The output doesn't really show anything unusual. As soon as the user connects, radius assigns a Framed-IP-Address, which unfortunately is not the one in "radreply" table.
The output is as follows:
The desired ip is supposed to be x.x.x.248, which instead is set to x.x.x.135
Finished request 206
Going to the next request
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host x.x.x.186:1646, id=158, length=182
NAS-IP-Address = x.x.x.186
NAS-Port = 30
NAS-Port-Type = ISDN
User-Name = "[EMAIL PROTECTED]"
Acct-Status-Type = Alive
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "00003E36"
Framed-Protocol = PPP
Tunnel-Server-Endpoint:0 = "x.x.x.5"
Tunnel-Client-Endpoint:0 = "x.x.x.6"
Tunnel-Type:0 = L2F
Tunnel-Client-Auth-Id:0 = "blah1"
Tunnel-Server-Auth-Id:0 = "blhablahblah"
Acct-Tunnel-Connection = "123456789"
Framed-IP-Address = x.x.x.135
Acct-Delay-Time = 0
Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 207
modcall[preacct]: module "preprocess" returns noop for request 207
rlm_acct_unique: Hashing 'NAS-Port = 30,Client-IP-Address =
x.x.x.186,NAS-IP-Address = x.x.x.186,Acct-Session-Id = "blahblah",User-Name =
"[EMAIL PROTECTED]"'
rlm_acct_unique: Acct-Unique-Session-ID = "5284d1027702b79c".
modcall[preacct]: module "acct_unique" returns ok for request 207
rlm_realm: Looking up realm "ourdomain.com" for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: Found realm "ourdomain.com"
rlm_realm: Adding Stripped-User-Name = "testuser"
rlm_realm: Proxying request from user testuser to realm ourdomain.com
rlm_realm: Adding Realm = "ourdomain.com"
rlm_realm: Accounting realm is LOCAL.
modcall[preacct]: module "suffix" returns noop for request 207
modcall[preacct]: module "files" returns noop for request 207
modcall: group preacct returns ok for request 207
Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 207
radius_xlat:
'/usr/local/radius/var/log/radius/radacct/x.x.x.186/detail-20050510'
rlm_detail:
/usr/local/radius/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/radius/var/log/radius/radacct/x.x.x.186/detail-20050510
modcall[accounting]: module "detail" returns ok for request 207
modcall[accounting]: module "unix" returns noop for request 207
radius_xlat: '/usr/local/radius/var/log/radius/radutmp'
radius_xlat: '[EMAIL PROTECTED]'
modcall[accounting]: module "radutmp" returns ok for request 207
radius_xlat: 'testuser'
rlm_sql (sql): sql_set_user escaped user --> 'testuser'
radius_xlat: 'UPDATE radacct ? SET FramedIPAddress = 'x.x.x.135', ?
AcctSessionTime = '', ? AcctInputOctets = '', ? AcctOutputOctets = '' ? WHERE
AcctSessionId = '00003E36' ? AND UserName = 'testuser' ? AND NASIPAddress=
'x.x.x.186''
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
modcall[accounting]: module "sql" returns ok for request 207
modcall: group accounting returns ok for request 207
Sending Accounting-Response of id 158 to x.x.x.186:1646
Finished request 207
Going to the next request
Waking up in 6 seconds...
--- Walking the entire request list ---
Thanks your suggestions and time on this.
Andrey
Quoting Alan DeKok <[EMAIL PROTECTED]>:
Andrey <[EMAIL PROTECTED]> wrote:I have other static ip accounts that authenticate from sql, and those work just
fine. Just the ones that are from System.
Any suggestions most appreciated.
Run the server in debugging mode and read the output. There's really no other way.
As soon as I switch an account to static IP, it authenticates but does not assign the desired ip address. I'm guessing it's to do with the order in which things are checked:
No. It's something else.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
