> From: ARC Informatique
> Sent: Sunday, 13 July 2003 2:10 AM
> I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool.
> I have to migrate tonight so this is an urgent request
> I have a Cisco AS5300 and here is what I would like to do:
>
> 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254
>
> 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254
>
> So I am trying to setup rlm_ippool.
>
> Here is what I have so far:
>
> in radiusd.conf
>
> ippool public_pool {
>
> range-start = 1.1.1.1
> range-stop = 1.1.1.254
> netmask = 255.255.255.0
> cache-size = 255
> session-db = ${raddbdir}/db.ippool
session-db = ${raddbdir}/public.ippool
> ip-index = ${raddbdir}/db.ipindex
ip-index = ${raddbdir}/public.ipindex
> override = no
> }
>
> ippool private_pool {
>
> range-start = 172.16.1.1
> range-stop = 172.16.1.254
> netmask = 255.255.255.0
> cache-size = 255
> session-db = ${raddbdir}/db.ippool
session-db = ${raddbdir}/private.ippool
> ip-index = ${raddbdir}/db.ipindex
ip-index = ${raddbdir}/private.ipindex
> override = no
> }
The problem here is that they need _seperate_ DB files...
Oh, and make sure you've got the private_pool and public_pool
instances in your accounting and post-auth sections of radius.conf
> In radgroupcheck, I have:
>
> groupname | attribute | op | value
> publicgroup | Pool-Name | := | public_pool
> privategroup | Pool-Name | := | private_pool
That should be correct.
> In radgroupreply : what do I put exactly to tell my cisco what IP address is
> assigned
Nothing. When the module runs in post-auth, it'll see the check item Pool-Name
and replace it with an IP address and netmask if you haven't specified one
already.
> Basically, I am lacking documentation here - Can someone give a sample
> configuration on what I have to put exactly in my freeradius config as well
> as my cisco config.
Basically, I have exactly what you have here, and it works a treat. For one
reason or another, I've had to patch my copy of rlm_ippool to use radgroupreply
instead of radgroupcheck, but that's irrelevant.
You should see the modcalls in radius debug... Warning, if you use radtest to
test this, you'll have to either use radzap or ippooltool (seperate program
from one of the list members) to remove that entry from the list of take IP
addresses.
Anyway, a ippool module will NOOP on the wrong Pool-Name, and OK on the correct
pool name. If no pool name is specified, you should see a warning in debug mode,
and get a NOOP response from the module.
--
=========================================================
Paul "TBBle" Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]
This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
---------------------------------------------------------
Random signature generator 3.0 by Paul "TBBle" Hampson
=========================================================
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
