All, I've got a problem that I currently can't seem to solve, through the docs or google that I hope you can help me with.
I'm in the process of setting up a freeradius server which is currently acting as a proxy from an unknown BT radius server to a Microsoft IAS server authenticating against an NT4 SAM database. The authentication works fine, so no problems there. My problem comes because I want to allocate IP addresses via my freeradius server (giving me IP address allocation control based on where the user is coming from (or what phone number they ring)). Now initially I wanted to use DHCP, so this problem wouldn't exist, but BT don't seem to want to RELAY my clients DHCP request onto my DHCP server. So I've fallen back on the rlm_ippool module in freeradius. I've got the following in my radiusd.conf file: ippool main_pool { range-start = 192.168.50.1 range-stop = 192.168.50.254 netmask = 255.255.255.0 cache-size = 254 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = yes } I've set override to yes because I hand out a Framed-IP-Address of 255.255.255.254 on the IAS side (is this correct?) I've also got the following in my users file. DEFAULT Group == IT, Pool-Name := "main_pool" So when I start radius in debug mode I can see the following output: argon:/etc/raddb # radiusd -X Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /etc/raddb/proxy.conf Config: including file: /etc/raddb/clients.conf Config: including file: /etc/raddb/snmp.conf main: prefix = "/usr" main: localstatedir = "/var" main: logdir = "/var/log/radius" main: libdir = "/usr/lib/freeradius" main: radacctdir = "/var/log/radius/radacct" main: hostname_lookups = yes main: snmp = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/var/log/radius/radius.log" main: log_auth = yes main: log_auth_badpass = yes main: log_auth_goodpass = yes main: pidfile = "/var/run/radiusd/radiusd.pid" main: bind_address = 192.168.51.220 IP address [192.168.51.220] main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = yes proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/lib/freeradius Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: passwd = "(null)" mschap: authtype = "MS-CHAP" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 rlm_eap: Loaded and initialized the type md5 rlm_eap: Loaded and initialized the type leap Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/etc/raddb/huntgroups" preprocess: hints = "/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" Module: Instantiated realm (NULL) Module: Loaded files files: usersfile = "/etc/raddb/users" files: acctusersfile = "/etc/raddb/acct_users" files: preproxy_usersfile = "/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded detail detail: detailfile = "/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 420 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Module: Loaded IPPOOL ippool: session-db = "/etc/raddb/db.ippool" ippool: ip-index = "/etc/raddb/db.ipindex" ippool: range-start = 192.168.50.1 IP address [192.168.50.1] ippool: range-stop = 192.168.50.254 IP address [192.168.50.254] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 254 ippool: override = yes Module: Instantiated ippool (main_pool) Listening on IP address 192.168.51.220, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. So far, so good. It loads the main_pool and from what I can tell is ready to rock and roll. I then get the Access-Request packet: rad_recv: Access-Request packet from host 192.168.252.2:1645, id=183, length=102 NAS-IP-Address = 192.168.252.2 NAS-Port = 35 NAS-Port-Type = Async User-Name = "????????" # Edited out to protect the innocent Called-Station-Id = "8005876531" Calling-Station-Id = "1214575000" User-Password = "????????" # Edited out to protect the innocent Service-Type = Framed-User Framed-Protocol = PPP modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "???????", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "???????" rlm_realm: Proxying request from user ??????? to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Preparing to proxy authentication request to realm "NULL" modcall[authorize]: module "NULL" returns updated for request 0 modcall: group authorize returns updated for request 0 Sending Access-Request of id 1 to 192.168.51.17:1645 User-Name = "???????" NAS-IP-Address = 192.168.252.2 NAS-Port = 35 NAS-Port-Type = Async Called-Station-Id = "8005876531" Calling-Station-Id = "1214575000" User-Password = "???????" Service-Type = Framed-User Framed-Protocol = PPP Proxy-State = 0x313833 --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Accept packet from host 192.168.51.17:1645, id=1, length=55 Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Service-Type = Framed-User Proxy-State = 0x313833 modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: Proxy reply, or no User-Name. Ignoring. modcall[authorize]: module "NULL" returns noop for request 0 modcall: group authorize returns ok for request 0 rad_check_password: Found Auth-Type rad_check_password: Auth-Type = Accept, accepting the user Login OK: [??????/??????] (from client BT_NAS_2 port 35 cli 1214575000) modcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This I'm sure is my problem, I'm justing having great difficulty in seeing where I've gone wrong and where the module is expecting the definition for this attribute to come from. modcall[post-auth]: module "main_pool" returns noop for request 0 modcall: group post-auth returns noop for request 0 Sending Access-Accept of id 183 to 192.168.252.2:1645 Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Service-Type = Framed-User X-Ascend-IP-Pool-Definition = "main_pool" Finished request 0 Going to the next request rl_next: returning NULL Waking up in 6 seconds... rad_recv: Access-Request packet from host 192.168.252.2:1645, id=184, length=116 NAS-IP-Address = 192.168.252.2 NAS-Port = 35 NAS-Port-Type = Virtual User-Name = "pools-CL1-FER2" Called-Station-Id = "8005876531" Calling-Station-Id = "1214575000" User-Password = "cisco" Service-Type = Outbound-User modcall: entering group authorize for request 2 modcall[authorize]: module "preprocess" returns ok for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "pools-CL1-FER2", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "pools-Compass-Group-CL1-FER2" rlm_realm: Proxying request from user pools-CL1-FER2 to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Preparing to proxy authentication request to realm "NULL" modcall[authorize]: module "NULL" returns updated for request 2 modcall: group authorize returns updated for request 2 Sorry if I've included too much info, but I thought I'd try to adhere to the list guidelines as best I could. At which point someone points out that this is explained in a document that I've missed and I look totally stupid. Dave IMPORTANT - this email and the information in it may be confidential, legally privileged and/or protected by law. It is intended solely for the use of the person to whom it is addressed. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Please also delete all copies of this email and any attachments from your system. We cannot guarantee the security or confidentiality of email communications. We do not accept any liability for losses or damages that you may suffer as a result of your receipt of this email including but not limited to computer service or system failure, access delays or interruption, data non-delivery or mis-delivery, computer viruses or other harmful components. Copyright in this email and any attachments belong to Compass Group. Should you communicate with anyone at Compass Group by email, you consent to us monitoring and reading any such correspondence. Nothing in this email shall be taken or read as suggesting, proposing or relating to any agreement concerted practice or other practice that could infringe UK or EC competition legislation. Compass Group, UK and Ireland Limited is a company registered in England and Wales (Company number 02272248) whose registered office is at Parklands Court, 24 Parklands, Birmingham Great Park, Rubery, Birmingham, West Midlands, B45 9PZ. Compass Group UK & Ireland Limited is a wholly owned subsidiary of Compass Group PLC, registered in England and Wales (Company number 4083914) whose registered office is at Compass House, Guildford Street, Chertsey, Surrey, KT16 9BQ. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html