Re: My question again (was: Netmask HOWTO)
On 02/07/10 12:26, loki wrote: Hello all. I need some kind of solution very urgent. My question was - is it possible to set Framed-IP-Netmask, together with IPs through sqlippool, somehow by default, via groupreply or something, or to change sqlippool somewhow to achive this. Or is this only possible through ippool (txt - version in /etc). I tried through groupreply but it didn't work. It didn't work is a useless statement. Show the debug output run with -X, as advised daily on this list. I can think of a few ways of doing this, but without more info I can't help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: My question again (was: Netmask HOWTO)
At 15:23 2.7.2010, you wrote: On 02/07/10 12:26, loki wrote: Hello all. I need some kind of solution very urgent. My question was - is it possible to set Framed-IP-Netmask, together with IPs through sqlippool, somehow by default, via groupreply or something, or to change sqlippool somewhow to achive this. Or is this only possible through ippool (txt - version in /etc). I tried through groupreply but it didn't work. It didn't work is a useless statement. Show the debug output run with -X, as advised daily on this list. I can think of a few ways of doing this, but without more info I can't help. Thx for your reply. Unfortunatly it's a production system already in heavy use so I can't use -X. But I'm only searching for ways of howto, ways not to be found on the net. This I can try without interrupting radius until one is working. I tried it with radgroureply (Framed-IP-Netmask) and it didn't work. I tried it per user (radreply) and this worked. But the thing is that I want to implement it in sqlippool. Which per se is already working for stuff that I don't have to forward netmasks. But now I have to accomplish this with OpenVPN and there I have to forward different Netmasks based on groups or pools. It could be that the plugin of OpenVPN isn't compatible with this but I guess than the user-version wouldn't work as well. All in all I'm not searching for debugging, I'm searching for ways of how to do it from someone who maybe had the same problem of setup. Sorry that I didn't specify that. THX __ Information from ESET Mail Security, version of virus signature database 5245 (20100702) __ The message was checked by ESET Mail Security. http://www.eset.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: My question again (was: Netmask HOWTO)
On 02/07/10 15:18, loki wrote:
At 15:23 2.7.2010, you wrote:
On 02/07/10 12:26, loki wrote:
Hello all.
I need some kind of solution very urgent. My question was - is it
possible to set Framed-IP-Netmask, together with IPs through
sqlippool, somehow by default, via groupreply or something, or to
change sqlippool somewhow to achive this. Or is this only possible
through ippool (txt - version in /etc).
I tried through groupreply but it didn't work.
It didn't work is a useless statement.
Show the debug output run with -X, as advised daily on this list.
I can think of a few ways of doing this, but without more info I can't help.
Thx for your reply.
Unfortunatly it's a production system already in heavy use so I can't
use -X. But I'm only searching for ways of howto, ways not to be
found on the net. This I can try without interrupting radius until one
is working. I tried it with radgroureply (Framed-IP-Netmask) and it
didn't work. I tried it per user (radreply) and this worked. But the
thing is that I want to implement it
in sqlippool. Which per se is already working for stuff that I don't
Allright, then that's easy: No.
rlm_sqlippool only updates Framed-IP-Address. You would either need to
patch the module to lookup add the framed IP, or use another module.
have to forward netmasks. But now I have to accomplish this with
OpenVPN and there I have to forward different Netmasks
based on groups or pools. It could be that the plugin of OpenVPN
isn't compatible with this but I guess than the user-version wouldn't
work as well. All in all I'm not searching for debugging, I'm searching
for ways of how to do it from someone who maybe had the same problem of setup.
Framed-Netmask is just a radius attribute. You can fill it's contents in
any way you like. For example, you might try something like this:
postauth {
sqlippool
update reply {
Framed-Netmask = %{sql:SELECT mynetmask FROM mynetmasktable WHERE
ip='%{Framed-IP-Address}'}
}
}
...if you're running something like Postgres you can be even more
sophisticated:
Framed-Netmask = %{sql:SELECT netmask(net) from mynets where mynet
'%{Framed-IP-Address}'}
...it depends on your SQL schema.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
