On 02/04/2011 09:28 AM, Gerard Alcorlo Bofill wrote: Gerard, if I understand correctly, the address allocator works, but you have problems getting the wireless AP to accept the IP address you want the wireless client to use.
> *** Sending to 192.168.50.9 port 1645 .... > Code: Access-Accept > Identifier: 208 > Authentic: L$<158><20>#x<233>V<147>3<204>{<161><22>sj > Attributes: > Framed-IP-Netmask = xxx.xxx.xxx.xxx > Framed-IP-Address = xxx.xxx.xxx.xxx > MS-Primary-DNS-Server = xxx.xxx.xxx.xxx > MS-Secondary-DNS-Server = xxx.xxx.xxx.xxx > MS-MPPE-Send-Key = blablabla > MS-MPPE-Recv-Key = blablabla > EAP-Message = blablabla > Message-Authenticator = blablabla You may want to check the incoming Access-Request to see if there are any Framed-* attributes. For example if Framed-Protocol is sent by the WLAN AP, it may want to see Framed-Protocol in the response. What it does with these attributes should be documented by the vendor. >>>> This is the error I'm getting from de AP: >>>> 16:27:29.234 GMT: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes >>>> 16:27:29.241 GMT: RADIUS/ENCODE(0000002A):Orig. component type = DOT11 >>>> 16:27:29.241 GMT: RADIUS/ENCODE: No idb found! Framed IP Addr might not >>>> be included >>>> >>>> I thought that my NAS (my AP) would send all the attributes to the wifi >>>> client but that's not happening. >>>> >>>> Are this attributes only for PPP connections or is it possible to use >>>> them using a wifi AP? I would say the Framed-* attributes are for connections such as PPP or PPPoE. Have you found out how you can transfer the IP address the WLAN AP receives to the Wireless user? It would be interesting to hear if there is a method to do that. The usual case with WPA-Enterprise is that the authentication completes first and the client has then access to the network so it can query the DHCP server. I guess this is what you had first place. There is one hack that might be possible: configure WPA-Enterprise authentication as it is normally done. Configure your DHCP server so that it always asks RADIUS for IP addresses. I think this is technically possible, but a good questions is does it make any sense :) -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator