Hello all,
I want to use Freeradius to assign IP addresses to clients from main_pool. After all set up (I think), L2tp tunnel is established but user cannot get an IP from Freeradius. From the Reply message, I see no IP is replied to user. Could anyone take a look at the debug and give me a hint? Debug: radiusd: #### Loading Virtual Servers #### server inner-tunnel { modules { Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating chap Module: Linked to module rlm_mschap Module: Instantiating mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no } Module: Linked to module rlm_unix Module: Instantiating unix unix { radwtmp = "/usr/local/var/log/radius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating eap eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support. rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support. rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support. Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_realm Module: Instantiating suffix realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating files files { usersfile = "/usr/local/etc/raddb/users" acctusersfile = "/usr/local/etc/raddb/acct_users" preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" compat = "no" } [/usr/local/etc/raddb/users]:107 WARNING! Check item "Group" found in reply i tem list for user "testuser". This attribute MUST go on the first line with th e other check items [/usr/local/etc/raddb/users]:107 WARNING! Check item "Pool-Name" found in reply item list for user "testuser". This attribute MUST go on the first line with the other check items Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating radutmp radutmp { filename = "/usr/local/var/log/radius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Linked to module rlm_attr_filter Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/usr/local/etc/raddb/attrs.access_reject" key = "%{User-Name}" } } } server { modules { Module: Checking authenticate {...} for more modules to load Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating preprocess preprocess { huntgroups = "/usr/local/etc/raddb/huntgroups" hints = "/usr/local/etc/raddb/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NA S-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating detail detail { detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/det ail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_ippool Module: Instantiating main_pool ippool main_pool { session-db = "/usr/local/etc/raddb/db.ippool" ip-index = "/usr/local/etc/raddb/db.ipindex" key = "%{NAS-IP-Address} %{NAS-Port}" range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 override = yes maximum-timeout = 0 } Module: Instantiating attr_filter.accounting_response attr_filter attr_filter.accounting_response { attrsfile = "/usr/local/etc/raddb/attrs.accounting_response" key = "%{User-Name}" } Module: Checking session {...} for more modules to load Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load } } radiusd: #### Opening IP addresses and Ports #### listen { type = "auth" ipaddr = * port = 0 } listen { type = "acct" ipaddr = * port = 0 } Listening on authentication address * port 1812 Listening on accounting address * port 1813 Ready to process requests. Here is the process: rad_recv: Access-Request packet from host 127.0.0.1 port 32915, id=0, length=145 User-Name = "testuser" User-Password = "testing" NAS-Port = 1 Service-Type = Framed-User Framed-Protocol = PPP Calling-Station-Id = "atm 9/0.438:13.172#184577265#atm xyz#speed:UBR#ppp oe 00:1c:23:b6:d3:45#" NAS-IP-Address = 0.0.0.0 +- entering group authorize ++[preprocess] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL rlm_realm: No such realm "NULL" ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound users: Matched entry testuser at line 107 ++[files] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "testing" rlm_pap: Using clear text password "testing" rlm_pap: User authenticated successfully ++[pap] returns ok Login OK: [testuser/testing] (from client localhost port 1 cli atm 9/0.438:13.17 2#184577265#atm xyz#speed:UBR#pppoe 00:1c:23:b6:d3:45#) +- entering group post-auth rlm_ippool: Could not find Pool-Name attribute. ++[main_pool] returns noop Sending Access-Accept of id 0 to 127.0.0.1 port 32915 Service-Type == Framed-User Framed-Protocol == PPP Finished request 0. Going to the next request Waking up in 0.9 seconds. Waking up in 3.9 seconds. Cleaning up request 0 ID 0 with timestamp +283 Ready to process requests.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html