On Thu, 17 Jun 2004, Dave Shepherd wrote:
> All,
>
> I've got a problem that I currently can't seem to solve, through the
> docs or google that I hope you can help me with.
>
> I'm in the process of setting up a freeradius server which is
> currently acting as a proxy from an unknown BT radius server to a
> Microsoft IAS server authenticating against an NT4 SAM database.
>
> The authentication works fine, so no problems there.
>
> My problem comes because I want to allocate IP addresses via my
> freeradius server (giving me IP address allocation control based on
> where the user is coming from (or what phone number they ring)).
>
> Now initially I wanted to use DHCP, so this problem wouldn't exist,
> but BT don't seem to want to RELAY my clients DHCP request onto my DHCP
> server. So I've fallen back on the rlm_ippool module in freeradius.
>
> I've got the following in my radiusd.conf file:
>
> ippool main_pool {
> range-start = 192.168.50.1
> range-stop = 192.168.50.254
> netmask = 255.255.255.0
> cache-size = 254
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> override = yes
> }
>
> I've set override to yes because I hand out a Framed-IP-Address of
> 255.255.255.254 on the IAS side (is this correct?)
>
> I've also got the following in my users file.
>
> DEFAULT Group == IT, Pool-Name := "main_pool"
>
> So when I start radius in debug mode I can see the following output:
>
> So far, so good. It loads the main_pool and from what I can tell is
> ready to rock and roll.
>
> I then get the Access-Request packet:
>
> rad_recv: Access-Request packet from host 192.168.252.2:1645, id=183,
> length=102
> NAS-IP-Address = 192.168.252.2
> NAS-Port = 35
> NAS-Port-Type = Async
> User-Name = "????????" # Edited out to protect the innocent
> Called-Station-Id = "8005876531"
> Calling-Station-Id = "1214575000"
> User-Password = "????????" # Edited out to protect the innocent
> Service-Type = Framed-User
> Framed-Protocol = PPP
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "???????", looking up realm NULL
> rlm_realm: Found realm "NULL"
> rlm_realm: Adding Stripped-User-Name = "???????"
> rlm_realm: Proxying request from user ??????? to realm NULL
> rlm_realm: Adding Realm = "NULL"
> rlm_realm: Preparing to proxy authentication request to realm "NULL"
> modcall[authorize]: module "NULL" returns updated for request 0
> modcall: group authorize returns updated for request 0
> Sending Access-Request of id 1 to 192.168.51.17:1645
> User-Name = "???????"
> NAS-IP-Address = 192.168.252.2
> NAS-Port = 35
> NAS-Port-Type = Async
> Called-Station-Id = "8005876531"
> Calling-Station-Id = "1214575000"
> User-Password = "???????"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Proxy-State = 0x313833
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Accept packet from host 192.168.51.17:1645, id=1,
> length=55
> Framed-Protocol = PPP
> Framed-IP-Address = 255.255.255.254
> Service-Type = Framed-User
> Proxy-State = 0x313833
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: Proxy reply, or no User-Name. Ignoring.
> modcall[authorize]: module "NULL" returns noop for request 0
> modcall: group authorize returns ok for request 0
> rad_check_password: Found Auth-Type
> rad_check_password: Auth-Type = Accept, accepting the user
> Login OK: [??????/??????] (from client BT_NAS_2 port 35 cli 1214575000)
> modcall: entering group post-auth for request 0
> rlm_ippool: Could not find Pool-Name attribute.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The files module does not seem to be called anywhere (mainly in the authorize
section). Fix that and things should work.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
