On Fri, Feb 20, 2004 at 08:25:08PM +0200, Anton Blajev wrote: > Hello there. > I've posted previously before but noone got it as a bug. > I'm using freebsd pptp+ppp+freeradius+mysql. > I've tryed to setup ippool so I can get a dynamic assigned ips from the > radius server. It worked just fine with radtest , I got right answer > with the ip addres and all fine. > But! When I tryed trough ppp (set radius /etc/ppp/radius.conf) I didn't > get any ip number , just got authenticated. > According to the debug information ippool failed to give me ip address > because the ppp didn't send any NAS-Port = port it returned > NAS-Port-Type = "Virtual"
> I tgouht this is a ppp bug but look at this answer from the freebsd-net > list(and rfcs): > --------------- > NAS-Port is not required. From RFC2865 section 4.1: > NAS-Port is intended to specify the physical (modem) port on a dialin > server. It does not mean the UDP port from/to which RADIUS requests > are sent. The bug, if any, is in whatever is demanding that the > attribute be present. I'm pretty sure it mentions this in the comments of the module... > --------------- > I took a look at the ippool.c and there is a if statement that returns > noop if there is not NAS-Port. > I think this should be considered as a "bug" in freeradius ipool... what > would you say guys? It's omission by design. rlm_ippool as it stands needs the NAS-Port as a key in its database. It allocates IPs to NAS/Port combinations, not to users or anything else. Simply because NAS/Port is a primary key into the set of dialed in users. (Username is not, due to multilink PPP. Similarly for Caller-ID, which I think is the same on both channels of a ISDN-B 128k connection. I could be wrong about that last one) Your choices are (a) write your own radius module that works sensibly for you. You might be able to use rlm_ippool as a start. Or you could grab rlm_ippoolnew from me (a redsign i decribed on this list a while ago but ran out of interest to upkeep when the killer threading bugs in rlm_ippool were fixed) which might suit your purpose better. (b) make the pppd daemon fake up a NAS-Port for the request. If I remember correctly from very old discussions on this list, it should be an option somewhere in your setup. Off the top of my head, a PID seems like a useful number to use, given that pptp runs in userspace (I think) and it has the same sort of semantics as a port (unique to active connections -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
