I send my configuration
=> radiusd.conf
...
ippool test {
range-start = xxx.xxx.xxx.250
range-stop = xxx.xxx.xxx.253
netmask = 255.255.255.0
cache-size = 3
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = yes
maximum-timeout = 0
}
...
post-auth {
test
}
...
=> users
DEFAULT Huntgroup-Name == "xxx", Ldap-Group == "test-ldap", Autz-Type := Ldap, Pool-Name := "test"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = xx
...
=> SWITCH
aaa new-model
aaa authentication dot1x default group radius none
aaa authorization network default group radius
aaa authorization configuration default group radius
aaa accounting dot1x default start-stop group radius
I think there are all ... for use ippool ... I hope that there are no error because I have change my configuration since I have try to use ippool.
Thanks for your answer
Regards,
2006/5/10, Pierre LEONARD <[EMAIL PROTECTED]>:
mad a écrit :
> Hello,
> I have a freeradius server, I use an eap/ttls authentication with
> 802.1x and ldap.
> I want to save the username, the ip adress, the MAC address, the start
> time and the stop time of the connection with the accounting function
> (with mysql).
> I have a problem with the ip address ... because it's dhcpd who give
> an ip address at the client, so freeradius can't have this information.
>
> I have try ippool in freeradius (freeradius want to give an ip address
> but the client don't receive). Also I have read that it's impossible
> to use ippool with eap and when there are access point and/or swith
> between client and server ... it's true ?
>
> I have also try other solutions (with syslog-ng who get the ip address
> in the log and insert in acct table ..., a scripts with omshell who
> permit to freeradius to indicate at dhcpd what ip address give at this
> client ...) BUT I think this solution are very unstable ...
>
> What do you think about this ?
> Have you an other solution ?
>
> Sorry my english is rusty ... and thanks for your answers
>
> Regards,
>
> Psymad
>
>------------------------------------------------------------------------
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
i've a similar problem...but i don't arrive to assign fixed ip to a vpn
client.
my radius server (freeradius) send ip config like ip address, netmask,
vlan and the router receive this info but it don't use.
i don't know how configure it in order to say that it must relay config
from the radius
in my router config i cannot specify the authorization like
" aaa authorization network authorization-radius group group-radius" and
i must replace "network" by "configuration"
because with "network" the router send the name of the client isakmp
group as user name and "cisco" as password but i haven't specify this
password. i don't understand where he found this pass...
i know that i don't answers your request but if you could show me your
configuration maybe i will understand my error !
thanks
ps: are you french ?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html