Lo all, I'm doing VPN authentication with Free Radius, and use allot of FreeBSD / PPPD processes to manage the VPNs in regards to actual connectivity. Obviously, freeradius is used for all authentication / accounting, and it is working pretty well... :)
I upgraded to .9 a while ago, and somewhere, there was more debug information added to the source. All of a sudden, I saw why certain things that didn't work on .8 didn't work... Unfortunately, after playing extensively with .9, I still can't seem to find a way to fix this.. So here goes. FreeBSD's PPP Process sends this back to the radius server (acct start): rad_recv: Accounting-Request packet from host 192.168.1.1:3969, id=223, length=149 User-Name = "[EMAIL PROTECTED]" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 10.255.254.215 Framed-IP-Netmask = 255.255.255.255 NAS-Identifier = "my.nas.hostname" NAS-Port-Type = Virtual Acct-Status-Type = Start Acct-Session-Id = "[EMAIL PROTECTED]" Acct-Multi-Session-Id = "" Acct-Delay-Time = 0 ... This is very interesting, and for many months looked more than fine to me. HOWEVER, Freeradius is now complaining (especially radutmp and rlm_ippool) that there is no NAS-Port-ID specified (which, I can COMPLETELY understand). The problem is, I cannot "force" PPPD to send this attribute - they are all hard coded by the FreeBSD Developers.... I have a huntgroup for all my authentication requests coming from these VPN based services, but still, I was unable to specify this acct attribute on a DEFAULT entry anywhere... Tried specifying in the huntgroups files, acct_users, and users file - with no luck. Which, I can also semi understand. So the question really, is how / where can I add a default NAS-Port-ID acct attribute to freeradius, so that the attribute is only added on my specific huntgroup, and only if it is not already specified? The VPN services makes use of virtual ports (as indicated in the acct start packet), so I don't foresee any immediate problems by making all the ports per default 0 or something. The actual port number's not important to me here, what matters, is that rlm_ippool and radutmp works and records the logging information correctly.... Snippets from the logs... huntgroups: Matched PPTP at 39 users: Matched DEFAULT at 5 modcall[authorize]: module "files" returns ok ... Login OK: [EMAIL PROTECTED] (from client nasX port 0) modcall: entering group post-auth rlm_ippool: Could not find port information. modcall[post-auth]: module "pptp_pool" returns noop modcall: group post-auth returns noop Sending Access-Accept of id 134 to 192.168.1.1:4113 ... rad_recv: Accounting-Request packet from host 192.168.1.1:4116, id=63, length=149 huntgroups: Matched PPTP at 39 acct_users: Matched DEFAULT at 28 modcall[preacct]: module "files" returns ok modcall: group preacct returns ok modcall: entering group accounting rlm_acct_unique: WARNING: Attribute NAS-Port-Id was not found in request, unique ID MAY be inconsistent ... radius_xlat: '[EMAIL PROTECTED]' rlm_radutmp: No NAS-Port seen. Cannot do anything. rlm_radumtp: WARNING: checkrad will probably not work! modcall[accounting]: module "radutmp" returns noop ... my acct_users looks like: DEFAULT Service-Type == Framed-User, Huntgroup-Name == PPTP NAS-Port == 0 huntgroups: PPTP NAS-IP-Address == 192.168.1.1, NAS-Port-Type = Virtual Framed-Protocol == PPP, Service-Type == Framed-User users: DEFAULT Service-Type == Framed-User, Huntgroup-Name == PPTP NAS-Port == 0, Fall-Through == Yes Thanks, -- me - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html