s'\n, sessiondbname); + return; + } + +if (indexdb==NULL) + { + printf(iptools: Unable to open DB '%s'\n, indexdbname); + return; + } + + /* Basically from rlm_ippool.c */ + + memset(key.nas,0,MAX_NAS_NAME_SIZE); + strncpy(key.nas,NASname,MAX_NAS_NAME_SIZE -1 ); + key.port = strtoul(NASport,NULL,0); + key_datum.dptr = (char *) key; + key_datum.dsize = sizeof(ippool_key); + + key_datum = gdbm_firstkey(sessiondb); + while(key_datum.dptr){ + data_datum = gdbm_fetch(sessiondb, key_datum); + if (data_datum.dptr){ + memcpy(entry,data_datum.dptr, sizeof(ippool_info)); + free(data_datum.dptr); + /* Found our entry? */ + if (entry.ipaddr == ipaddr.s_addr){ + datum tmp; + + tmp.dptr = (char *) entry.ipaddr; + tmp.dsize = sizeof(uint32_t); + data_datum = gdbm_fetch(indexdb, tmp); + + /* + * If we find an entry in the ip index and the number is zero (meaning + * that we haven't allocated the same ip address to another nas/port pair) + * or if we don't find an entry then delete the session entry so + * that we can change the key (nas/port) + * Else we don't delete the session entry since we haven't yet deallocated the + * corresponding ip address and we continue our search. + */ + + if (data_datum.dptr){ + memcpy(num,data_datum.dptr
RE: rlm_ippool and ippooltool
From: Gustavo Lozano Sent: Monday, 28 July 2003 1:19 PM Paul. Not everybody uses Linux :), inet_aton() is not present in Solaris as example, dont ask my why, I didnt checked, so may be you can use another function to do the translation of the Ip address into data. According to my man page, it's a BSD 4.3 thing. As is inet_ntoa, which is used extensively in the part I _didn't_ write. Mind you, Solaris appears to _have_ inet_ntoa, but not inet_aton... *blargh* How about inet_addr? It's present in the manpages on both my Linux box and the SunOS box I have access to... I just have to extract the IP address from the in_addr_t, rather than just storing the result directly to a uint32_t. So not a major change, one or two places... Feel free to try that and post the patch, I don't mind since it's served its purpose for me, and I'm hoping to get my ippool module revision completed before its needed again. :-) Side note, Linux feels that inet_addr is an obsoleted interface to inet_aton... It'd be nice if I could link these into libradius, and use whatever it provides (ip_aton and ip_ntoa I think). :-) In fact, it'd be nice to have the ippooltool actually use rlm_ippool or at least share code... That way updates would be nice and safe, but that'll wait until (if) ippooltool joins the FreeRADIUS CVS tree. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool and ippooltool
So are you rewriting the rlm_ippool already? The problem with the current module seems very populated and as a matter of fact It is very persistent. We needed to write a script to correct the dbs every 10 minutes... On Sun, 2003-07-27 at 22:31, Paul Hampson wrote: From: Gustavo Lozano Sent: Monday, 28 July 2003 1:19 PM Paul. Not everybody uses Linux :), inet_aton() is not present in Solaris as example, dont ask my why, I didnt checked, so may be you can use another function to do the translation of the Ip address into data. According to my man page, it's a BSD 4.3 thing. As is inet_ntoa, which is used extensively in the part I _didn't_ write. Mind you, Solaris appears to _have_ inet_ntoa, but not inet_aton... *blargh* How about inet_addr? It's present in the manpages on both my Linux box and the SunOS box I have access to... I just have to extract the IP address from the in_addr_t, rather than just storing the result directly to a uint32_t. So not a major change, one or two places... Feel free to try that and post the patch, I don't mind since it's served its purpose for me, and I'm hoping to get my ippool module revision completed before its needed again. :-) Side note, Linux feels that inet_addr is an obsoleted interface to inet_aton... It'd be nice if I could link these into libradius, and use whatever it provides (ip_aton and ip_ntoa I think). :-) In fact, it'd be nice to have the ippooltool actually use rlm_ippool or at least share code... That way updates would be nice and safe, but that'll wait until (if) ippooltool joins the FreeRADIUS CVS tree. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool and ippooltool
(I'm assuming all interested developers are _also_ on the -users list...) I've just hit the problem others have hit before about the ippool shrinking for no apparent reason. I'm not sure what does it exactly, as I'm more interested in the rewrite of rlm_ippool I proposed earlier and someone else actually _did_, which I'm now more motivated to test, and write transition code for. (I was earlier waiting for the 0.9.0 release, which is now done. :-) Anyway, in order to get my services back up and running, I modified ippooltool 1.0 to also be able to _add_ entries, as well as remove them. I deleted the pool dbs, restarted radius to recreate the DBs, stopped radius, and then used this plus the info from radwho to rebuild the ippool DBs. The code currents assumes that you've -r'd the IP address already, if neccessary. (If not, it does nothing, happily) It also assumes you're wanting the 'num' set to 1. (That's the number of ports that IP's assigned to. It's for the (broken, AFAIK) multilink allocation) I realise this code could be neater, but I was in a hurry. :-) Tested fine here, and deals with ports 0x7fff. -n then -r produces expected results, and people are once again dialling in here... I know that's good 'cause if I send the NAS an IP address it already thinks I've allocated, then it will reject me. So I'm happy this works. Oh, all the debugging output says 'iptool2' since that's what I was calling the file. :-) Here's my patch to ippooltool... There was some discussion of ippooltool being added to the FreeRADIUS CVS earlier. Was that ever decided for or against? --- iptool.c2003-05-23 23:09:21.0 +1000 +++ iptool2.c 2003-07-26 15:10:07.0 +1000 @@ -41,6 +41,7 @@ int cflag=0; int rflag=0; int vflag=0; +int nflag=0; typedef struct ippool_info { uint32_tipaddr; @@ -58,6 +59,150 @@ #define MATCH_IP(ip1,ip2) ((ip1)==NULL || strcmp((ip1),(ip2))==0) #define MATCH_ACTIVE(info) ((info).active==1 || !aflag) +void addip(char *sessiondbname,char *indexdbname,char *ipaddress, char* NASname, char*NASport) { +GDBM_FILE sessiondb; +GDBM_FILE indexdb; +datum key_datum,keynext_datum,data_datum; + datum nextkey; +ippool_key key; +ippool_info entry; +struct in_addr ipaddr; +int num; +int mode=GDBM_WRITER; +int rcode; + char *cli = NULL; + int delete = 0; + +sessiondb=gdbm_open(sessiondbname,512,mode,0,NULL); +indexdb=gdbm_open(indexdbname,512,mode,0,NULL); + + if (inet_aton(ipaddress, ipaddr) == 0) + { + printf(iptool2: Unable to convert IP address '%s'\n, ipaddress); + return; + } + +if (sessiondb==NULL) + { + printf(iptools: Unable to open DB '%s'\n, sessiondbname); + return; + } + +if (indexdb==NULL) + { + printf(iptools: Unable to open DB '%s'\n, indexdbname); + return; + } + + /* Basically from rlm_ippool.c */ + + memset(key.nas,0,MAX_NAS_NAME_SIZE); + strncpy(key.nas,NASname,MAX_NAS_NAME_SIZE -1 ); + key.port = strtoul(NASport,NULL,0); + key_datum.dptr = (char *) key; + key_datum.dsize = sizeof(ippool_key); + + key_datum = gdbm_firstkey(sessiondb); + while(key_datum.dptr){ + data_datum = gdbm_fetch(sessiondb, key_datum); + if (data_datum.dptr){ + memcpy(entry,data_datum.dptr, sizeof(ippool_info)); + free(data_datum.dptr); + /* Found our entry? */ + if (entry.ipaddr == ipaddr.s_addr){ + datum tmp; + + tmp.dptr = (char *) entry.ipaddr; + tmp.dsize = sizeof(uint32_t); + data_datum = gdbm_fetch(indexdb, tmp); + + /* +* If we find an entry in the ip index and the number is zero (meaning +* that we haven't allocated the same ip address to another nas/port pair) +* or if we don't find an entry then delete the session entry so +* that we can change the key (nas/port) +* Else we don't delete the session entry since we haven't yet deallocated the +* corresponding ip address and we continue our search. +*/ + + if (data_datum.dptr){ + memcpy(num,data_datum.dptr, sizeof(int)); + free(data_datum.dptr); + if (num == 0){ + delete = 1; + break
Re: rlm_ippool missing gdbm.h header file
On Thu, 24 Jul 2003 01:36 am, SPJ.Schembri wrote: Hi, I am new to FreeRadius and only just downloaded the 0.9.0-pre3 version on Monday, although I have been an avid list reader for 6 months now. Please re-download the release version og 0.9.0 as it has a couple of bug fixes... -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool missing gdbm.h header file
Gustavo, Thanks very much for the pointer, sorry if I wasted your time Rgds Stephen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of [EMAIL PROTECTED] Sent: 24 July 2003 05:26 To: [EMAIL PROTECTED] Subject: Freeradius-Users digest, Vol 1 #2109 - 2 msgs Send Freeradius-Users mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.cistron.nl/mailman/listinfo/freeradius-users or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of Freeradius-Users digest... Today's Topics: 1. Re: rlm_ippool missing gdbm.h header file (Gustavo Lozano) 2. Re: XTRadius to FreeRadius migration (Tom Emerson) --__--__-- Message: 1 Subject: Re: rlm_ippool missing gdbm.h header file From: Gustavo Lozano [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: 23 Jul 2003 17:56:41 -0500 Reply-To: [EMAIL PROTECTED] Of course you need to get the files. Get the package from sunfreeware. Rgds On Wed, 2003-07-23 at 17:36, SPJ.Schembri wrote: Hi, I am new to FreeRadius and only just downloaded the 0.9.0-pre3 version on Monday, although I have been an avid list reader for 6 months now. I am running Solaris 8 on my sparc server and compiled it with gcc with what I thought was no problems. On running some tests and attempting to use the rlm_ippool module I found that it had not built the libraries due to gdbm header files being missing. I have since (today) downloaded the 0.9.0 release and found that the problem still exists. Do I have to download the gdbm.h headers and libraries seperately ? I have read the FAQs and the documentation and have found no mention to gdbm.h issues. Hopefully I am not doing something extremely silly, but could someone please point me in the right direction. Thanking you in anticipation. Stephen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein --__--__-- Message: 2 From: Tom Emerson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: XTRadius to FreeRadius migration Date: Wed, 23 Jul 2003 18:31:24 -0700 Reply-To: [EMAIL PROTECTED] --Boundary-02=_vbzH/SPXwVSfPVI Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Content-Description: signed data Content-Disposition: inline On Wednesday 23 July 2003 8:31 am, Sinisa Burina wrote: From: Alan DeKok [EMAIL PROTECTED] Sinisa Burina [EMAIL PROTECTED] wrote: accounting) by external scripts, with custom MySQL database in the background that holds all the information and flags for ADSL/VPN accounts. FreeRADIUS can do this without running external scripts. I'm still puzzled - do I _have_ to follow proposed MySQL DB structure with attributes and operatirs, or there is a way to use my existing structure which is conceptually very different and is not to be changed? Let's leave all the rest on the side, and see how to authenticate the user against plaintext password stored in one simple MySQL table with only two fields: user and pass, using FR integrated features. A simple example would be very appreciated! :-) Please? I'll jump in here with a suggestion -- it took a while for it to sink in fo= r=20 me, so perhaps this will help someone else stay afloat... The sql statements given in the EXAMPLE configuration files are EXAMPLES. Once you catch on to that idea, it becomes obvious that instead of the giv= en=20 SQL statement of: SELECT id,UserName,Attribute,Value,op FROM ${authcheck_table} WHERE Username =3D '%{SQL-User-Name}' ORDER BY id You can fake it somewhat with SELECT id,user as username,Password as attribute, password as value,=3D=3D as op FROM ${authcheck_table}... in this example, I'm presuming actual field names of user and password,= =20 which need to correspond to the names username and value as required by= =20 the internals of the program [err, hope I have that part right] Likewise,= =20 this returns hard-coded field values of the word password and an operator= =20 of =3D=3D for the attribute and op fields. The downside, of course, is that no other attributes can be checked... [tho= ugh=20 I suppose you could put those in another table and/or query and/or SQL=20 definition...] =2D-=20
rlm_ippool missing gdbm.h header file
Hi, I am new to FreeRadius and only just downloaded the 0.9.0-pre3 version on Monday, although I have been an avid list reader for 6 months now. I am running Solaris 8 on my sparc server and compiled it with gcc with what I thought was no problems. On running some tests and attempting to use the rlm_ippool module I found that it had not built the libraries due to gdbm header files being missing. I have since (today) downloaded the 0.9.0 release and found that the problem still exists. Do I have to download the gdbm.h headers and libraries seperately ? I have read the FAQs and the documentation and have found no mention to gdbm.h issues. Hopefully I am not doing something extremely silly, but could someone please point me in the right direction. Thanking you in anticipation. Stephen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool missing gdbm.h header file
Of course you need to get the files. Get the package from sunfreeware. Rgds On Wed, 2003-07-23 at 17:36, SPJ.Schembri wrote: Hi, I am new to FreeRadius and only just downloaded the 0.9.0-pre3 version on Monday, although I have been an avid list reader for 6 months now. I am running Solaris 8 on my sparc server and compiled it with gcc with what I thought was no problems. On running some tests and attempting to use the rlm_ippool module I found that it had not built the libraries due to gdbm header files being missing. I have since (today) downloaded the 0.9.0 release and found that the problem still exists. Do I have to download the gdbm.h headers and libraries seperately ? I have read the FAQs and the documentation and have found no mention to gdbm.h issues. Hopefully I am not doing something extremely silly, but could someone please point me in the right direction. Thanking you in anticipation. Stephen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
From: Pierluigi Frullani Sent: Friday, 18 July 2003 8:00 PM modules { ippool wpool { session-db = ${raddbdir}/wpool-sess-db ip-index = ${raddbdir}/wpool-idx-db range-start = 192.168.127.1 range-stop = 192.168.127.127 netmask = 255.255.255.255 #netmask = 255.255.255.128 cache-size = 5000 } ippool dpool { session-db = ${raddbdir}/dpool-sess-db ip-index = ${raddbdir}/dpool-idx-db range-start = 192.168.126.160 range-stop = 192.168.126.255 netmask = 255.255.255.255 cache-size = 800 } So, what's wrong? Thanks for any hints! If I don't get wrong, the netmask in the config is for determine the address pool. So if you use the 255.255.255.255 netmask, you say to rlm_ippool that you have no network. You should use a higher netmask to provide some address. EG: range-start = 192.168.126.160 range-stop = 192.168.126.255 netmask = 255.255.255.128 This will inform the module that you want to use the address in the network 192.168.126.128/25, starting from the .160 I think that the 255.255.255.255 mask will lead the module to a confusion. Actually, that's not correct. The ippool module only uses the Netmask to set a value if one isn't set in the packet already. The Pool range will be from the start value to the stop value. Netmask of 255.255.255.255 is I would expect quite common from an ip pool, since people getting those IPs are probably only on a point-to-point link, at least when you're using a RADIUS server and not, say, DHCP to allocate the IPs. Unless it's a wireless network, I suppose... -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
Paul. You are wrong. The netmask shouldnt be /32 in the ippool configuration. If you put /32 in the config the client will not connect. Regards On Fri, 2003-07-18 at 14:35, Paul Hampson wrote: From: Pierluigi Frullani Sent: Friday, 18 July 2003 8:00 PM modules { ippool wpool { session-db = ${raddbdir}/wpool-sess-db ip-index = ${raddbdir}/wpool-idx-db range-start = 192.168.127.1 range-stop = 192.168.127.127 netmask = 255.255.255.255 #netmask = 255.255.255.128 cache-size = 5000 } ippool dpool { session-db = ${raddbdir}/dpool-sess-db ip-index = ${raddbdir}/dpool-idx-db range-start = 192.168.126.160 range-stop = 192.168.126.255 netmask = 255.255.255.255 cache-size = 800 } So, what's wrong? Thanks for any hints! If I don't get wrong, the netmask in the config is for determine the address pool. So if you use the 255.255.255.255 netmask, you say to rlm_ippool that you have no network. You should use a higher netmask to provide some address. EG: range-start = 192.168.126.160 range-stop = 192.168.126.255 netmask = 255.255.255.128 This will inform the module that you want to use the address in the network 192.168.126.128/25, starting from the .160 I think that the 255.255.255.255 mask will lead the module to a confusion. Actually, that's not correct. The ippool module only uses the Netmask to set a value if one isn't set in the packet already. The Pool range will be from the start value to the stop value. Netmask of 255.255.255.255 is I would expect quite common from an ip pool, since people getting those IPs are probably only on a point-to-point link, at least when you're using a RADIUS server and not, say, DHCP to allocate the IPs. Unless it's a wireless network, I suppose... -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
From: Gustavo Lozano Sent: Saturday, 19 July 2003 6:03 AM The netmask shouldnt be /32 in the ippool configuration. If you put /32 in the config the client will not connect. Wha? It works here. Why do you say it won't work? Surely most point-to-point connections work when they've got a netmask of /32, since they don't care what the address on the other end is, as long as they send the data there. In fact, I'd expect a point-to-point link to ignore a netmask. (As opposed to a two-NIC ethernet network, which needs... /30. Net, you, me, broadcast.) -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
The author of the module told me that like 3 months ago On Fri, 2003-07-18 at 15:21, Paul Hampson wrote: From: Gustavo Lozano Sent: Saturday, 19 July 2003 6:03 AM The netmask shouldnt be /32 in the ippool configuration. If you put /32 in the config the client will not connect. Wha? It works here. Why do you say it won't work? Surely most point-to-point connections work when they've got a netmask of /32, since they don't care what the address on the other end is, as long as they send the data there. In fact, I'd expect a point-to-point link to ignore a netmask. (As opposed to a two-NIC ethernet network, which needs... /30. Net, you, me, broadcast.) -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
From: Gustavo Lozano Sent: Saturday, 19 July 2003 6:35 AM The author of the module told me that like 3 months ago Before or after April 26th when the person whom I _assume_ is the author of the module accepted a patch from me to make netmasks of /32 work? http://www.freeradius.org/cgi-bin/cvsweb.cgi/radiusd/src/modules/rlm_ippool/rlm_ippool.c and you're looking at revision 1.16. Although I must say I was wrong before, the netmask _is_ used to determine what's in the IP Pool, but only to spot network and broadcast addresses. And a /32 netmask skips that code. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool: No available ip addresses in pool
Hello, I'm using 2 different ip pools. After some time my dialin users doesn't get IP addresses. iptool reported that only a small amount of avaiable ip addresses are in use. Running radiusd -X I see modcall: entering group post-auth modcall[post-auth]: module wpool returns noop rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module dpool returns noop modcall: group post-auth returns noop modcall: entering group post-auth rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: Found a stale entry for ip/port: 192.168.127.46/0 rlm_ippool: num: 0 rlm_ippool: Allocating ip to nas/port: 255.255.255.255/0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.127.46 to client on nas 255.255.255.255,port 0 modcall[post-auth]: module wpool returns ok modcall[post-auth]: module dpool returns noop modcall: group post-auth returns ok (so it's working for wpool this time). I'm running 0.9.0-pre3, the config looks so: modules { ippool wpool { session-db = ${raddbdir}/wpool-sess-db ip-index = ${raddbdir}/wpool-idx-db range-start = 192.168.127.1 range-stop = 192.168.127.127 netmask = 255.255.255.255 #netmask = 255.255.255.128 cache-size = 5000 } ippool dpool { session-db = ${raddbdir}/dpool-sess-db ip-index = ${raddbdir}/dpool-idx-db range-start = 192.168.126.160 range-stop = 192.168.126.255 netmask = 255.255.255.255 cache-size = 800 } ... } accounting { ... wpool dpool } post-auth { ... wpool dpool } So, what's wrong? Thanks for any hints! Regards, Thomas. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool
i have a big problem, the file rlm_ippool does not exist , is it normal? how can i have ths file? do i create them ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
Hi, add rlm_ippool at src/modules/stable and compile freeradius again. Regards, Thomas. labis siegfried wrote: i have a big problem, the file rlm_ippool does not exist , is it normal? how can i have ths file? do i create them ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
From: Thomas Krause (Webmatic) Sent: Thursday, 17 July 2003 7:05 PM I'm using 2 different ip pools. After some time my dialin users doesn't get IP addresses. iptool reported that only a small amount of avaiable ip addresses are in use. Running radiusd -X I see Assuming you're not out of IP addresses... modcall: entering group post-auth modcall[post-auth]: module wpool returns noop rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module dpool returns noop modcall: group post-auth returns noop So, what's wrong? Stop the server, and use ippooltool (if you can't find it, look in the mailling list archives, or google should pick it up) to make sure that your IP pools have all the entries available that you expect them to... This looks like a bug that was noticed before, but no-one had a good solution for (that I remember). -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
In 0.8.1 and before you need to set --enable-experimental modules . With 0.9-pre1 and up the module will be compiled by itself, check the dependencies and the output of configure On Thu, 2003-07-17 at 04:43, labis siegfried wrote: i have a big problem, the file rlm_ippool does not exist , is it normal? how can i have ths file? do i create them ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
Who has the ippooltool module working in Solaris? I cant compile it: # make gcc -o iptool iptool.c -I/usr/local/include -L/usr/local/lib -lgdbm Undefined first referenced symbol in file inet_ntoa /var/tmp//cc5pKDtj.o ld: fatal: Symbol referencing errors. No output written to iptool collect2: ld returned 1 exit status make: *** [iptool] Error 1 On Thu, 2003-07-17 at 08:01, Paul Hampson wrote: From: Thomas Krause (Webmatic) Sent: Thursday, 17 July 2003 7:05 PM I'm using 2 different ip pools. After some time my dialin users doesn't get IP addresses. iptool reported that only a small amount of avaiable ip addresses are in use. Running radiusd -X I see Assuming you're not out of IP addresses... modcall: entering group post-auth modcall[post-auth]: module wpool returns noop rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module dpool returns noop modcall: group post-auth returns noop So, what's wrong? Stop the server, and use ippooltool (if you can't find it, look in the mailling list archives, or google should pick it up) to make sure that your IP pools have all the entries available that you expect them to... This looks like a bug that was noticed before, but no-one had a good solution for (that I remember). -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Gustavo A. Lozano Noldata Corporation [EMAIL PROTECTED] Calle 46 No. 40-19 CTO Bogota D.C. Colombia Noldata Corporation http://noldata.com I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones. Albert Einstein - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool: No available ip addresses in pool
Lame me! add -lsocket -lnsl to the compilation flags... Seems I am 2 tired after 18 hours of work. C ya On Thu, 2003-07-17 at 16:34, Gustavo Lozano wrote: Who has the ippooltool module working in Solaris? I cant compile it: # make gcc -o iptool iptool.c -I/usr/local/include -L/usr/local/lib -lgdbm Undefined first referenced symbol in file inet_ntoa /var/tmp//cc5pKDtj.o ld: fatal: Symbol referencing errors. No output written to iptool collect2: ld returned 1 exit status make: *** [iptool] Error 1 On Thu, 2003-07-17 at 08:01, Paul Hampson wrote: From: Thomas Krause (Webmatic) Sent: Thursday, 17 July 2003 7:05 PM I'm using 2 different ip pools. After some time my dialin users doesn't get IP addresses. iptool reported that only a small amount of avaiable ip addresses are in use. Running radiusd -X I see Assuming you're not out of IP addresses... modcall: entering group post-auth modcall[post-auth]: module wpool returns noop rlm_ippool: Searching for an entry for nas/port: 255.255.255.255/0 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module dpool returns noop modcall: group post-auth returns noop So, what's wrong? Stop the server, and use ippooltool (if you can't find it, look in the mailling list archives, or google should pick it up) to make sure that your IP pools have all the entries available that you expect them to... This looks like a bug that was noticed before, but no-one had a good solution for (that I remember). -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
URGENT HELP rlm_ippool
Hi, I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool. I have to migrate tonight so this is an urgent request I have a Cisco AS5300 and here is what I would like to do: 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254 So I am trying to setup rlm_ippool. Here is what I have so far: in radiusd.conf ippool public_pool { range-start = 1.1.1.1 range-stop = 1.1.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } ippool private_pool { range-start = 172.16.1.1 range-stop = 172.16.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } In radgroupcheck, I have: groupname | attribute | op | value publicgroup | Pool-Name | := | public_pool privategroup | Pool-Name | := | private_pool In radgroupreply : what do I put exactly to tell my cisco what IP address is assigned Basically, I am lacking documentation here - Can someone give a sample configuration on what I have to put exactly in my freeradius config as well as my cisco config. Thanks in advance for you help Mohsen --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: URGENT HELP rlm_ippool
From: ARC Informatique Sent: Sunday, 13 July 2003 2:10 AM I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool. I have to migrate tonight so this is an urgent request I have a Cisco AS5300 and here is what I would like to do: 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254 So I am trying to setup rlm_ippool. Here is what I have so far: in radiusd.conf ippool public_pool { range-start = 1.1.1.1 range-stop = 1.1.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool session-db = ${raddbdir}/public.ippool ip-index = ${raddbdir}/db.ipindex ip-index = ${raddbdir}/public.ipindex override = no } ippool private_pool { range-start = 172.16.1.1 range-stop = 172.16.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool session-db = ${raddbdir}/private.ippool ip-index = ${raddbdir}/db.ipindex ip-index = ${raddbdir}/private.ipindex override = no } The problem here is that they need _seperate_ DB files... Oh, and make sure you've got the private_pool and public_pool instances in your accounting and post-auth sections of radius.conf In radgroupcheck, I have: groupname | attribute | op | value publicgroup | Pool-Name | := | public_pool privategroup | Pool-Name | := | private_pool That should be correct. In radgroupreply : what do I put exactly to tell my cisco what IP address is assigned Nothing. When the module runs in post-auth, it'll see the check item Pool-Name and replace it with an IP address and netmask if you haven't specified one already. Basically, I am lacking documentation here - Can someone give a sample configuration on what I have to put exactly in my freeradius config as well as my cisco config. Basically, I have exactly what you have here, and it works a treat. For one reason or another, I've had to patch my copy of rlm_ippool to use radgroupreply instead of radgroupcheck, but that's irrelevant. You should see the modcalls in radius debug... Warning, if you use radtest to test this, you'll have to either use radzap or ippooltool (seperate program from one of the list members) to remove that entry from the list of take IP addresses. Anyway, a ippool module will NOOP on the wrong Pool-Name, and OK on the correct pool name. If no pool name is specified, you should see a warning in debug mode, and get a NOOP response from the module. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT HELP rlm_ippool
Why not use the cisco device to do the actual assigning of IP's? I do something like this with a Cisco 2600 and a VPN module. I have 2 sets of IP's, one for the local network, and one range for VPN Dial-ins. Unless you need something with the accounting of Radius, but can't you just use the cisco logs? Hope this helps ip dhcp pool private-LAN network 10.1.0.0 255.255.0.0 domain-name neondsl.com dns-server 65.171.232.2 209.248.58.6 default-router 10.1.1.3 vpdn-group vpngroup ! Default PPTP VPDN group accept-dialin protocol pptp virtual-template 1 ip local pool vpnpool 10.1.100.1 10.1.101.254 - Original Message - From: ARC Informatique [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 12, 2003 11:09 AM Subject: URGENT HELP rlm_ippool Hi, I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool. I have to migrate tonight so this is an urgent request I have a Cisco AS5300 and here is what I would like to do: 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254 So I am trying to setup rlm_ippool. Here is what I have so far: in radiusd.conf ippool public_pool { range-start = 1.1.1.1 range-stop = 1.1.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } ippool private_pool { range-start = 172.16.1.1 range-stop = 172.16.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } In radgroupcheck, I have: groupname | attribute | op | value publicgroup | Pool-Name | := | public_pool privategroup | Pool-Name | := | private_pool In radgroupreply : what do I put exactly to tell my cisco what IP address is assigned Basically, I am lacking documentation here - Can someone give a sample configuration on what I have to put exactly in my freeradius config as well as my cisco config. Thanks in advance for you help Mohsen -- - Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT HELP rlm_ippool
Thanks, you are right. It works by itself. I did a test with radpingtest. Now I am going to test it on my cisco. - Original Message - From: Paul Hampson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 12, 2003 4:27 PM Subject: RE: URGENT HELP rlm_ippool From: ARC Informatique Sent: Sunday, 13 July 2003 2:10 AM I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool. I have to migrate tonight so this is an urgent request I have a Cisco AS5300 and here is what I would like to do: 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254 So I am trying to setup rlm_ippool. Here is what I have so far: in radiusd.conf ippool public_pool { range-start = 1.1.1.1 range-stop = 1.1.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool session-db = ${raddbdir}/public.ippool ip-index = ${raddbdir}/db.ipindex ip-index = ${raddbdir}/public.ipindex override = no } ippool private_pool { range-start = 172.16.1.1 range-stop = 172.16.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool session-db = ${raddbdir}/private.ippool ip-index = ${raddbdir}/db.ipindex ip-index = ${raddbdir}/private.ipindex override = no } The problem here is that they need _seperate_ DB files... Oh, and make sure you've got the private_pool and public_pool instances in your accounting and post-auth sections of radius.conf In radgroupcheck, I have: groupname | attribute | op | value publicgroup | Pool-Name | := | public_pool privategroup | Pool-Name | := | private_pool That should be correct. In radgroupreply : what do I put exactly to tell my cisco what IP address is assigned Nothing. When the module runs in post-auth, it'll see the check item Pool-Name and replace it with an IP address and netmask if you haven't specified one already. Basically, I am lacking documentation here - Can someone give a sample configuration on what I have to put exactly in my freeradius config as well as my cisco config. Basically, I have exactly what you have here, and it works a treat. For one reason or another, I've had to patch my copy of rlm_ippool to use radgroupreply instead of radgroupcheck, but that's irrelevant. You should see the modcalls in radius debug... Warning, if you use radtest to test this, you'll have to either use radzap or ippooltool (seperate program from one of the list members) to remove that entry from the list of take IP addresses. Anyway, a ippool module will NOOP on the wrong Pool-Name, and OK on the correct pool name. If no pool name is specified, you should see a warning in debug mode, and get a NOOP response from the module. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: URGENT HELP rlm_ippool
Now after testing on the cisco, do I have to remove the pools defined in it because ip addresses are still beeing assigned by cisco instead of freeradius although I have override = yes in pool definnition in radiusd.conf - Original Message - From: Paul Hampson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, July 12, 2003 4:27 PM Subject: RE: URGENT HELP rlm_ippool From: ARC Informatique Sent: Sunday, 13 July 2003 2:10 AM I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool. I have to migrate tonight so this is an urgent request I have a Cisco AS5300 and here is what I would like to do: 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254 So I am trying to setup rlm_ippool. Here is what I have so far: in radiusd.conf ippool public_pool { range-start = 1.1.1.1 range-stop = 1.1.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool session-db = ${raddbdir}/public.ippool ip-index = ${raddbdir}/db.ipindex ip-index = ${raddbdir}/public.ipindex override = no } ippool private_pool { range-start = 172.16.1.1 range-stop = 172.16.1.254 netmask = 255.255.255.0 cache-size = 255 session-db = ${raddbdir}/db.ippool session-db = ${raddbdir}/private.ippool ip-index = ${raddbdir}/db.ipindex ip-index = ${raddbdir}/private.ipindex override = no } The problem here is that they need _seperate_ DB files... Oh, and make sure you've got the private_pool and public_pool instances in your accounting and post-auth sections of radius.conf In radgroupcheck, I have: groupname | attribute | op | value publicgroup | Pool-Name | := | public_pool privategroup | Pool-Name | := | private_pool That should be correct. In radgroupreply : what do I put exactly to tell my cisco what IP address is assigned Nothing. When the module runs in post-auth, it'll see the check item Pool-Name and replace it with an IP address and netmask if you haven't specified one already. Basically, I am lacking documentation here - Can someone give a sample configuration on what I have to put exactly in my freeradius config as well as my cisco config. Basically, I have exactly what you have here, and it works a treat. For one reason or another, I've had to patch my copy of rlm_ippool to use radgroupreply instead of radgroupcheck, but that's irrelevant. You should see the modcalls in radius debug... Warning, if you use radtest to test this, you'll have to either use radzap or ippooltool (seperate program from one of the list members) to remove that entry from the list of take IP addresses. Anyway, a ippool module will NOOP on the wrong Pool-Name, and OK on the correct pool name. If no pool name is specified, you should see a warning in debug mode, and get a NOOP response from the module. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Ce mail ne contient pas de virus. This mail is virus free Scanné par Escan Checked by Escan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: URGENT HELP rlm_ippool
From: ARC Informatique Sent: Sunday, 13 July 2003 4:22 AM To: [EMAIL PROTECTED] Subject: Re: URGENT HELP rlm_ippool Now after testing on the cisco, do I have to remove the pools defined in it because ip addresses are still beeing assigned by cisco instead of freeradius although I have override = yes in pool definnition in radiusd.conf The override = yes part only refers to whether the rlm_ippool module in FreeRADIUS will override an IP address that has already been added to the packet by a RADIUS server. Nothing to do with ip pools on your NAS. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Trying to debug rlm_ippool..
Hi there: Didnt know if this would fit in freeradius-devel, so I just got Paul's email (from June 19th) and hit reply to all :) I needed this module functionality so badly that I coded ippool_postauth and ippool_accounting following the algorithm he proposed. MPP detection is not implemented, as I'm not sure to understand it well enough, and there could be something we've missed, like what happens when there's no caller-id attr.. It's been working for a week or so in production here with just one realm (but planning to make it general, as soon as I have time to migrate the user db) and it's doing a pretty good job so far. So I decided to expose myself to public shame by posting a patch against the current (as of July 2nd, 2003) CVS source tree. Have mercy.. They say some things you never forget, but it's my first non-trivial hack in years :) Cheers, Jon diff -urN radiusd/src/modules/rlm_ippool/rlm_ippool.c new.radiusd/src/modules/rlm_ippool/rlm_ippool.c --- radiusd/src/modules/rlm_ippool/rlm_ippool.c 2003-06-20 19:50:10.0 +0200 +++ new.radiusd/src/modules/rlm_ippool/rlm_ippool.c 2003-07-02 23:08:02.0 +0200 @@ -66,6 +66,7 @@ #endif #define MAX_NAS_NAME_SIZE 64 +#define MAX_CLI_SIZE 32 static const char rcsid[] = $Id: rlm_ippool.c,v 1.20 2003/06/20 17:50:10 phampson Exp $; @@ -78,23 +79,66 @@ */ typedef struct rlm_ippool_t { char *session_db; - char *ip_index; + char *ipindex_db; + char *callerid_db; char *name; uint32_t range_start; uint32_t range_stop; uint32_t netmask; int cache_size; int override; - GDBM_FILE gdbm; - GDBM_FILE ip; - pthread_mutex_t session_mutex; - pthread_mutex_t ip_mutex; + GDBM_FILE gsession_db; + GDBM_FILE gipindex_db; + GDBM_FILE gcallerid_db; + pthread_mutex_t mutex; } rlm_ippool_t; +/* + * session-db: + * [cli,nas] - (ipaddr,port) + */ +typedef struct session_entry { + uint32_t ipaddr; +} session_entry; + +typedef struct session_key { + char nas[MAX_NAS_NAME_SIZE]; + unsigned int port; +} session_key; + +/* + * ipindex-db: + * [ipaddr] - (cli,nas,active) + */ +typedef struct ipindex_entry { + char cli[MAX_CLI_SIZE]; + char nas[MAX_NAS_NAME_SIZE]; + char active; +} ipindex_entry; + +typedef struct ipindex_key { + uint32_t ipaddr; +} ipindex_key; + +/* + * callerid-db: + * [cli,nas] - (ipaddr,usage) + */ +typedef struct callerid_entry { + uint32_t ipaddr; + char usage; +} callerid_entry; + +typedef struct callerid_key { + char cli[MAX_CLI_SIZE]; + char nas[MAX_NAS_NAME_SIZE]; +} callerid_key; + +/* old structs */ typedef struct ippool_info { uint32_t ipaddr; char active; - char cli[32]; + char cli[MAX_CLI_SIZE]; } ippool_info; typedef struct ippool_key { @@ -113,7 +157,8 @@ */ static CONF_PARSER module_config[] = { { session-db, PW_TYPE_STRING_PTR, offsetof(rlm_ippool_t,session_db), NULL, NULL }, - { ip-index, PW_TYPE_STRING_PTR, offsetof(rlm_ippool_t,ip_index), NULL, NULL }, + { ipindex-db, PW_TYPE_STRING_PTR, offsetof(rlm_ippool_t,ipindex_db), NULL, NULL }, + { callerid-db, PW_TYPE_STRING_PTR, offsetof(rlm_ippool_t,callerid_db), NULL, NULL }, { range-start, PW_TYPE_IPADDR, offsetof(rlm_ippool_t,range_start), NULL, 0 }, { range-stop, PW_TYPE_IPADDR, offsetof(rlm_ippool_t,range_stop), NULL, 0 }, { netmask, PW_TYPE_IPADDR, offsetof(rlm_ippool_t,netmask), NULL, 0 }, @@ -137,8 +182,12 @@ { rlm_ippool_t *data; int cache_size; + ipindex_entry entry; + ipindex_key key; + /* ippool_info entry; ippool_key key; + */ datum key_datum; datum data_datum; int i; @@ -166,11 +215,16 @@ free(data); return -1; } - if (data-ip_index == NULL) { + if (data-ipindex_db == NULL) { radlog(L_ERR, rlm_ippool: 'ip-index' must be set.); free(data); return -1; } + if (data-callerid_db == NULL) { + radlog(L_ERR, rlm_ippool: 'callerid-db' must be set.); + free(data); + return -1; + } data-range_start = htonl(data-range_start); data-range_stop = htonl(data-range_stop); data-netmask = htonl(data-netmask); @@ -181,36 +235,48 @@ return -1; } - data-gdbm = gdbm_open(data-session_db, sizeof(int), + data-gsession_db = gdbm_open(data-session_db, sizeof(int), GDBM_WRCREAT | GDBM_IPPOOL_OPTS, 0600, NULL); - if (data-gdbm == NULL) { + if (data-gsession_db == NULL) { radlog(L_ERR, rlm_ippool: Failed to open file %s: %s, data-session_db, strerror(errno)); return -1; } - data-ip = gdbm_open(data-ip_index, sizeof(int), + data-gipindex_db = gdbm_open(data-ipindex_db, sizeof(int), + GDBM_WRCREAT | GDBM_IPPOOL_OPTS, 0600, NULL); + if (data-gipindex_db == NULL) { + radlog(L_ERR, rlm_ippool: Failed to open file %s: %s, +data-ipindex_db, strerror(errno)); + return -1; + } + data-gcallerid_db = gdbm_open(data-callerid_db, sizeof(int), GDBM_WRCREAT | GDBM_IPPOOL_OPTS, 0600, NULL); - if (data-ip == NULL) { + if (data-gcallerid_db == NULL) { radlog(L_ERR, rlm_ippool: Failed to open file %s: %s, -data-ip_index, strerror(errno)); +data-callerid_db, strerror(errno
RE: Trying to debug rlm_ippool..
From: Jonathan Ruano Sent: Tuesday, 17 June 2003 10:04 PM I'm debugging rlm_ippool, trying to catch the bug that causes ips to disappear.. (CC'd to -devel since this is leading towards a patch from me... :-) I'm just having a look at it myself, and on first glance the mutex locking is too fine grained, protecting the GDBM file itself, but not the transactions being performed... Just looking at the code, I think Multilink PPP is broken too, since if we find an active==0 entry, we break out of the loop, even if searching further would discover the matching entry for Multilink PPP. My current thought is that the module would be better served by _one_ GDBM database, indexed by IP address. The current system of having (nas,port) index into the IP address list is (I think) supposed to save walking the entire database each check, but supporting MLPPP requires almost exactly that... thinks Maybe a DB indexed by IP address, and one indexed by CLI/NAS? thinks more Dunno, gonna need some more thought on that one, and see if we can avoid walking the whole DB on _all_ paths: Post-auth: DB Lock Stale NAS/Port: Lookup NAS,port; get old IP (If there _was_ a NAS,port entry... Deallocate:) Delete NAS,port; Lookup IP; get oldCLI Lookup oldCLI,NAS; decrement usage delete if usage == 0 Lookup IP; mark inactive if deleted from (CLI,NAS) Multilink PPP check:Lookup CLI,NAS; get current ML-PPP IP elseFind unallocated IP... == Longest walk!! Allocation: Lookup IP; record active, cli, NAS Create NAS,port; record IP Lookup CLI,NAS; increment usage or create entry DB unlock Accounting: DB lock Deallocation: Delete NAS,port; Lookup IP; get oldCLI Lookup oldCLI,NAS; decrement usage delete if usage == 0 Lookup IP; mark inactive if deleted from (CLI,NAS) DB unlock DBs: (cli,nas): ipaddr, usage (nas,port): ipaddr (ipaddr): cli, nas, active Where the (cli,nas) and (nas,port) tables are only containing active entries, and the (ipaddr) table never has entries removed. Entries are cleaned when either a stop-record for that NAS/port or an Auth record for that NAS/port are seen. Each NAS,port can only have one IP address. Each cli,NAS can have one IP address assigned to multiple ports Each IPadress can have one or zero CLI, NAS and be assigned to multiple ports Big locks aren't bad to my mind here, since we're not walking the entire table anyway, which would be a step up from the current code. In fact, only once do we need to walk rather than looking up by index... Which worries me that I've missed something. Hopefully this would make the next step easier (or at least possible) of altering the tables without having to delete and recreate them. At least _adding_ to the IP pool would be easier... Deleting has problems when the IPs to be deleted are in use... Maybe just skip 'em until _next_ restart. (And yes, I _am_ volunteering for this one... So I'd appreciate anyone banging on the ideas here and telling me in what way I've been stupid. Patch ETA is over the weekend) Anyway, to reanswer the originally asked question, first glance is that the mutexes need to be expanded to cover whole transactions (ie subtracting one from the usage marker in the data-ip DB) instead of the current query by query locking. It may not fix the problem you're seeing, but it _is_ a problem waiting to happen. And as far as I can see, that would unify the mutexes in rlm_ippool.c into a single mutex. -- = Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] The Creation of the Universe was made possible by a grant from Texas Instruments. -- PBS - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Trying to debug rlm_ippool..
Hello all: I'm debugging rlm_ippool, trying to catch the bug that causes ips to disappear.. Any hints or experience sharing would be appreciated. Cheers, Jonathan. -- Jonathan Ruano kobalt at pobox dot com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool sometimes doesn't assign IP addresses
Hola: I've been testing fr0.8.1 for several day with low traffic RADIUS requests (redirecting just a couple of realms to it), and my current configuration works nice, except for dynamic pool ip addressing. It occasionally authenticates users but doesn't assign any IP address. I can see it because these dial-in users are assigned IPs by the NAS (Ascend MAX, and MAX TNTs), thus showing with different network range when radshowing. I was wondering whether there could be a threading issue with this, and whether proposed mutex section for crypt in auth.c is planned to be incorporated into CVS version. Just downloaded last night's snapshop and it's not there. Just sneaking into the code and trying to wonder if NEED_GDBM_SYNC and GDBM_NOLOCK are defined. I'll set debugging on and try to catch some useful info. Jonathan. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool sometimes doesn't assign IP addresses
On Tue, Jun 10, 2003 at 09:15:45AM +0200, Jonathan Ruano wrote: I was wondering whether there could be a threading issue with this, and whether proposed mutex section for crypt in auth.c is planned to be incorporated into CVS version. Just downloaded last night's snapshop and it's not there. You can just try my patch, if you want to check if it is the crypt problem. But the normal symptom of this is that users with crypt password are not authenticated. If the auth succeeds for you, this has certainly nothing to do with the threading crypt issues. A simple check is to have some test user with plain password. The plain password should work, even if radiusd is rejecting crypt users. I'm using my mods an two high traffic production servers. They are running fine since the posting of my patch. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool sometimes doesn't assign IP addresses
Thanks, Oliver. You're right, my issue is not dealing with auth process. Now trying to sneak into ippool gdbm files.. One of them gets eventually full, even though there are not enough active users to fill it.. Jonathan. -- Jonathan Ruano kobalt at pobox dot com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Publicite_suspecte 202 RE: rlm_ippool sometimes doesn't assign IP addresses
Le 10 Jun 2003 à 10:03, Jonathan Ruano a écrit: Thanks, Oliver. You're right, my issue is not dealing with auth process. Now trying to sneak into ippool gdbm files.. One of them gets eventually full, even though there are not enough active users to fill it.. Jonathan. -- Jonathan Ruano kobalt at pobox dot com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html ok we found at least two bug in the ippool.c - first of them : when you have a connection on the same nas/port the entry is deleted i'have patch this bug - the other one is really strange, some times, it seem that this nas/port entry is delete but the new one seem to be replace another one (A good one!) so the ippool database decrease and drecrease you can try to use iptool to use your database I don't find where is this bug for now but i look at this now Lionel Drevon [EMAIL PROTECTED] Adeli http://www.adeli.fr 618 Av. Gal de Gaulle Tel 04 78 66 11 85 69760 Limonest Fax 04 78 66 04 33 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool in 0.8.1
Paul Hampson [EMAIL PROTECTED] wrote: Umm, rlm_ippool is marked as really buggy in 0.8.1, but it doesn't seem to have changed significantly in last night's snapshot (apart from adding the netmask attribute insertion) really buggy? What exactly is wrong with it? It looks fine on a first glance, but I'm sure there are non-obvious problems. I don't know. A lot of people have been using it with some measure of success. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: rlm_ippool in 0.8.1 + Another question
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alan DeKok Sent: Friday, 4 April 2003 12:59 AM Paul Hampson [EMAIL PROTECTED] wrote: Umm, rlm_ippool is marked as really buggy in 0.8.1, but it doesn't seem to have changed significantly in last night's snapshot (apart from adding the netmask attribute insertion) really buggy? Apologies... It actually says Highly experimental in the entry in experimental.conf. I mis-remembered. :-) What exactly is wrong with it? It looks fine on a first glance, but I'm sure there are non-obvious problems. I don't know. A lot of people have been using it with some measure of success. Sounds good to me. :-) Another question... Is there a target set of release goals for 0.9? I'd like to see freeradius re-enter Debian, and I'm curious to know how you're viewing it's progress at the moment. -- = Paul TBBle Hampson Network Architect, Bandwidth Unlimited Pty Ltd [EMAIL PROTECTED] --Nick Moffitt A: No. Q: Should I include quotations after my reply? - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool in 0.8.1 + Another question
Paul Hampson [EMAIL PROTECTED] wrote: Another question... Is there a target set of release goals for 0.9? Soon. I'll say before May 1, just because 0.8 was so long ago. I'd like to see freeradius re-enter Debian, and I'm curious to know how you're viewing it's progress at the moment. It's looking pretty good. A number of serious issues (e.g. HUP) have been fixed, and a lot of cool new features have been added (e.g. LEAP) Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool in 0.8.1
Umm, rlm_ippool is marked as really buggy in 0.8.1, but it doesn't seem to have changed significantly in last night's snapshot (apart from adding the netmask attribute insertion) What exactly is wrong with it? It looks fine on a first glance, but I'm sure there are non-obvious problems. (I've grabbed the ippool tool already and if the problem's something like 'missed accounting stops will leave IPs in limbo' then I can understand that and welcome suggestions for an automated way of noticing that... I don't think I can use checkrad{,.pl} sadly, but my dial-in provider apparently will limit simultaneous-use on all but one account for me, so that's not an issue for accounting.) -- = Paul TBBle Hampson Network Architect, Videohost Pty Ltd [EMAIL PROTECTED] --Nick Moffitt A: No. Q: Should I include quotations after my reply? - Random signature generator 3.0 by Paul TBBle Hampson = - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool: No available ip addresses in pool.
Hello all, I have my freeradius configured with ippool support, but after 15 hours(aprox) working well, freeradius starts to fail allocating IP's, although the ip pool is bigger than the number of users connected. Login OK: [javier] (from client isp3 port 163 cli 971498178) modcall: entering group post-auth rlm_ippool: Searching for an entry for nas/port: 195.53.58.10/163 rlm_ippool: No available ip addresses in pool. modcall[post-auth]: module pool1 returns noop My questions are: 1) How can I know how many free IP's has each ippool?? 2) How long does freeradius wait to re-use a previously allocated IP?? 3) Is there any patch available to solve this problem?? Thanks in advance. Javier. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dynamic Ipaddress using rlm_ippool
I've got the dynmaic ippool handling working. Looking at the source code, it seems to me, that ipaddresses are freed, when an Accounting-Stop record comes along. As those records arrive via udp (true??) some might be lost and the associated addresses will never be freed. Is this true? If so: how can those addresses be set to unused during normal operations? The module ippool is declared experimental. Does anyone have real experience with it? Thanks Norbert Wegener -- Norbert WegenerPhone:(49)2012661379 Fax:(49)2012661377 SBS Essen,Germany Mail: [EMAIL PROTECTED] Mailfax:(49)2018165521379 smime.p7s Description: S/MIME Cryptographic Signature
Re: Dynamic Ipaddress using rlm_ippool
Norbert Wegener [EMAIL PROTECTED] wrote: I've got the dynmaic ippool handling working. Looking at the source code, it seems to me, that ipaddresses are freed, when an Accounting-Stop record comes along. As those records arrive via udp (true??) some might be lost and the associated addresses will never be freed. Is this true? Sort of. The UDP packets may be lost, but the NAS *should* re-send them. If it doesn't, it's broken. If so: how can those addresses be set to unused during normal operations? Use a non-broken NAS. Hmm... the module SHOULD handle the case where a stop is lost completely (rare, but possible) and a new start packet comes in for the same port. I haven't looked at the source to see if/how it does this, though. The module ippool is declared experimental. Does anyone have real experience with it? I'm not using it, but a lot of other people are. If there are no objections, it should be declared 'stable' before the next release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Ipaddress using rlm_ippool
On Tue, 21 Jan 2003, Alan DeKok wrote: Norbert Wegener [EMAIL PROTECTED] wrote: I've got the dynmaic ippool handling working. Looking at the source code, it seems to me, that ipaddresses are freed, when an Accounting-Stop record comes along. As those records arrive via udp (true??) some might be lost and the associated addresses will never be freed. Is this true? Sort of. The UDP packets may be lost, but the NAS *should* re-send them. If it doesn't, it's broken. If so: how can those addresses be set to unused during normal operations? Use a non-broken NAS. Hmm... the module SHOULD handle the case where a stop is lost completely (rare, but possible) and a new start packet comes in for the same port. I haven't looked at the source to see if/how it does this, though. If an Access-Request comes in for a port that has already an assigned ip that ip is freed. The module ippool is declared experimental. Does anyone have real experience with it? I'm not using it, but a lot of other people are. If there are no objections, it should be declared 'stable' before the next release. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic Ipaddress using rlm_ippool
Kostas Kalevras schrieb: On Tue, 21 Jan 2003, Alan DeKok wrote: Norbert Wegener [EMAIL PROTECTED] wrote: I've got the dynmaic ippool handling working. Looking at the source code, it seems to me, that ipaddresses are freed, when an Accounting-Stop record comes along. As those records arrive via udp (true??) some might be lost and the associated addresses will never be freed. Is this true? Sort of. The UDP packets may be lost, but the NAS *should* re-send them. If it doesn't, it's broken. If so: how can those addresses be set to unused during normal operations? Use a non-broken NAS. Hmm... the module SHOULD handle the case where a stop is lost completely (rare, but possible) and a new start packet comes in for the same port. I haven't looked at the source to see if/how it does this, though. If an Access-Request comes in for a port that has already an assigned ip that ip is freed. This is a reasonable behaviour. Nevertheless I would like to know, whether there is a chance to monitor how many ips are in use. Does a tool for this already exist? Norbert Wegener -- Norbert Wegener Phone : (49) 201 2661 379 SBS Essen Fax:(49) 201 2661 377 Germany Mail: [EMAIL PROTECTED] http://relax.sbs.de (intranet) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool bug solved
OK, ip_pool not deallocating ips when accounting stops where received should now be fixed in current CVS. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem of rlm_ippool
Hi I got the warning message during compiled rlm_ippool module: rlm_ippool.c: In function `ippool_instantiate': rlm_ippool.c:223: warning: decimal constant is so large that it is unsigned rlm_ippool.c:230: warning: assignment from incompatible pointer type rlm_ippool.c:237: warning: assignment from incompatible pointer type rlm_ippool.c: In function `ippool_accounting': rlm_ippool.c:321: warning: assignment from incompatible pointer type rlm_ippool.c:337: warning: assignment from incompatible pointer type rlm_ippool.c:352: warning: assignment from incompatible pointer type rlm_ippool.c:363: warning: assignment from incompatible pointer type rlm_ippool.c: In function `ippool_authorize': rlm_ippool.c:441: warning: assignment from incompatible pointer type rlm_ippool.c:458: warning: assignment from incompatible pointer type rlm_ippool.c:471: warning: assignment from incompatible pointer type rlm_ippool.c:482: warning: assignment from incompatible pointer type rlm_ippool.c:526: warning: assignment from incompatible pointer type rlm_ippool.c:566: warning: assignment from incompatible pointer type rlm_ippool.c:580: warning: assignment from incompatible pointer type rlm_ippool.c:593: warning: assignment from incompatible pointer type rlm_ippool.c:604: warning: assignment from incompatible pointer type Would the error affect the radius running. The overall output for rlm_ippool is as follows: # ./configure creating cache ./config.cache checking for gcc... gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... yes checking whether gcc accepts -g... yes checking how to run the C preprocessor... gcc -E checking for gdbm.h... yes checking for gdbm_open in -lgdbm... yes checking to see GDBM_SYNC status... needs it. checking for gdbm_fdesc... yes updating cache ./config.cache creating ./config.status creating Makefile creating config.h config.h is unchanged # gmake gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../in clude -c rlm_ippool.c -o rlm_ippool.o In file included from rlm_ippool.c:48: /usr/include/netinet/in.h:211: warning: `INADDR_ANY' redefined ../../include/missing.h:73: warning: this is the location of the previous definition /usr/include/netinet/in.h:212: warning: `INADDR_LOOPBACK' redefined ../../include/missing.h:77: warning: this is the location of the previous definition rlm_ippool.c: In function `ippool_instantiate': rlm_ippool.c:223: warning: decimal constant is so large that it is unsigned rlm_ippool.c:230: warning: assignment from incompatible pointer type rlm_ippool.c:237: warning: assignment from incompatible pointer type rlm_ippool.c: In function `ippool_accounting': rlm_ippool.c:321: warning: assignment from incompatible pointer type rlm_ippool.c:337: warning: assignment from incompatible pointer type rlm_ippool.c:352: warning: assignment from incompatible pointer type rlm_ippool.c:363: warning: assignment from incompatible pointer type rlm_ippool.c: In function `ippool_authorize': rlm_ippool.c:441: warning: assignment from incompatible pointer type rlm_ippool.c:458: warning: assignment from incompatible pointer type rlm_ippool.c:471: warning: assignment from incompatible pointer type rlm_ippool.c:482: warning: assignment from incompatible pointer type rlm_ippool.c:526: warning: assignment from incompatible pointer type rlm_ippool.c:566: warning: assignment from incompatible pointer type rlm_ippool.c:580: warning: assignment from incompatible pointer type rlm_ippool.c:593: warning: assignment from incompatible pointer type rlm_ippool.c:604: warning: assignment from incompatible pointer type /download/radius7temp/freeradius-0.7/libtool --mode=link ld \ -module -static -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBU G -I../../include rlm_ippool.o -o rlm_ippool.a mkdir .libs ar cru rlm_ippool.a rlm_ippool.o ranlib rlm_ippool.a /download/radius7temp/freeradius-0.7/libtool --mode=compile gcc -g -O2 -D_REENTRANT -D_POS IX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../include -c rlm_ippool.c rm -f .libs/rlm_ippool.lo gcc -g -O2 -D_REENTRANT -D_POSIX_PTHREAD_SEMANTICS -Wall -D_GNU_SOURCE -DNDEBUG -I../../inc lude -c rlm_ippool.c -fPIC -DPIC -o .libs/rlm_ippool.lo In file included from rlm_ippool.c:48: /usr/include/netinet/in.h:211: warning: `INADDR_ANY' redefined ../../include/missing.h:73: warning: this is the location of the previous definition /usr/include/netinet/in.h:212: warning: `INADDR_LOOPBACK' redefined ../../include/missing.h:77: warning: this is the location of the previous definition rlm_ippool.c: In function `ippool_instantiate': rlm_ippool.c:223: warning: decimal constant is so large that it is unsigned rlm_ippool.c:230: warning: assignment from incompatible pointer type rlm_ippool.c:237: warning: assignment from incompatible pointer type rlm_ippool.c: In function `ippool_accounting
rlm_ippool
Dear All Andrew Kelaidis [EMAIL PROTECTED] wrote: I want to use ippool module (freeradius version 0.7 stable). I have tried the following configure commands but unfortunately didn't work: ... I looked in configure, make messages but I didn't see anything wrong. Are there any dependencies for this module??? What I did wrong?? and Alan worte: The output of 'configure --help' gives you some information. You can enable experimental modules. But it won't currently let you enable the experimental modules one-by-one. Or, you can just build install the server without rlm_ippool. Then, go to 'src/modules/rlm_ippool', and do 'configure;make;make install' and it should work. I follow the above steps, but there is the error make: Fatal error in reader: ../rules.mak, line 65: Unexpected end of line seen in step make or How can I do for new installation with enable rlm_ippool module. I learn the rlm_ippool module cannot be included for configure;make;make install installation ___ Do You Yahoo!? Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool / need help
my problem, I need to stop the radiusd service then delete the db.ippool and db.ipindex files then restart the radiusd. Any help please to solve my problem... ippool hangar { range-start = 172.16.10.50 range-stop = 172.16.10.60 netmask = 255.255.255.0 cache-size = 10 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex I am not able to reproduce the problem. The ippool module will give out all the available ip's in it's pool and after that it will not do anything. Could you send some debuging info showing radiusd giving out a wrong IP? this is what I have, I using 3Com Ras1500 as my RAS and RedHat 7.2. In my RAS1500 box I have also an IPPOOL 172.16.10.10 size 10 means It will pool 10 ip address which this is for my default dialup users. I have also IPPOOL configuration thru the rlm_ippool module and I need it because of the feature that it can define to limit the ippool. After I consumed the range pool from my configuration 172.16.10.50 to 60, the next time I login it gave me 172.16.10.11, 12, 13 and so on. So I need to stop the radius services then delete the db.ippool and db.ipindex files and start again the radiusd servicecs. What I want to be even I consumed the IPPOOL range the next time I login I can still pool with in the range specified. My biggest problem is I'm not a programmer so I don't know how to debug. Thank you Kostas for replying my email... I realy need the features. Thanks again. --ador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool
Hi, I want to use ippool module (freeradius version 0.7 stable). I have tried the following configure commands but unfortunately didn't work: ./configure . --with-rlm_ippool ./configure . --enable-rlm_ippool I looked in configure, make messages but I didn't see anything wrong. Are there any dependencies for this module??? What I did wrong?? Please help. _ Send and receive Hotmail on your mobile device: http://mobile.msn.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool
Andrew Kelaidis [EMAIL PROTECTED] wrote: I want to use ippool module (freeradius version 0.7 stable). I have tried the following configure commands but unfortunately didn't work: ... I looked in configure, make messages but I didn't see anything wrong. Are there any dependencies for this module??? What I did wrong?? The output of 'configure --help' gives you some information. You can enable experimental modules. But it won't currently let you enable the experimental modules one-by-one. Or, you can just build install the server without rlm_ippool. Then, go to 'src/modules/rlm_ippool', and do 'configure;make;make install' and it should work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool problem.May this be a good fix ?
On Tue, 16 Jul 2002, Alan DeKok wrote: Pierluigi Frullani [EMAIL PROTECTED] wrote: Looking in the code I think I' ve found a bug that I fixed this way: ... Brief, when entering in this lines, if the user was missing the Pool-Name attribute, there were no return and some unpredictable Pool address was returned. Ah, that's a problem. Well actually that was a design decision. If the Pool-Name attribute does not exist then the first module instance in the authorize section will give out an IP address. That way we have a default behaviour when the Pool-Name is missing. Is this correct. Yes. I've added your patch, thanks. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_ippool / need help
On Mon, 29 Jul 2002, Ador Dauz wrote: To all, Please need your help or other solutions. I using freeradius 0.6 and I used the rlm_ippool module. this is what I observed, Using my setup which it pool 10 IP Address range, so I try to login 10 times and It gave me the right IP address range which in my configuration. After that, In my 11 attempt login, It gave an IP address out of the range specified in my configuration. So to solve my problem, I need to stop the radiusd service then delete the db.ippool and db.ipindex files then restart the radiusd. Any help please to solve my problem... ippool hangar { range-start = 172.16.10.50 range-stop = 172.16.10.60 netmask = 255.255.255.0 cache-size = 10 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex I am not able to reproduce the problem. The ippool module will give out all the available ip's in it's pool and after that it will not do anything. Could you send some debuging info showing radiusd giving out a wrong IP? -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool / need help
To all, Please need your help or other solutions. I using freeradius 0.6 and I used the rlm_ippool module. this is what I observed, Using my setup which it pool 10 IP Address range, so I try to login 10 times and It gave me the right IP address range which in my configuration. After that, In my 11 attempt login, It gave an IP address out of the range specified in my configuration. So to solve my problem, I need to stop the radiusd service then delete the db.ippool and db.ipindex files then restart the radiusd. Any help please to solve my problem... ippool hangar { range-start = 172.16.10.50 range-stop = 172.16.10.60 netmask = 255.255.255.0 cache-size = 10 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex Thanks --ador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool
Hi all, I using freeradius 0.6 and I used the rlm_ippool module. this is what I observed, Using my setup which it pool 10 IP Address range, so I try to login 10 times and It gave me the right IP address range which in my configuration. After that, In my 11 attempt login, It gave an IP address out of the range specified in my configuration. So to solve my problem, I need to stop the radiusd service then delete the db.ippool and db.ipindex files then restart the radiusd. Any help please to solve my problem. ippool hangar { range-start = 172.16.10.50 range-stop = 172.16.10.60 netmask = 255.255.255.0 cache-size = 10 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex Thanks --ador - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
rlm_ippool breaking authentication
I'm having problems getting ippool to work. The rlm_ippool module seems to load and initialize ok, but when I add the Pool-Name attribute, authentication starts failing. I'm not sure if I'm putting the Pool-Name attribute in the right spot or not. I've tried putting it in radcheck and radreply and radgroupcheck and radgroup reply as well. I was basing my Pool-Name attribute placement on a posting from Cassiano Aquino on June 16th 2002. http://www.mail-archive.com/freeradius-users@lists.cistron.nl/msg06510.h tml It sounded like he had ippool working but was having address de-allocation problems. Maybe my problem has something to do with the mschap or postgres module , but I don't see how/why. I've also tried creating a separate group and making that user a member of both groups and putting the Pool-Name in radgroupreply as part of the separate group. I've also tried using different op values for User-Password and Pool-Name with no luck Here's what I have at this point. I hope I've provided enough information. Many thanks to those working on freeradius and it's modules ... In SQL I have the following: customers=# select * from radcheck where username = 'charlieb'; id | username | attribute | value | op -+--+---+-+ 771 | charlieb | User-Password | testing | := customers=# select * from usergroup where username = 'charlieb'; id | customer_user_id | username | groupname -+--+--+--- 771 | CHA1646-100 | charlieb | dialplan1 customers=# select * from radgroupreply; id | groupname | attribute | value | op | prio +---+---+-++ -- 2 | dialplan1 | Service-Type | Framed-User | := | 0 3 | dialplan1 | Framed-Protocol | PPP | := | 0 4 | dialplan1 | Framed-IP-Netmask | 255.255.255.255 | := | 0 5 | dialplan1 | X-Ascend-Assign-IP-Pool | 1 | := | 0 6 | dialplan1 | X-Ascend-Idle-Limit | 900 | := | 0 7 | dialplan1 | X-Ascend-Maximum-Channels | 1 | := | 0 1 | dialplan1 | Acct-Authentic| RADIUS | := | 0 customers=# select * from radreply; id | username |attribute | value | op +--+--+---+ 2 | charlieb | BWControl-RxRate | 384 | := 3 | charlieb | BWControl-TxRate | 128 | := customers=# select * from radgroupcheck; id | groupname | attribute | value | op +---+---+--+ 11 | dialplan1 | Pool-Name | wireless | := radiusd.conf #in modules ippool wireless { session-db = ${raddbdir}/wireless.db ip-index = ${raddbdir}/wireless.idx.db range-start = 63.167.49.1 range-stop = 63.167.49.253 netmask = 255.255.255.0 cache-size = 1024 } authorize { preprocess suffix sql mschap wireless } authenticate { mschap } accounting { acct_unique detail wireless sql radutmp } In users, I have: DEFAULT Auth-Type := Local Fall-Through = 1 DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = 1 DEFAULT Acct-Authentic == RADIUS Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Netmask = 255.255.255.255, Ascend-Assign-IP-Pool = 1, Ascend-Idle-Limit = 900, Ascend-Maximum-Channels = 1 With the Pool-Name attribute set in radgroupcheck, authorization fails. (working debug log below this) rad_recv: Access-Request packet from host 63.167.48.244:1029, id=104, length=136 Service-Type = Framed-User Framed-Protocol = PPP User-Name = charlieb MS-CHAP-Challenge = 0x5931d1c70b2cf8d5bf43d429d5c4f49c MS-CHAP2-Response = 0x010066977855bea946c46a9ade213bad6cd21830fc78d1b993e139 8bcc47c98d26488c8f4eedcbb4075b NAS-IP-Address = 10.100.1.1 NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module preprocess returns ok rlm_realm: Looking up realm NULL for User-Name = charlieb rlm_realm: No such realm NULL modcall[authorize]: module suffix returns noop radius_xlat: 'charlieb' sql_set_user: escaped user -- 'charlieb' radius_xlat: 'SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'charlieb' ORDER BY id' rlm_sql: Reserving sql socket id: 2 query: SELECT id,UserName,Attribute,Value FROM radcheck WHERE Username = 'charlieb' ORDER BY id rlm_postgresql Status: PGRES_TUPLES_OK sql_postgresql: affected rows = radius_xlat: 'SELECT radgroupcheck.id
rlm_ippool problem.May this be a good fix ?
Hi all, I'm trying to configure a radius server ( freeradius 0.6 ) where I would liketo receive the IP-Address from a pool. To achieve this I would like to join some of the users in groups, by using the following authentication user: steve@Gruppo where the user steve has some return pair, but not Pool-Name attribute, and the group Gruppo has the PoolName attribute ( and more return pair ). Looking in the code I think I' ve found a bug that I fixed this way: - --- rlm_ippool.c.orig Tue Jul 16 15:29:01 2002 +++ rlm_ippool.cTue Jul 16 15:29:40 2002 -405,7 +405,9 if ((vp = pairfind(request-config_items, PW_POOL_NAME)) != NULL){ if (data-name == NULL || strcmp(data-name,vp-strvalue)) return RLM_MODULE_NOOP; - } + } else { + return RLM_MODULE_NOOP; +} /* * Get the nas ip address - Brief, when entering in this lines, if the user was missing the Pool-Name attribute, there were no return and some unpredictable Pool address was returned. Is this correct. T.I.A. Pigi P.s. Sorry for my not good english - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html