Hello freeradius-users,
I have a problem with rlm_ippool - it's not deallocating ip's from
pool, and i think i'm somewhat close to its solution, but i want to
do all things right, that's why i'm here again.
FreeBSD 4.8R-p14, freeradius-0.9.3 with cvs version of rlm_ippool
(* Version: $Id: rlm_ippool.c,v 1.20.2.2 2003/10/09 01:05:17 phampson Exp $)
When radiusd receives request from NAS, like this
Calling-Station-Id = "0:50:ba:c1:3:38"
Called-Station-Id = "pppoe"
Service-Type = Framed-User
User-Name = "lan"
Framed-Protocol = PPP
MS-CHAP-Challenge = xxxxxxxxxxxxxxxxxxxxxx
MS-CHAP2-Response = xxxxxxxxxxxxxxxxxxxxxx
NAS-Identifier = "zeus.startatom.ru"
NAS-Port-Type = Ethernet
NAS-Port = 1984
rlm_ippool allocates ip address and writes this entry in his db
under two keys, NAS address and NAS port:
rlm_ippool: Searching for an entry for nas/port: zeus.startatom.ru/1984
rlm_ippool: Allocating ip to nas/port: zeus.startatom.ru/1984
rlm_ippool: num: 1
rlm_ippool: Allocated ip 192.168.253.207 to client on nas zeus.startatom.ru,port 1984
modcall[post-auth]: module "legal_pool" returns ok for request 0
Then, when this client disconnects, rlm_ippool somehow turning
NAS-Identifier to direct ip address instead of FQDN. This is Stop
request:
rad_recv: Accounting-Request packet from host 62.33.65.2:2107, id=71, length=162
Calling-Station-Id = "0:50:ba:c1:3:38"
Called-Station-Id = "pppoe"
Service-Type = Framed-User
User-Name = "lan"
Framed-Protocol = PPP
Framed-IP-Address = 192.168.253.207
Framed-IP-Netmask = 0.0.0.0
NAS-Identifier = "zeus.startatom.ru"
NAS-Port-Type = Ethernet
NAS-Port = 1984
Acct-Status-Type = Stop
Acct-Session-Id = "s-1474470826"
Acct-Multi-Session-Id = ""
Acct-Delay-Time = 0
Acct-Input-Octets = 656
Acct-Input-Packets = 2
Acct-Output-Octets = 0
Acct-Output-Packets = 0
Acct-Session-Time = 13
See? NAS-Identifier is the same FQDN, but rlm_ippool thinks
differently:
rlm_ippool: Searching for an entry for nas/port: 62.33.65.2/1984
rlm_ippool: Entry not found
modcall[accounting]: module "legal_pool" returns ok for request 2
And as a result when client disconnects, his address doesn't
deallocates from pool, and after some time radiusd is run out of
addresses, and clients cannot connect.
I solved this problem by adding simple attr_rewrite entry to
post-auth block (before ippool entry):
attr_rewrite NAS {
attribute = NAS-Identifier
searchin = packet
searchfor = "zeus.startatom.ru"
replacewith = "62.33.65.2"
new_attribute = no
}
So, it's always direct ip written to db, and when rlm_ippool check
entry on Stop request, it successefully deallocates ip address from
pool. I think, this workaround will work for me, but are there
another way to make rlm_ippool work without that?
--
Best regards,
Alexander mailto:[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
