-------- Original-Nachricht -------- > Datum: Fri, 30 Jan 2009 11:51:20 +0100 > Von: t...@kalik.net > An: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org> > Betreff: Re: IP-Assignment with sqlippool based on nas-ip-address
> >Now, the "behaviour" of the server changed in the way, that the > freeradius reserves only one ip-address per user. if the same user logs in > again on > the same nas (without accounting-stop-packet before), the old ip-address is > freed and the user receives a new one. > > > > That should happen only if IP allocation has expired (see lease-duration > in sqlippool.conf). There is another allocate-find query that issues > random IPs. > Hmmm, maybe there is another problem in my config. I tried two requests within ten seconds. Attached you'll find the debug. During the second request the first ip-address is freed and can be used again. The lease-duration has the standard value of 3600, so this can't be the reason. This is the table radippool after the second request: +-----------+-----------------+--------------+---------------------+----------+----------+ | pool_name | framedipaddress | nasipaddress | expiry_time | username | pool_key | +-----------+-----------------+--------------+---------------------+----------+----------+ | poolUK | 10.10.10.10 | 10.98.6.95 | 2009-02-02 10:14:32 | peter2 | | | poolUK | 10.10.10.11 | | 2009-02-02 09:14:31 | | 0 | +-----------+-----------------+--------------+---------------------+----------+----------+ debug ------------ rad_recv: Access-Request packet from host 10.98.6.95 port 3099, id=194, length=46 User-Name = "peter2" User-Password = "peter2" +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.98.6.95/auth-detail-20090202 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.98.6.95/auth-detail-20090202 [auth_log] expand: %t -> Mon Feb 2 09:13:45 2009 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "peter2", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 183 ++[files] returns ok [sql] expand: %{User-Name} -> peter2 [sql] sql_set_user escaped user --> 'peter2' rlm_sql (sql): Reserving sql socket id: 0 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'peter2' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'peter2' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'peter2' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'peter2' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'peter2' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'peter2' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'UK' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'UK' ORDER BY id [sql] User found in group UK [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'UK' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'UK' ORDER BY id rlm_sql (sql): Released sql socket id: 0 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "peter2" [pap] Using clear text password "peter2" [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} rlm_sql (sql): Reserving sql socket id: 4 [sqlippool] expand: %{User-Name} -> peter2 [sqlippool] sql_set_user escaped user --> 'peter2' [sqlippool] expand: START TRANSACTION -> START TRANSACTION rlm_sql_mysql: query: START TRANSACTION [sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '%{NAS-Port}' AND nasipaddress = '%{Nas-IP-Address}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '' AND nasipaddress = '10.98.6.95' rlm_sql_mysql: query: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '' AND nasipaddress = '10.98.6.95' [sqlippool] expand: SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < NOW() ORDER BY (username <> '%{User-Name}'), (callingstationid <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name = 'poolUK' AND expiry_time < NOW() ORDER BY (username <> 'peter2'), (callingstationid <> ''), expiry_time LIMIT 1 FOR UPDATE rlm_sql_mysql: query: SELECT framedipaddress FROM radippool WHERE pool_name = 'poolUK' AND expiry_time < NOW() ORDER BY (username <> 'peter2'), (callingstationid <> ''), expiry_time LIMIT 1 FOR UPDATE [sqlippool] expand: UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.11' -> UPDATE radippool SET nasipaddress = '10.98.6.95', pool_key = '', callingstationid = '', username = 'peter2', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.11' rlm_sql_mysql: query: UPDATE radippool SET nasipaddress = '10.98.6.95', pool_key = '', callingstationid = '', username = 'peter2', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.11' [sqlippool] Allocated IP 10.10.10.11 [0b0a0a0a] [sqlippool] expand: COMMIT -> COMMIT rlm_sql_mysql: query: COMMIT rlm_sql (sql): Released sql socket id: 4 [sqlippool] expand: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> Allocated IP: 10.10.10.11 from poolUK (did cli port user peter2) Allocated IP: 10.10.10.11 from poolUK (did cli port user peter2) ++[sqlippool] returns ok ++[exec] returns noop Sending Access-Accept of id 194 to 10.98.6.95 port 3099 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.0 Framed-IP-Address = 10.10.10.11 Finished request 2. Going to the next request Waking up in 4.9 seconds. Cleaning up request 2 ID 194 with timestamp +174 Ready to process requests. rad_recv: Access-Request packet from host 10.98.6.95 port 3114, id=120, length=46 User-Name = "peter2" User-Password = "peter2" +- entering group authorize {...} ++[preprocess] returns ok [auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.98.6.95/auth-detail-20090202 [auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.98.6.95/auth-detail-20090202 [auth_log] expand: %t -> Mon Feb 2 09:14:32 2009 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop [suffix] No '@' in User-Name = "peter2", looking up realm NULL [suffix] No such realm "NULL" ++[suffix] returns noop [eap] No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound [files] users: Matched entry DEFAULT at line 183 ++[files] returns ok [sql] expand: %{User-Name} -> peter2 [sql] sql_set_user escaped user --> 'peter2' rlm_sql (sql): Reserving sql socket id: 3 [sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'peter2' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'peter2' ORDER BY id [sql] User found in radcheck table [sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'peter2' ORDER BY id rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'peter2' ORDER BY id [sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'peter2' ORDER BY priority rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'peter2' ORDER BY priority [sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'UK' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'UK' ORDER BY id [sql] User found in group UK [sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'UK' ORDER BY id rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'UK' ORDER BY id rlm_sql (sql): Released sql socket id: 3 ++[sql] returns ok ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated Found Auth-Type = PAP +- entering group PAP {...} [pap] login attempt with password "peter2" [pap] Using clear text password "peter2" [pap] User authenticated successfully ++[pap] returns ok +- entering group post-auth {...} rlm_sql (sql): Reserving sql socket id: 2 [sqlippool] expand: %{User-Name} -> peter2 [sqlippool] sql_set_user escaped user --> 'peter2' [sqlippool] expand: START TRANSACTION -> START TRANSACTION rlm_sql_mysql: query: START TRANSACTION [sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '%{NAS-Port}' AND nasipaddress = '%{Nas-IP-Address}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '' AND nasipaddress = '10.98.6.95' rlm_sql_mysql: query: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '' AND nasipaddress = '10.98.6.95' [sqlippool] expand: SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < NOW() ORDER BY (username <> '%{User-Name}'), (callingstationid <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name = 'poolUK' AND expiry_time < NOW() ORDER BY (username <> 'peter2'), (callingstationid <> ''), expiry_time LIMIT 1 FOR UPDATE rlm_sql_mysql: query: SELECT framedipaddress FROM radippool WHERE pool_name = 'poolUK' AND expiry_time < NOW() ORDER BY (username <> 'peter2'), (callingstationid <> ''), expiry_time LIMIT 1 FOR UPDATE [sqlippool] expand: UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.10' -> UPDATE radippool SET nasipaddress = '10.98.6.95', pool_key = '', callingstationid = '', username = 'peter2', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.10' rlm_sql_mysql: query: UPDATE radippool SET nasipaddress = '10.98.6.95', pool_key = '', callingstationid = '', username = 'peter2', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.10' [sqlippool] Allocated IP 10.10.10.10 [0a0a0a0a] [sqlippool] expand: COMMIT -> COMMIT rlm_sql_mysql: query: COMMIT rlm_sql (sql): Released sql socket id: 2 [sqlippool] expand: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> Allocated IP: 10.10.10.10 from poolUK (did cli port user peter2) Allocated IP: 10.10.10.10 from poolUK (did cli port user peter2) ++[sqlippool] returns ok ++[exec] returns noop Sending Access-Accept of id 120 to 10.98.6.95 port 3114 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Netmask = 255.255.255.0 Framed-IP-Address = 10.10.10.10 Finished request 3. Going to the next request Waking up in 4.9 seconds. > >Is there a possibility to assign also a specific subnetmask with the > radippool-table? we have different subnetmasks for the different pools. > > > > If these are PPP connections you should use 255.255.255.255 for all of > them. That will match any gateway subnet and mask. You coral them with > firewall. > I'm afriad, but this won't work in my environment. I will need a different subnetmask. Is it possible to use radgroupreply for this issue? Thanks. -- Jetzt 1 Monat kostenlos! GMX FreeDSL - Telefonanschluss + DSL für nur 17,95 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html