well, i got this:
freeradius -X
Sending Access-Accept of id 252 to 10.72.33.93:32768
Framed-IP-Address = -1407490193
and the radtest gets an Framed-IP-Address = 255.255.255.255
i recorded with tcpdump that the freeradius sends this:
Access Accept (2), id: 0xff, Authenticator:
17a1e40da579e4dbbde5cf54d0987873
Framed IP Address Attribute (8), length: 6, Value: User Selected
0x0000: ffff ffff
everytime there is a negativ value it is send as ffffffff.
so i guess that this is os specific :-( i use freeradius1.1.0-pre0 on
intel/debian sarge
I think the best way is to open a featurerequest that freeradius converts
signed integers to unsigned integers.
> -----Ursprüngliche Nachricht-----
> Von: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Im
> Auftrag von Dustin Doris
> Gesendet: Dienstag, 11. Januar 2005 18:19
> An: freeradius-users@lists.freeradius.org
> Betreff: Re: AW: Obtain IP Address from AD/LDAP
>
>
> I think it should be OK. I just did a basic test with
> radclient. Here is what radiusd -X showed me.
>
> Sending Access-Accept of id 52 to 127.0.0.1:2673
> Framed-IP-Address = -1407490193
>
> Here is what radclient showed me.
>
> Received response ID 52, code 2, length = 26
> Framed-IP-Address = 172.27.103.111
>
> What does radiusd -X show you?
>
>
>
> On Tue, 11 Jan 2005 [EMAIL PROTECTED] wrote:
>
> > Next Problem,
> >
> > MS AD saves the IP Address as signed INT32 so i didnt get an IP
> > Address back, some ideas how i can convert such a thing? As
> Example:
> > 172.27.103.111 is saved as -1407490193
> >
> > Markus
> > > -----Ursprüngliche Nachricht-----
> > > Von: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED] Im
> Auftrag von
> > > Dustin Doris
> > > Gesendet: Montag, 10. Januar 2005 15:08
> > > An: freeradius-users@lists.freeradius.org
> > > Betreff: Re: Obtain IP Address from AD/LDAP
> > >
> > >
> > >
> > > > Hello and Happy new Year,
> > > >
> > > > here is my prob, hope someone can help me.
> > > > I use freeradius to authenticate users against MS Active
> > > > directory. Most of my users obtain their Ips from ippool within
> > > radius, but some
> > > > should obtain their Address from AD. Who do i get the
> > > Address out of
> > > > the AD and can assign it to my user?
> > > >
> > > > Regards
> > > >
> > > > Markus
> > > >
> > >
> > > Find the ldap attribute in AD with their IP address and netmask.
> > > Lets say its msipaddr and msipmask. Edit ldap.attrmap
> and point the
> > > correct radius attributes to the correct ad ldap attributes.
> > >
> > > eg
> > >
> > > replyItem Framed-IP-Address msipaddr
> > > replyItem Framed-IP-Netmask msipmask
> > >
> > > In your ippool configuration, make sure you have the following
> > >
> > > override = no
> > >
> > > Restart radius.
> > >
> > > Now when the user is authorized it will search for reply
> items. It
> > > will look for msipaddr and msipmask and make those values the
> > > framed-ip-address and framed-ip-netmask. The override = no, will
> > > tell rlm_ippool not to override those values. So, if those are
> > > already set, then rlm_ippool won't give that user an IP.
> > >
> > > -Dusty Doris
> > >
> > > -
> > > List info/subscribe/unsubscribe? See
> > > http://www.freeradius.org/list/users.html
> > >
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
