Hello Nils -
On Wed, 05 Jan 2000, Nils Swart wrote:
> Hello,
>
> First of all, sorry if this question has been posted numerous times, but
> after seeking the answer on the mailinglist archive for a few hours & hard
> research in the books, i found the time was right for a posting.
>
> Radiator has a nifty feature which makes IP Pool management a lot easier,
> at least: it should.
>
> The FramedGroupBaseAddress system would allow a per client configuration
> of
> an IP pool, and that's what we did:
>
> <Client 192.168.11.12>
> Secret test123
> FramedGroupBaseAddress 194.171.0.33
> FramedGroupMaxPortsPerClassC 29
> </Client>
>
> Our Ascend in this example has one primary rate line connected to it, thus
> around 29 IPs should be sufficient.
>
> The actual IP address given to the NAS from Radiator is based on the base
> address to which it adds the NAS-Port.
>
> This is where the problems arise.
>
> Calls on the Ascend Max 4000 are defined in a somewhat different
> way then we would want: it adds info on what type of call it is _in_ the
> NAS-Port reply item
>
> (done with radpwtst, NAS-Port settings are however exactly as the Ascend
> gives them)
>
> *** Received from 127.0.0.1 port 1049 ....
> Code: Access-Request
> Identifier: 69
> Authentic: 1234567890123456
> Attributes:
> User-Name = "blaat3"
> Service-Type = Framed-User
> NAS-Identifier = 203.63.154.1
> NAS-Port = 20102
> NAS-Port-Type = Async
> User-Password =
> "<18>EO<212>mR`<138>*<130><222><217><237>P<212><245>"
>
> And the Access-Accept:
>
> Code: Access-Accept
> Identifier: 69
> Authentic: 1234567890123456
> Attributes:
> Framed-Protocol = ppp
> Framed-Address = 194.171.693.38
> Reply-Message = "Welkom bij / Welcome to TH Rijswijk"
>
> The answer is not something an Ascend understands, let alone any other IP
> device. (eventhough a lot of people would be happy if ...)
>
> If Nas-Port is indeed something which would be expected (and integer with
> just which port is in use) then all goes well. eg.: the base address +
> nas-port = framed IP address.
>
> The general question in this is:
>
> a) Am i overseeing an option in the Max 4K software which can
> disable this 'add-extra-info to NAS-Port', if so: which one ?
>
> b) How did other people fix this problem.
>
> Hacking into the Radiator software which does a NAS-Port-=20099 is just
> not something i'd like to do.
>
The question of IP address management has come up a number of times and we have
always prefered to defer to the NAS(s) and let them do the management of the
IP address pools. However, in deference to all those who would like to see a
more global approach to the problem, we will be implementing IP address
management in conjunction with a DHCP server in an upcoming release (scheduled
in the next two or three months).
All of this said, it would also be quite simple to write a Hook (PreClientHook,
PreAuthHook, whatever) to manipulate the attribute before it gets used by the
FramedGroup code.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
