Thanks,
you are right. It works by itself. I did a test with radpingtest.
Now I am going to test it on my cisco.
----- Original Message -----
From: "Paul Hampson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, July 12, 2003 4:27 PM
Subject: RE: URGENT HELP rlm_ippool
> > From: ARC Informatique
> > Sent: Sunday, 13 July 2003 2:10 AM
>
> > I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool.
> > I have to migrate tonight so this is an urgent request
>
> > I have a Cisco AS5300 and here is what I would like to do:
> >
> > 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254
> >
> > 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254
> >
> > So I am trying to setup rlm_ippool.
> >
> > Here is what I have so far:
> >
> > in radiusd.conf
> >
> > ippool public_pool {
> >
> > range-start = 1.1.1.1
> > range-stop = 1.1.1.254
> > netmask = 255.255.255.0
> > cache-size = 255
> > session-db = ${raddbdir}/db.ippool
>
> session-db = ${raddbdir}/public.ippool
>
> > ip-index = ${raddbdir}/db.ipindex
>
> ip-index = ${raddbdir}/public.ipindex
>
> > override = no
> > }
> >
> > ippool private_pool {
> >
> > range-start = 172.16.1.1
> > range-stop = 172.16.1.254
> > netmask = 255.255.255.0
> > cache-size = 255
> > session-db = ${raddbdir}/db.ippool
>
> session-db = ${raddbdir}/private.ippool
>
> > ip-index = ${raddbdir}/db.ipindex
>
> ip-index = ${raddbdir}/private.ipindex
>
> > override = no
> > }
>
> The problem here is that they need _seperate_ DB files...
>
> Oh, and make sure you've got the private_pool and public_pool
> instances in your accounting and post-auth sections of radius.conf
>
> > In radgroupcheck, I have:
> >
> > groupname | attribute | op | value
> > publicgroup | Pool-Name | := | public_pool
> > privategroup | Pool-Name | := | private_pool
>
> That should be correct.
>
> > In radgroupreply : what do I put exactly to tell my cisco what IP
address is
> > assigned
>
> Nothing. When the module runs in post-auth, it'll see the check item
Pool-Name
> and replace it with an IP address and netmask if you haven't specified one
> already.
>
> > Basically, I am lacking documentation here - Can someone give a sample
> > configuration on what I have to put exactly in my freeradius config as
well
> > as my cisco config.
>
> Basically, I have exactly what you have here, and it works a treat. For
one
> reason or another, I've had to patch my copy of rlm_ippool to use
radgroupreply
> instead of radgroupcheck, but that's irrelevant.
>
> You should see the modcalls in radius debug... Warning, if you use radtest
to
> test this, you'll have to either use radzap or ippooltool (seperate
program
> from one of the list members) to remove that entry from the list of take
IP
> addresses.
>
> Anyway, a ippool module will NOOP on the wrong Pool-Name, and OK on the
correct
> pool name. If no pool name is specified, you should see a warning in debug
mode,
> and get a NOOP response from the module.
>
> --
> =========================================================
> Paul "TBBle" Hampson
> Bubblesworth Pty Ltd (ABN: 51 095 284 361)
> [EMAIL PROTECTED]
>
> This is a one line proof...if we start
> sufficiently far to the left.
> -- Cambridge University Math Department
> ---------------------------------------------------------
> Random signature generator 3.0 by Paul "TBBle" Hampson
> =========================================================
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
---------------------------------------------------------------------------------------------------
Ce mail ne contient pas de virus. This mail is virus free
Scann� par Escan Checked by Escan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
