well, i got this: freeradius -X Sending Access-Accept of id 252 to 10.72.33.93:32768 Framed-IP-Address = -1407490193
and the radtest gets an Framed-IP-Address = 255.255.255.255 i recorded with tcpdump that the freeradius sends this: Access Accept (2), id: 0xff, Authenticator: 17a1e40da579e4dbbde5cf54d0987873 Framed IP Address Attribute (8), length: 6, Value: User Selected 0x0000: ffff ffff everytime there is a negativ value it is send as ffffffff. so i guess that this is os specific :-( i use freeradius1.1.0-pre0 on intel/debian sarge I think the best way is to open a featurerequest that freeradius converts signed integers to unsigned integers. > -----Ursprüngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Im > Auftrag von Dustin Doris > Gesendet: Dienstag, 11. Januar 2005 18:19 > An: freeradius-users@lists.freeradius.org > Betreff: Re: AW: Obtain IP Address from AD/LDAP > > > I think it should be OK. I just did a basic test with > radclient. Here is what radiusd -X showed me. > > Sending Access-Accept of id 52 to 127.0.0.1:2673 > Framed-IP-Address = -1407490193 > > Here is what radclient showed me. > > Received response ID 52, code 2, length = 26 > Framed-IP-Address = 172.27.103.111 > > What does radiusd -X show you? > > > > On Tue, 11 Jan 2005 [EMAIL PROTECTED] wrote: > > > Next Problem, > > > > MS AD saves the IP Address as signed INT32 so i didnt get an IP > > Address back, some ideas how i can convert such a thing? As > Example: > > 172.27.103.111 is saved as -1407490193 > > > > Markus > > > -----Ursprüngliche Nachricht----- > > > Von: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Im > Auftrag von > > > Dustin Doris > > > Gesendet: Montag, 10. Januar 2005 15:08 > > > An: freeradius-users@lists.freeradius.org > > > Betreff: Re: Obtain IP Address from AD/LDAP > > > > > > > > > > > > > Hello and Happy new Year, > > > > > > > > here is my prob, hope someone can help me. > > > > I use freeradius to authenticate users against MS Active > > > > directory. Most of my users obtain their Ips from ippool within > > > radius, but some > > > > should obtain their Address from AD. Who do i get the > > > Address out of > > > > the AD and can assign it to my user? > > > > > > > > Regards > > > > > > > > Markus > > > > > > > > > > Find the ldap attribute in AD with their IP address and netmask. > > > Lets say its msipaddr and msipmask. Edit ldap.attrmap > and point the > > > correct radius attributes to the correct ad ldap attributes. > > > > > > eg > > > > > > replyItem Framed-IP-Address msipaddr > > > replyItem Framed-IP-Netmask msipmask > > > > > > In your ippool configuration, make sure you have the following > > > > > > override = no > > > > > > Restart radius. > > > > > > Now when the user is authorized it will search for reply > items. It > > > will look for msipaddr and msipmask and make those values the > > > framed-ip-address and framed-ip-netmask. The override = no, will > > > tell rlm_ippool not to override those values. So, if those are > > > already set, then rlm_ippool won't give that user an IP. > > > > > > -Dusty Doris > > > > > > - > > > List info/subscribe/unsubscribe? See > > > http://www.freeradius.org/list/users.html > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html