On Thu, 17 Jun 2004, Dave Shepherd wrote: > All, > > I've got a problem that I currently can't seem to solve, through the > docs or google that I hope you can help me with. > > I'm in the process of setting up a freeradius server which is > currently acting as a proxy from an unknown BT radius server to a > Microsoft IAS server authenticating against an NT4 SAM database. > > The authentication works fine, so no problems there. > > My problem comes because I want to allocate IP addresses via my > freeradius server (giving me IP address allocation control based on > where the user is coming from (or what phone number they ring)). > > Now initially I wanted to use DHCP, so this problem wouldn't exist, > but BT don't seem to want to RELAY my clients DHCP request onto my DHCP > server. So I've fallen back on the rlm_ippool module in freeradius. > > I've got the following in my radiusd.conf file: > > ippool main_pool { > range-start = 192.168.50.1 > range-stop = 192.168.50.254 > netmask = 255.255.255.0 > cache-size = 254 > session-db = ${raddbdir}/db.ippool > ip-index = ${raddbdir}/db.ipindex > override = yes > } > > I've set override to yes because I hand out a Framed-IP-Address of > 255.255.255.254 on the IAS side (is this correct?) > > I've also got the following in my users file. > > DEFAULT Group == IT, Pool-Name := "main_pool" > > So when I start radius in debug mode I can see the following output: > > So far, so good. It loads the main_pool and from what I can tell is > ready to rock and roll. > > I then get the Access-Request packet: > > rad_recv: Access-Request packet from host 192.168.252.2:1645, id=183, > length=102 > NAS-IP-Address = 192.168.252.2 > NAS-Port = 35 > NAS-Port-Type = Async > User-Name = "????????" # Edited out to protect the innocent > Called-Station-Id = "8005876531" > Calling-Station-Id = "1214575000" > User-Password = "????????" # Edited out to protect the innocent > Service-Type = Framed-User > Framed-Protocol = PPP > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: No '@' in User-Name = "???????", looking up realm NULL > rlm_realm: Found realm "NULL" > rlm_realm: Adding Stripped-User-Name = "???????" > rlm_realm: Proxying request from user ??????? to realm NULL > rlm_realm: Adding Realm = "NULL" > rlm_realm: Preparing to proxy authentication request to realm "NULL" > modcall[authorize]: module "NULL" returns updated for request 0 > modcall: group authorize returns updated for request 0 > Sending Access-Request of id 1 to 192.168.51.17:1645 > User-Name = "???????" > NAS-IP-Address = 192.168.252.2 > NAS-Port = 35 > NAS-Port-Type = Async > Called-Station-Id = "8005876531" > Calling-Station-Id = "1214575000" > User-Password = "???????" > Service-Type = Framed-User > Framed-Protocol = PPP > Proxy-State = 0x313833 > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Accept packet from host 192.168.51.17:1645, id=1, > length=55 > Framed-Protocol = PPP > Framed-IP-Address = 255.255.255.254 > Service-Type = Framed-User > Proxy-State = 0x313833 > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: Proxy reply, or no User-Name. Ignoring. > modcall[authorize]: module "NULL" returns noop for request 0 > modcall: group authorize returns ok for request 0 > rad_check_password: Found Auth-Type > rad_check_password: Auth-Type = Accept, accepting the user > Login OK: [??????/??????] (from client BT_NAS_2 port 35 cli 1214575000) > modcall: entering group post-auth for request 0 > rlm_ippool: Could not find Pool-Name attribute. > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The files module does not seem to be called anywhere (mainly in the authorize section). Fix that and things should work. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html