Hello.
I am looking to use rlm_ippool to manage my users IPs. The setup we have
here is kind of unique and wondering if rlm_ippool can accomplish what I
need to do.
We will have a block of say /18 assigned to a particular NAS. During the
radius authentication, we will need to send back two radius attributes of
Framed-IP-Address and Framed-IP-Netmask. However, the Framed-IP-Address
that we need to send back will be the first available IP in a /29 netmask.
For example, say that NAS A has a range of 10.0.0.0/24.
The first user would get back
Framed-IP-Address == 10.0.0.1
Framed-IP-Netmask == 255.255.255.248
The second user would get back
Framed-IP-Address == 10.0.0.9
Framed-IP-Netmaks = 255.255.255.248
and so on.
The order is not important, just that they get the first available host on
a /29 range and that the rest of the IPs in that range are not available
to other clients.
Attempting rlm_ippool makes it look like it won't do what I want out of
the box. Just wondering if anyone knows if I am possibly missing
something in the config or of any hacks that they have already created for
rlm_ippool that would accomplish this setup.
Below is my config and debug output that makes me think this won't work.
ippool TEST {
range-start = 10.0.0.0
range-stop = 10.0.0.255
netmask = 255.255.255.248
cache-size = 254
session-db = ${logdir}/ippool/WS_session.db
ip-index = ${logdir}/ippool/WS_index.db
override = no
}
When I ran radclient, I got the following from debug mode.
rlm_ippool: Searching for an entry for nas/port: 172.22.129.10/234111
rlm_ippool: Allocating ip to nas/port: 172.22.129.10/234111
rlm_ippool: num: 1
rlm_ippool: Allocated ip 10.0.0.235 to client on nas 172.22.129.10,port
234111
modcall[post-auth]: module "TEST" returns ok for request 0
modcall: group post-auth returns ok for request 0
Sending Access-Accept of id 45 to 127.0.0.1:4818
Framed-Protocol = PPP
Framed-Routing = None
Service-Type = Framed-User
Framed-IP-Address = 10.0.0.235
Framed-IP-Netmask = 255.255.255.248
Finished request 0
NOTE: the IP I would be looking for would be 10.0.0.233.
If I can't get rlm_ippool to work, then I guess I will write a script to
create every available IP to store in the radreply table and then
configure the reply query to use nasip/nasport, with some modifications of
that table. However, I was hoping to just be able to assign these ranges
dynamically.
Thanks for any suggestions.
Dusty Doris
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
