Affect Static IP by Freeradius/ASA5510

Wed, 04 Feb 2009 07:00:18 -0800 

Hi
Sorry to restart the same subject, but actually i am search .. i am search .... 
but i don't see any solution ...


I use:
   FreeRadius with a Perl Script
   A Cisco ASA5510 IOS 8.0


In debug i have:


When a user don't have IP, use "Pool" :

==============================================================
rad_recv: Access-Request packet from host 10.218.7.243:1025, id=31, length=166 
   User-Name = "[email protected]"
   User-Password = "XXX"
   NAS-Port = 1658880
   Service-Type = Framed-User
   Framed-Protocol = PPP
   Called-Station-Id = "62.XX.XX.XX"
   Calling-Station-Id = "88.XX.XX.XX"
   NAS-Port-Type = Virtual
   Tunnel-Client-Endpoint:0 = "88.XX.XX.XX"
   NAS-IP-Address = 10.218.7.243
   Cisco-AVPair = "ip:source-ip=88.XX.XX.XXy\223"
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
 modcall[authorize]: module "preprocess" returns ok for request 0
 modcall[authorize]: module "chap" returns noop for request 0
 modcall[authorize]: module "mschap" returns noop for request 0
   rlm_realm: Looking up realm "xx.fr" for User-Name = "[email protected]"
   rlm_realm: No such realm "xx.fr"
 modcall[authorize]: module "suffix" returns noop for request 0
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 0
   users: Matched entry DEFAULT at line 154
   users: Matched entry DEFAULT at line 173
   users: Matched entry DEFAULT at line 185
 modcall[authorize]: module "files" returns ok for request 0
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
 modcall[authorize]: module "perl" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
 rad_check_password:  Found Auth-Type Perl
auth: type "Perl"
 Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 0
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
 modcall[authenticate]: module "perl" returns ok for request 0
modcall: leaving group Perl (returns ok) for request 0
Login OK: [[email protected]/XXX] (from client 10.218.7.243 port 1658880 cli 88.XX.XX.XX) 
Sending Access-Accept of id 31 to 10.218.7.243 port 1025
   Framed-IP-Address = 255.255.255.254
   Framed-MTU = 576
   Service-Type = Framed-User
   Framed-Protocol = PPP
   Framed-Compression = Van-Jacobson-TCP-IP
   h323-credit-amount = "100"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 31 with timestamp 4989aa4d
Nothing to do.  Sleeping until we see a request.
================================================

No problems, the user connect and have a IP of the Pool


When i use a user with static IP:
================================================
rad_recv: Access-Request packet from host 10.218.7.243:1025, id=32, length=166 
   User-Name = "[email protected]"
   User-Password = "XXX"
   NAS-Port = 1662976
   Service-Type = Framed-User
   Framed-Protocol = PPP
   Called-Station-Id = "62.23.17.71"
   Calling-Station-Id = "88.XX.XX.XX"
   NAS-Port-Type = Virtual
   Tunnel-Client-Endpoint:0 = "88.XX.XX.XX"
   NAS-IP-Address = 10.218.7.243
   Cisco-AVPair = "ip:source-ip=88.XX.XX.XXy\223"
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
 modcall[authorize]: module "preprocess" returns ok for request 1
 modcall[authorize]: module "chap" returns noop for request 1
 modcall[authorize]: module "mschap" returns noop for request 1
   rlm_realm: Looking up realm "xx.fr" for User-Name = "[email protected]"
   rlm_realm: No such realm "xx.fr"
 modcall[authorize]: module "suffix" returns noop for request 1
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 1
   users: Matched entry DEFAULT at line 154
   users: Matched entry DEFAULT at line 173
   users: Matched entry DEFAULT at line 185
 modcall[authorize]: module "files" returns ok for request 1
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 10.218.3.41
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
 modcall[authorize]: module "perl" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
 rad_check_password:  Found Auth-Type Perl
auth: type "Perl"
 Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 1
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 10.218.3.41
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
 modcall[authenticate]: module "perl" returns ok for request 1
modcall: leaving group Perl (returns ok) for request 1
Login OK: [[email protected]/XXX] (from client 10.218.7.243 port 1662976 cli 88.XX.XX.XX) 
Sending Access-Accept of id 32 to 10.218.7.243 port 1025
   Framed-IP-Address = 255.255.255.254
   Framed-MTU = 576
   Service-Type = Framed-User
   Framed-Protocol = PPP
   Framed-Compression = Van-Jacobson-TCP-IP
   h323-credit-amount = "100"
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 32 with timestamp 4989aa74
Nothing to do.  Sleeping until we see a request.
=============================================


I see "Framed-IP-Address = 10.218.3.41" but at the end of the logs he have:

"Sending Access-Accept of id 32 to 10.218.7.243 port 1025
   Framed-IP-Address = 255.255.255.254"

Why he sending 255.255.255.254 .....
It's because i use a client type "cisco" ? because my perl script use "RLM_MODULE_OK" 
at authenticate and accounting ?


Thanks for your help
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to