(RADIATOR) Re: "No PoolHint found. No address will be allocated" using

[Hugh Irvine]

Hello Francisco -

When using the AddressAllocator DHCP, the PoolHint must be an IP  
address that matches what is configured in the DHCP server. You should  
also probably use the SubnetSelectionOption with the ISC DHCP server.

See the example in "goodies/addressallocatordhcp.cfg".

regards

Hugh

On Sunday, Jul 27, 2003, at 04:00 Australia/Melbourne, fcontreiras  
wrote:

Hi,

I'm still trying to assign and Framed-IP-Adress. I stoped using the  
FramedGroup because the manual advise to do use the <AuthBy  
DYNADDRESS>.

I'm using the DHCPD deamon on 10000 port and Radiator configured to  
use it to deliver the IP.

I don't know what to do with the POOL HINT part, I have just one pool  
configured in dhcpd.conf.

I always the message "No PoolHint found. No address will be allocated"  
and my suplicant is unable to get a valid IP, netmask, gateway, dns,  
etc.

What do I have to do?

My final objective is to have the suplicant IP in the accounting file  
to add this IP to IPTALBES with a hook file.

INCLUDE: dhcpd.conf / users file / radius.cfg / logfile

############# dhcpd.conf ##########
# defalt-lease-time 86400;
# max-lease-time 604800;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.254;
option domain-name-servers 193.136.222.1, 193.136.132.2;
option domain-name "lx.it.pt";
ddns-update-style ad-hoc;
subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.10 192.168.0.50;
        default-lease-time 86400;
        max-lease-time 604800;
}
host ap {
        hardware ethernet 00:0b:be:4c:e3:66;
        fixed-address 192.168.0.1;
}
############################################3
########### users files ##########################
[EMAIL PROTECTED] User-Password = "******"
###################################
########### radius.cfg ###########################3
AuthPort                1812
AcctPort                1813
LogDir                  /var/log/radius
DbDir                   /etc/radius
DictionaryFile          %D/dictionary,%D/dictionary.ascend
PidFile                 /var/run/radiusd.pid
Trace                   4
<Client DEFAULT>
        Secret *********
        DupInterval 0
</Client>
<AddressAllocator DHCP>
        Identifier DHCPallocator
        Host 192.168.0.254
        Port 10000
        DefaultLease 86400
</AddressAllocator>
#Pedidos "internos", vindos de um tu'nel PEAP
<Handler TunnelledByPEAP=1>
        <AuthBy FILE>
                Filename /etc/radius/users
                EAPType MSCHAP-V2
        </AuthBy>
</Handler>
#Pedidos internos enviados por tu'nel TTLS
<Handler TunnelledByTTLS=1>
        <AuthBy FILE>
                Filename /etc/radius/users
                EAPType PAP
                # TLS requere a config abaixo
                EAPTLS_CAFile              
/etc/radius/cert/demoCA/cacert.pem
                EAPTLS_CertificateFile    /etc/radius/cert/cert-srv.pem
                EAPTLS_CertificateType    PEM
                EAPTLS_PrivateKeyFile     /etc/radius/cert/cert-srv.pem
                EAPTLS_PrivateKeyPassword whatever
        </AuthBy>
</Handler>
<Handler Realm = ist.utl.pt>
        MaxSessions  1
        AuthByPolicy ContinueWhileAccept
        <AuthBy FILE>
                Filename                   /etc/radius/users
                                                                #Para  
ja' permite PEAP, TTLS
                                                                #  
adicionar outras variantes de EAP aqui
                EAPType                    PEAP, TTLS
                                                                 
#mkcertificate.sh, em goodies/
                EAPTLS_CAFile               
/etc/radius/cert/demoCA/cacert.pem
                EAPTLS_CertificateFile      
/etc/radius/cert/cert-srv.pem
                EAPTLS_CertificateType     PEM
                EAPTLS_PrivateKeyFile       
/etc/radius/cert/cert-srv.pem
                EAPTLS_PrivateKeyPassword  whatever
                EAPTLS_MaxFragmentSize     1024
                AutoMPPEKeys
                SSLeayTrace                4
#               FramedGroup                0
        </AuthBy>
        <AuthBy DYNADDRESS>
                AddressAllocator DHCPallocator
                PoolHint %{Reply:PoolHint}
                MapAttribute yiaddr, Framed-IP-Address
                MapAttribute subnetmask, Framed-IP-Netmask
                StripFromReply PoolHint
        </AuthBy>
        AcctLogFileFormat %{Framed-IP-Address} %d/%v-%H:%M  
%{User-Name} %C %{Timestamp} %{Acct-Session-Id} %{Acct-Status-Type}  
%{Ac
        AcctLogFileName %L/accounting-%v-%y
</Handler>
#proxies other requests
#Handler abaixo trata redireccionamento de pedidos
#os dados apresentados *sao* os reais
#tem de estar no radius local, para haver redireccionamento
<Handler>
        <AuthBy RADIUS>
                Host         **********.pt
                                                #cliente e servidor  
tem de partilhar o secret
                                                #para testes, vamos  
usar para qualquer cliente externo
                Secret       **********
                AuthPort     1812
                AcctPort     1813
                RetryTimeout 5
                Retries      3
        </AuthBy>
        AcctLogFileName %L/accounting_proxy-%v-%y
</Handler>

##############################333

############### log ###########################
......
*** Received from 192.168.0.1 port 1645 ....
Code:       Access-Request
Identifier: 147
Authentic:  i<127><242><211><0>IxU<29>E<180><204>h<212>v<25>
Attributes:
        User-Name = "[EMAIL PROTECTED]"
        Framed-MTU = 1400
        Called-Station-Id = "0002.8a21.9173"
        Calling-Station-Id = "000b.fd60.56c9"
        Message-Authenticator =  
<139>t<151><226><159>7<154><19><7>x<190>V\<251><13>R
        EAP-Message =  
<2><10><0>&<25><0><23><3><1><0><27><19><15>'<143><167>h!<166>~<159><211 
>e'<162><228><11><17><169><25> "<221><173>#q<245>,
        NAS-Port-Type = Virtual
        NAS-Port = 446
        NAS-IP-Address = 192.168.0.1
        NAS-Identifier = "ap8021x"
Sat Jul 26 19:49:22 2003: DEBUG: Handling request with Handler 'Realm  
= ist.utl.pt'
Sat Jul 26 19:49:22 2003: DEBUG:  Deleting session for  
[EMAIL PROTECTED], 192.168.0.1, 446
Sat Jul 26 19:49:22 2003: DEBUG: Handling with Radius::AuthFILE:
Sat Jul 26 19:49:22 2003: DEBUG: Handling with EAP: code 2, 10, 38
Sat Jul 26 19:49:22 2003: DEBUG: Response type 25
Sat Jul 26 19:49:22 2003: DEBUG: Handling with Radius::AuthDYNADDRESS
Sat Jul 26 19:49:22 2003: DEBUG: No PoolHint found. No address will be  
allocated
Sat Jul 26 19:49:22 2003: DEBUG: Access accepted for  
[EMAIL PROTECTED]
Sat Jul 26 19:49:22 2003: DEBUG: Packet dump:
*** Sending to 192.168.0.1 port 1645 ....
Code:       Access-Accept
Identifier: 147
Authentic:  i<127><242><211><0>IxU<29>E<180><204>h<212>v<25>
Attributes:
        MS-MPPE-Send-Key =  
"<137>6`6<174><27><197><189><146>w)<250>m<137><249><188>1<184>Q:<2>~)e< 
217><162><164><194>5<26>=<187>3QZ<231><187><253>,<149><236><211><23><21 
1><151><212>eNS%"
        MS-MPPE-Recv-Key =  
"<215>bc<130>n<223>%<15>D<141><232>x8<249><147><179><247>6<241>/ 
<149><138>H<159>k^<186><145><245><181>lj<190><1>)<191>P<179><130>LK<218 
><23><234><213><138><152>1<244><204>"
        EAP-Message = <3><10><0><4>
        Message-Authenticator =  
<0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
##############################33

Thank's
Francisco Contreiras

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.