Tom Murphy wrote:
Hi,
I'm using a linux box as the NAS. PPP connections come in and get
fed to radiusclient which in turn contacts a FreeRADIUS 1.1.3 server.
Some of the PPP connections are dynamic, most are static. I did set up
ippool properly in FreeRADIUS, but it dishes out only 2 IP addresses.
Doing some searching around, I discovered this is because the Nas-Port
is always 0 (as evidenced by the radius log files). So it will only
send those two addresses out because it "thinks" the same user is
logging on each time?
Certainly if the NAS-Port isn't being set correctly, ippool won't work.
Is there a way to tell the pppd-radius plugin, or, radiusclient to
use a different "NAS Port" when it sends the RADIUS authentication
requests? The pppd-radius man page says I can use "map-to-ifname" or
"map-to-ttyname" (I'm using PPP v2.4.4b1). However, looking at the
source code for pppd-radius, in radius.c it appears the NAS Port is
hardcoded as zero. Would it then, be up to radiusclient to send the
The code I'm looking at (both the 2.4.3 and CVS) does not do anything of
the sort. The "radius_chap_verify" and "radius_pap_auth" functions both set:
rstate.client_port = get_client_port(portnumap ? devnam : ifname);
...and that function either strips the digits off interface formatted
names such as "pppXYZ" and returns that or calls rc_map2id which is a
radiusclient function that reads /etc/radiusclient/port-id-map but only
for TTYs.
I run a couple of multi-hundred-client servers off ppp-2.4.3 with the
bundled radius plugin, and it works just fine. I didn't have to change
the defaults.
NAS Port? It appears to only have facility for setting NAS Port from
the tty, and that's not an option for me.
Why?
It seems the problem lies with your local installation. I'm not sure how
you troubleshoot it further - are you sure you're using a recent ppp?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
