> From: ARC Informatique > Sent: Sunday, 13 July 2003 2:10 AM > I just installed freeradius 0.9 pre1 with postgresql and rlm_ippool. > I have to migrate tonight so this is an urgent request
> I have a Cisco AS5300 and here is what I would like to do: > > 1. Assign public dynamic ip pool say from 1.1.1.1 to 1.1.1.254 > > 2. Assign private dynamic ip pool say from 172.16.1.1 to 172.16.1.254 > > So I am trying to setup rlm_ippool. > > Here is what I have so far: > > in radiusd.conf > > ippool public_pool { > > range-start = 1.1.1.1 > range-stop = 1.1.1.254 > netmask = 255.255.255.0 > cache-size = 255 > session-db = ${raddbdir}/db.ippool session-db = ${raddbdir}/public.ippool > ip-index = ${raddbdir}/db.ipindex ip-index = ${raddbdir}/public.ipindex > override = no > } > > ippool private_pool { > > range-start = 172.16.1.1 > range-stop = 172.16.1.254 > netmask = 255.255.255.0 > cache-size = 255 > session-db = ${raddbdir}/db.ippool session-db = ${raddbdir}/private.ippool > ip-index = ${raddbdir}/db.ipindex ip-index = ${raddbdir}/private.ipindex > override = no > } The problem here is that they need _seperate_ DB files... Oh, and make sure you've got the private_pool and public_pool instances in your accounting and post-auth sections of radius.conf > In radgroupcheck, I have: > > groupname | attribute | op | value > publicgroup | Pool-Name | := | public_pool > privategroup | Pool-Name | := | private_pool That should be correct. > In radgroupreply : what do I put exactly to tell my cisco what IP address is > assigned Nothing. When the module runs in post-auth, it'll see the check item Pool-Name and replace it with an IP address and netmask if you haven't specified one already. > Basically, I am lacking documentation here - Can someone give a sample > configuration on what I have to put exactly in my freeradius config as well > as my cisco config. Basically, I have exactly what you have here, and it works a treat. For one reason or another, I've had to patch my copy of rlm_ippool to use radgroupreply instead of radgroupcheck, but that's irrelevant. You should see the modcalls in radius debug... Warning, if you use radtest to test this, you'll have to either use radzap or ippooltool (seperate program from one of the list members) to remove that entry from the list of take IP addresses. Anyway, a ippool module will NOOP on the wrong Pool-Name, and OK on the correct pool name. If no pool name is specified, you should see a warning in debug mode, and get a NOOP response from the module. -- ========================================================= Paul "TBBle" Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] This is a one line proof...if we start sufficiently far to the left. -- Cambridge University Math Department --------------------------------------------------------- Random signature generator 3.0 by Paul "TBBle" Hampson ========================================================= - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html