Re: Trouble with IP Address Allocation
On Thu, 17 Jun 2004, Dave Shepherd wrote:
All,
I've got a problem that I currently can't seem to solve, through the
docs or google that I hope you can help me with.
I'm in the process of setting up a freeradius server which is
currently acting as a proxy from an unknown BT radius server to a
Microsoft IAS server authenticating against an NT4 SAM database.
The authentication works fine, so no problems there.
My problem comes because I want to allocate IP addresses via my
freeradius server (giving me IP address allocation control based on
where the user is coming from (or what phone number they ring)).
Now initially I wanted to use DHCP, so this problem wouldn't exist,
but BT don't seem to want to RELAY my clients DHCP request onto my DHCP
server. So I've fallen back on the rlm_ippool module in freeradius.
I've got the following in my radiusd.conf file:
ippool main_pool {
range-start = 192.168.50.1
range-stop = 192.168.50.254
netmask = 255.255.255.0
cache-size = 254
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = yes
}
I've set override to yes because I hand out a Framed-IP-Address of
255.255.255.254 on the IAS side (is this correct?)
I've also got the following in my users file.
DEFAULT Group == IT, Pool-Name := main_pool
So when I start radius in debug mode I can see the following output:
So far, so good. It loads the main_pool and from what I can tell is
ready to rock and roll.
I then get the Access-Request packet:
rad_recv: Access-Request packet from host 192.168.252.2:1645, id=183,
length=102
NAS-IP-Address = 192.168.252.2
NAS-Port = 35
NAS-Port-Type = Async
User-Name = # Edited out to protect the innocent
Called-Station-Id = 8005876531
Calling-Station-Id = 1214575000
User-Password = # Edited out to protect the innocent
Service-Type = Framed-User
Framed-Protocol = PPP
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: No '@' in User-Name = ???, looking up realm NULL
rlm_realm: Found realm NULL
rlm_realm: Adding Stripped-User-Name = ???
rlm_realm: Proxying request from user ??? to realm NULL
rlm_realm: Adding Realm = NULL
rlm_realm: Preparing to proxy authentication request to realm NULL
modcall[authorize]: module NULL returns updated for request 0
modcall: group authorize returns updated for request 0
Sending Access-Request of id 1 to 192.168.51.17:1645
User-Name = ???
NAS-IP-Address = 192.168.252.2
NAS-Port = 35
NAS-Port-Type = Async
Called-Station-Id = 8005876531
Calling-Station-Id = 1214575000
User-Password = ???
Service-Type = Framed-User
Framed-Protocol = PPP
Proxy-State = 0x313833
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Accept packet from host 192.168.51.17:1645, id=1,
length=55
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Service-Type = Framed-User
Proxy-State = 0x313833
modcall: entering group authorize for request 0
modcall[authorize]: module preprocess returns ok for request 0
modcall[authorize]: module mschap returns noop for request 0
rlm_realm: Proxy reply, or no User-Name. Ignoring.
modcall[authorize]: module NULL returns noop for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type
rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [??/??] (from client BT_NAS_2 port 35 cli 1214575000)
modcall: entering group post-auth for request 0
rlm_ippool: Could not find Pool-Name attribute.
^^^
The files module does not seem to be called anywhere (mainly in the authorize
section). Fix that and things should work.
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Trouble with IP Address Allocation
All,
I've got a problem that I currently can't seem to solve, through the
docs or google that I hope you can help me with.
I'm in the process of setting up a freeradius server which is
currently acting as a proxy from an unknown BT radius server to a
Microsoft IAS server authenticating against an NT4 SAM database.
The authentication works fine, so no problems there.
My problem comes because I want to allocate IP addresses via my
freeradius server (giving me IP address allocation control based on
where the user is coming from (or what phone number they ring)).
Now initially I wanted to use DHCP, so this problem wouldn't exist,
but BT don't seem to want to RELAY my clients DHCP request onto my DHCP
server. So I've fallen back on the rlm_ippool module in freeradius.
I've got the following in my radiusd.conf file:
ippool main_pool {
range-start = 192.168.50.1
range-stop = 192.168.50.254
netmask = 255.255.255.0
cache-size = 254
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = yes
}
I've set override to yes because I hand out a Framed-IP-Address of
255.255.255.254 on the IAS side (is this correct?)
I've also got the following in my users file.
DEFAULT Group == IT, Pool-Name := main_pool
So when I start radius in debug mode I can see the following output:
argon:/etc/raddb # radiusd -X
Starting - reading configuration files ...
reread_config: reading radiusd.conf
Config: including file: /etc/raddb/proxy.conf
Config: including file: /etc/raddb/clients.conf
Config: including file: /etc/raddb/snmp.conf
main: prefix = /usr
main: localstatedir = /var
main: logdir = /var/log/radius
main: libdir = /usr/lib/freeradius
main: radacctdir = /var/log/radius/radacct
main: hostname_lookups = yes
main: snmp = no
main: max_request_time = 30
main: cleanup_delay = 5
main: max_requests = 1024
main: delete_blocked_requests = 0
main: port = 0
main: allow_core_dumps = no
main: log_stripped_names = no
main: log_file = /var/log/radius/radius.log
main: log_auth = yes
main: log_auth_badpass = yes
main: log_auth_goodpass = yes
main: pidfile = /var/run/radiusd/radiusd.pid
main: bind_address = 192.168.51.220 IP address [192.168.51.220]
main: user = (null)
main: group = (null)
main: usercollide = no
main: lower_user = no
main: lower_pass = no
main: nospace_user = no
main: nospace_pass = no
main: checkrad = /usr/sbin/checkrad
main: proxy_requests = yes
proxy: retry_delay = 5
proxy: retry_count = 3
proxy: synchronous = no
proxy: default_fallback = yes
proxy: dead_time = 120
proxy: post_proxy_authorize = yes
proxy: wake_all_if_all_dead = no
security: max_attributes = 200
security: reject_delay = 1
security: status_server = no
main: debug_level = 0
read_config_files: reading dictionary
read_config_files: reading naslist
read_config_files: reading clients
read_config_files: reading realms
radiusd: entering modules setup
Module: Library search path is /usr/lib/freeradius
Module: Loaded PAP
pap: encryption_scheme = crypt
Module: Instantiated pap (pap)
Module: Loaded MS-CHAP
mschap: use_mppe = yes
mschap: require_encryption = no
mschap: require_strong = no
mschap: passwd = (null)
mschap: authtype = MS-CHAP
Module: Instantiated mschap (mschap)
Module: Loaded System
unix: cache = no
unix: passwd = (null)
unix: shadow = (null)
unix: group = (null)
unix: radwtmp = /var/log/radius/radwtmp
unix: usegroup = no
unix: cache_reload = 600
Module: Instantiated unix (unix)
Module: Loaded eap
eap: default_eap_type = md5
eap: timer_expire = 60
rlm_eap: Loaded and initialized the type md5
rlm_eap: Loaded and initialized the type leap
Module: Instantiated eap (eap)
Module: Loaded preprocess
preprocess: huntgroups = /etc/raddb/huntgroups
preprocess: hints = /etc/raddb/hints
preprocess: with_ascend_hack = no
preprocess: ascend_channels_per_line = 23
preprocess: with_ntdomain_hack = no
preprocess: with_specialix_jetstream_hack = no
preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
realm: format = suffix
realm: delimiter = @
Module: Instantiated realm (NULL)
Module: Loaded files
files: usersfile = /etc/raddb/users
files: acctusersfile = /etc/raddb/acct_users
files: preproxy_usersfile = /etc/raddb/preproxy_users
files: compat = no
Module: Instantiated files (files)
Module: Loaded detail
detail: detailfile =
/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
detail: detailperm = 384
detail: dirperm = 493
detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
radutmp: filename = /var/log/radius/radutmp
radutmp: username = %{User-Name}
radutmp: case_sensitive = yes
radutmp: check_with_nas = yes
radutmp: perm = 420
radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Module: Loaded IPPOOL
ippool: session-db =
