> From: Alexander Lunyov
> Sent: Thursday, 30 October 2003 12:14 PM
> What do you mean? NAS in the same logical network or radius server in the
> same logical network?
> For example, i want this ippool working with NAS.
>
> ippool main_pool {
> range-start = 192.168.253.1
> range-stop = 192.168.253.254
> netmask = 255.255.0.0
> cache-size = 800
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> override = no
> }
>
> NAS is a FreeBSD box with 3 multiport cards and 2 network
> interfaces. First iface is 192.168.33.127/24, second is
> x.x.x.2/24 ('white' network). So when authentification of ppp session is done
> and
> it's time to receive IP address for this session, radiusd cannot
> find range for this NAS. It says
>
> rad_recv: Access-Request packet from host x.x.x.2:2740, id=239, length=105
> Thread 1 assigned request 0
> --- Walking the entire request list ---
> Threads: total/active/spare threads = 5/1/4
> Waking up in 5 seconds...
> Thread 1 handling request 0, (1 handled so far)
> User-Name = "lan"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> CHAP-Password = 0x0176a7169a89a0a8s8aa34a03e630f1ead
> CHAP-Challenge = 0x38328232349865433746313036313635
> NAS-Identifier = "zeus.domain.ru"
> NAS-Port-Type = Ethernet
> NAS-Port = 61
>
> [authentification and other skip]
>
> rlm_ippool: Searching for an entry for nas/port: zeus.domain.ru/61
> modcall[post-auth]: module "main_pool" returns noop for request 0
The only NOOP between these two lines is the one that checks if you've
already got a Framed-IP-Address. As the below output indicates, you do
already have one, so the rlm_ippool module NOOPs instead. If you set
override=yes instead of override=no, the existing Framed-IP-Address in
the response will be _replaced_ with one from the IP pool.
I guess a debug output at that point would be useful... Hmm.
Alternatively, work out where the value 255.255.255.254 is coming from.
It _might_ be a hint from the NAS, or there may be another module adding
it (probably incorrectly).
This is completely unrelated to the network configuration of the NAS,
I think the confusion was caused by asking the (wrong) question, rather
than describing the problem, leading to a whole lot of unuseful answers,
and the confusion expressed at the top of this email.
> modcall: group post-auth returns noop for request 0
> Sending Access-Accept of id 239 to x.x.x.2:2740
> Framed-Compression = Van-Jacobson-TCP-IP
> Idle-Timeout = 10
> Framed-MTU = 576
> Framed-IP-Address = 255.255.255.254
> Framed-Protocol = PPP
> Service-Type = Framed-User
> Finished request 0
--
Paul "TBBle" Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]
On a sidewalk near Portland State
University someone wrote `Trust Jesus', and
someone else wrote `But Cut the Cards'.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
