ippool assign the same ip address for two different users.
May be my config is broken?
When i use large pool (1-254), i have the same bug after restarting
radiusd.
------------- radiusd.conf
modules {
....
ippool ippool-1-fast {
range-start = 192.168.5.1
range-stop = 192.168.5.6
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/pools/db.pool-1-fast
ip-index = ${raddbdir}/pools/db.pool-1-fast.idx
}
}
accounting {
detail
unix
radutmp
ippool-1-fast
}
post-auth {
ippool-1-fast
}
------------- end of radiusd.conf
------------- users
DEFAULT NAS-IP-Address == "192.168.0.5", Service-Type == Framed-User, Pool-Name :=
"ippool-1-fast"
Framed-MTU = 1500,
Service-Type = Framed-User,
Fall-Through = 1
------------- end of users
Now run radiusd:
root@vpn:/etc/raddb# radiusd -xx
Starting - reading configuration files ...
...
Module: Loaded IPPOOL
ippool: session-db = "/etc/raddb/pools/db.pool-1-fast"
ippool: ip-index = "/etc/raddb/pools/db.pool-1-fast.idx"
ippool: range-start = 192.168.5.1 IP address [192.168.5.1]
ippool: range-stop = 192.168.5.6 IP address [192.168.5.6]
ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
ippool: cache-size = 800
rlm_ippool: Initializing database
Module: Instantiated ippool (ippool-1-fast)
Initializing the thread pool...
thread: start_servers = 5
thread: max_servers = 32
thread: min_spare_servers = 3
thread: max_spare_servers = 10
thread: max_requests_per_server = 0
thread: cleanup_delay = 5
....
Ready to process requests.
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.5:1026, id=70, length=133
Thread 1 assigned request 0
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
--------------------------------- Now I try send auth packet with radclient (user
mmike):
Thread 1 handling request 0, (1 handled so far)
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "mmike"
MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565
MS-CHAP2-Response =
0x01002bbf1007dc607b833af3cdd279ece38b00000000000000002284ae758753dd9cd3e78d98dfcdde06a8db899b56543336
NAS-IP-Address = 192.168.0.5
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_passwd: Added User-Password: mike
rlm_passwd: Added Group: fast
rlm_passwd: Adding Auth-Type: MS-CHAP
modcall[authorize]: module "raddb_userlist" returns ok
modcall[authorize]: module "mschap" returns ok
rlm_realm: No '@' in User-Name = "mmike", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 201
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok
modcall: group authenticate returns ok
Login OK: [mmike] (from client 192.168.0.5 port 0)
modcall: entering group post-auth
rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 192.168.5.3 to client on nas 192.168.0.5,port 0
modcall[post-auth]: module "ippool-1-fast" returns ok
modcall: group post-auth returns ok
Sending Access-Accept of id 70 to 192.168.0.5:1026
Framed-MTU = 1500
Service-Type = Framed-User
MS-CHAP2-Success = 0x01533d453742313241354342463337383533443044383236383
73933463331363332363844463839414236
MS-MPPE-Recv-Key = 0xe3464568c260d4f054599eac8c270f89762624d03837024c13e
53c392029a3ca21c2
MS-MPPE-Send-Key = 0xe345be695620746dcc14948143420d08d333dd86889a5a66f9a
1e084b1c5a4b6d723
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Framed-IP-Address = 192.168.5.3
-------------------- OK ip assigned 192.168.5.3
-------------------- Now I try to connect with pppd+radiusclient (user mmmike)
Nothing to do. Sleeping until we see a request.
Thread 1 handling request 5, (2 handled so far)
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "mmmike"
MS-CHAP-Challenge = 0x35a4ce64ebf19fc25af6921225399273
MS-CHAP2-Response = 0x010068295ca3c0f2c063e229225a129b53df00000000000000
00405f88f247c0d22d083286a7123eb6cc61415f5401ad09fc
NAS-IP-Address = 192.168.0.5
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_passwd: Added User-Password: mike
rlm_passwd: Added Group: fast
rlm_passwd: Adding Auth-Type: MS-CHAP
modcall[authorize]: module "raddb_userlist" returns ok
modcall[authorize]: module "mschap" returns ok
rlm_realm: No '@' in User-Name = "mmmike", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 201
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok
modcall: group authenticate returns ok
Login OK: [mmmike] (from client 192.168.0.5 port 0)
modcall: entering group post-auth
rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 192.168.5.3 to client on nas 192.168.0.5,port 0
modcall[post-auth]: module "ippool-1-fast" returns ok
modcall: group post-auth returns ok
Sending Access-Accept of id 91 to 192.168.0.5:1026
Framed-MTU = 1500
Service-Type = Framed-User
MS-CHAP2-Success = 0x01533d414244384238353137323133333531343241423133383
44430353544453542423434303943413231
MS-MPPE-Recv-Key = 0xb900749b8bb3510d19734307e8cfe35ca58af68142b683f3eff
d5edfee54ff96f6c2
MS-MPPE-Send-Key = 0xb90385d656e61690052d313e0d94ad4c545a4567405b54a3678
a63d250a33d45cc09
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Framed-IP-Address = 192.168.5.3
-------------------- What?! 192.168.5.3 Again?!!
Finished request 5
Going to the next request
Thread 1 waiting to be assigned a request
rad_recv: Accounting-Request packet from host 192.168.0.5:1026, id=92, length=111
Thread 2 assigned request 6
--- Walking the entire request list ---
Waking up in 3 seconds...
Thread 2 handling request 6, (2 handled so far)
Acct-Session-Id = "3D904BBA6E4D"
User-Name = "mmmike"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Calling-Station-Id = "192.168.0.29"
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 192.168.5.3
NAS-IP-Address = 192.168.0.5
NAS-Port = 0
Acct-Delay-Time = 0
modcall: entering group preacct
modcall[preacct]: module "preprocess" returns noop
rlm_realm: No '@' in User-Name = "mmmike", looking up realm NULL
rlm_realm: No such realm NULL
modcall[preacct]: module "suffix" returns noop
modcall[preacct]: module "files" returns noop
modcall: group preacct returns noop
modcall: entering group accounting
radius_xlat: '/var/log/radius/radacct/192.168.0.5/detail'
rlm_detail: /var/log/radius/radacct/%{Client-IP-Address}/detail expands to
/var/log/radius/radacct/192.168.0.5/detail
modcall[accounting]: module "detail" returns ok
modcall[accounting]: module "unix" returns ok
radius_xlat: 'mmmike'
modcall[accounting]: module "radutmp" returns ok
modcall[accounting]: module "ippool-1-fast" returns noop
modcall: group accounting returns ok
Sending Accounting-Response of id 92 to 192.168.0.5:1026
Finished request 6
Going to the next request
Thread 2 waiting to be assigned a request
------------------------- try with radclient (mmike)
rad_recv: Access-Request packet from host 192.168.0.5:1026, id=83, length=133
Thread 3 assigned request 7
Cleaning up request 6 ID 92 with timestamp 3d904bba
Waking up in 3 seconds...
Thread 3 handling request 7, (2 handled so far)
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "mmike"
MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565
MS-CHAP2-Response = 0x01002bbf1007dc607b833af3cdd279ece38b00000000000000
002284ae758753dd9cd3e78d98dfcdde06a8db899b56543336
NAS-IP-Address = 192.168.0.5
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_passwd: Added User-Password: mike
rlm_passwd: Added Group: fast
rlm_passwd: Adding Auth-Type: MS-CHAP
modcall[authorize]: module "raddb_userlist" returns ok
modcall[authorize]: module "mschap" returns ok
rlm_realm: No '@' in User-Name = "mmike", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 201
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok
modcall: group authenticate returns ok
Login OK: [mmike] (from client 192.168.0.5 port 0)
modcall: entering group post-auth
rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0
rlm_ippool: Found a stale entry for ip/port: 192.168.5.3/0
rlm_ippool: num: 0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 192.168.5.3 to client on nas 192.168.0.5,port 0
modcall[post-auth]: module "ippool-1-fast" returns ok
modcall: group post-auth returns ok
Sending Access-Accept of id 83 to 192.168.0.5:1026
Framed-MTU = 1500
Service-Type = Framed-User
MS-CHAP2-Success = 0x01533d453742313241354342463337383533443044383236383
73933463331363332363844463839414236
MS-MPPE-Recv-Key = 0xe27f7c5438ff0419ab1d4f42c848f4f7dd4c2ab060e8db522b2
54dbaefc80a2bcebe
MS-MPPE-Send-Key = 0xe270df8e42560bdbe16f6b5354cc848d56c901d912e9071a988
b85de5f95f3eb27a0
MS-MPPE-Encryption-Policy = 0x00000002
MS-MPPE-Encryption-Types = 0x00000004
Framed-IP-Address = 192.168.5.3
------------------ again 192.168.5.3 :(
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
