Re: Trouble with IP Address Allocation
On Thu, 17 Jun 2004, Dave Shepherd wrote: All, I've got a problem that I currently can't seem to solve, through the docs or google that I hope you can help me with. I'm in the process of setting up a freeradius server which is currently acting as a proxy from an unknown BT radius server to a Microsoft IAS server authenticating against an NT4 SAM database. The authentication works fine, so no problems there. My problem comes because I want to allocate IP addresses via my freeradius server (giving me IP address allocation control based on where the user is coming from (or what phone number they ring)). Now initially I wanted to use DHCP, so this problem wouldn't exist, but BT don't seem to want to RELAY my clients DHCP request onto my DHCP server. So I've fallen back on the rlm_ippool module in freeradius. I've got the following in my radiusd.conf file: ippool main_pool { range-start = 192.168.50.1 range-stop = 192.168.50.254 netmask = 255.255.255.0 cache-size = 254 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes } I've set override to yes because I hand out a Framed-IP-Address of 255.255.255.254 on the IAS side (is this correct?) I've also got the following in my users file. DEFAULT Group == IT, Pool-Name := main_pool So when I start radius in debug mode I can see the following output: So far, so good. It loads the main_pool and from what I can tell is ready to rock and roll. I then get the Access-Request packet: rad_recv: Access-Request packet from host 192.168.252.2:1645, id=183, length=102 NAS-IP-Address = 192.168.252.2 NAS-Port = 35 NAS-Port-Type = Async User-Name = # Edited out to protect the innocent Called-Station-Id = 8005876531 Calling-Station-Id = 1214575000 User-Password = # Edited out to protect the innocent Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: No '@' in User-Name = ???, looking up realm NULL rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = ??? rlm_realm: Proxying request from user ??? to realm NULL rlm_realm: Adding Realm = NULL rlm_realm: Preparing to proxy authentication request to realm NULL modcall[authorize]: module NULL returns updated for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 1 to 192.168.51.17:1645 User-Name = ??? NAS-IP-Address = 192.168.252.2 NAS-Port = 35 NAS-Port-Type = Async Called-Station-Id = 8005876531 Calling-Station-Id = 1214575000 User-Password = ??? Service-Type = Framed-User Framed-Protocol = PPP Proxy-State = 0x313833 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 192.168.51.17:1645, id=1, length=55 Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Service-Type = Framed-User Proxy-State = 0x313833 modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[authorize]: module NULL returns noop for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Login OK: [??/??] (from client BT_NAS_2 port 35 cli 1214575000) modcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. ^^^ The files module does not seem to be called anywhere (mainly in the authorize section). Fix that and things should work. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Trouble with IP Address Allocation
All, I've got a problem that I currently can't seem to solve, through the docs or google that I hope you can help me with. I'm in the process of setting up a freeradius server which is currently acting as a proxy from an unknown BT radius server to a Microsoft IAS server authenticating against an NT4 SAM database. The authentication works fine, so no problems there. My problem comes because I want to allocate IP addresses via my freeradius server (giving me IP address allocation control based on where the user is coming from (or what phone number they ring)). Now initially I wanted to use DHCP, so this problem wouldn't exist, but BT don't seem to want to RELAY my clients DHCP request onto my DHCP server. So I've fallen back on the rlm_ippool module in freeradius. I've got the following in my radiusd.conf file: ippool main_pool { range-start = 192.168.50.1 range-stop = 192.168.50.254 netmask = 255.255.255.0 cache-size = 254 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes } I've set override to yes because I hand out a Framed-IP-Address of 255.255.255.254 on the IAS side (is this correct?) I've also got the following in my users file. DEFAULT Group == IT, Pool-Name := main_pool So when I start radius in debug mode I can see the following output: argon:/etc/raddb # radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf main: prefix = /usr main: localstatedir = /var main: logdir = /var/log/radius main: libdir = /usr/lib/freeradius main: radacctdir = /var/log/radius/radacct main: hostname_lookups = yes main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = /var/log/radius/radius.log main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = /var/run/radiusd/radiusd.pid main: bind_address = 192.168.51.220 IP address [192.168.51.220] main: user = (null) main: group = (null) main: usercollide = no main: lower_user = no main: lower_pass = no main: nospace_user = no main: nospace_pass = no main: checkrad = /usr/sbin/checkrad main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded PAP pap: encryption_scheme = crypt Module: Instantiated pap (pap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = (null) mschap: authtype = MS-CHAP Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = (null) unix: shadow = (null) unix: group = (null) unix: radwtmp = /var/log/radius/radwtmp unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = md5 eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 rlm_eap: Loaded and initialized the type leap Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = /etc/raddb/huntgroups preprocess: hints = /etc/raddb/hints preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = suffix realm: delimiter = @ Module: Instantiated realm (NULL) Module: Loaded files files: usersfile = /etc/raddb/users files: acctusersfile = /etc/raddb/acct_users files: preproxy_usersfile = /etc/raddb/preproxy_users files: compat = no Module: Instantiated files (files) Module: Loaded detail detail: detailfile = /var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = /var/log/radius/radutmp radutmp: username = %{User-Name} radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 420 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Module: Loaded IPPOOL ippool: session-db =