Re[2]: ippool bug or config problem?
Tuesday, September 24, 2002, 7:29:03 PM, [EMAIL PROTECTED] wrote: > On Tue, 24 Sep 2002 [EMAIL PROTECTED] wrote: >> >> ippool assign the same ip address for two different users. >> May be my config is broken? >> When i use large pool (1-254), i have the same bug after restarting >> radiusd. >> - Now I try send auth packet with radclient (user >mmike): >> >> Thread 1 handling request 0, (1 handled so far) >> Service-Type = Framed-User >> Framed-Protocol = PPP >> User-Name = "mmike" >> MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565 >> MS-CHAP2-Response = >0x01002bbf1007dc607b833af3cdd279ece38b2284ae758753dd9cd3e78d98dfcdde06a8db899b56543336 >> NAS-IP-Address = 192.168.0.5 >> NAS-Port = 0 > All Access-Requests contain the same NAS/Port pair. rlm_ippool will consider the > corresponding ip allocated stale and will free it. As a result it will get > reallocated to another user. Whith large pool (1-254) ippool returns differ ip for the same requests. (old db-files removed) Auth-request: Service-Type = Framed-User Framed-Protocol = PPP User-Name = "mmike" MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565 MS-CHAP2-Response = 0x01002bbf1007dc607b833af3cdd279ece38b2284ae758753dd9cd3e78d98dfcdde06a8db899b56543336 NAS-IP-Address = 192.168.0.5 NAS-Port = 0 # radiusd -xx | grep ippool ippool: session-db = "/etc/raddb/pools/db.pool-1-fast" ippool: ip-index = "/etc/raddb/pools/db.pool-1-fast.idx" ippool: range-start = 192.168.5.1 IP address [192.168.5.1] ippool: range-stop = 192.168.5.254 IP address [192.168.5.254] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 800 rlm_ippool: Initializing database Module: Instantiated ippool (ippool-1-fast) REQUEST #1 rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.55 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok REQUEST #2 rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: Found a stale entry for ip/port: 192.168.5.55/0 rlm_ippool: num: 0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.217 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok REQUEST #3 rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: Found a stale entry for ip/port: 192.168.5.217/0 rlm_ippool: num: 0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.92 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok REQUEST #4 rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: Found a stale entry for ip/port: 192.168.5.92/0 rlm_ippool: num: 0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.233 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool bug or config problem?
On Tue, 24 Sep 2002 [EMAIL PROTECTED] wrote: > > ippool assign the same ip address for two different users. > May be my config is broken? > When i use large pool (1-254), i have the same bug after restarting > radiusd. > - Now I try send auth packet with radclient (user >mmike): > > Thread 1 handling request 0, (1 handled so far) > Service-Type = Framed-User > Framed-Protocol = PPP > User-Name = "mmike" > MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565 > MS-CHAP2-Response = >0x01002bbf1007dc607b833af3cdd279ece38b2284ae758753dd9cd3e78d98dfcdde06a8db899b56543336 > NAS-IP-Address = 192.168.0.5 > NAS-Port = 0 All Access-Requests contain the same NAS/Port pair. rlm_ippool will consider the corresponding ip allocated stale and will free it. As a result it will get reallocated to another user. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ippool bug or config problem?
ippool assign the same ip address for two different users. May be my config is broken? When i use large pool (1-254), i have the same bug after restarting radiusd. - radiusd.conf modules { ippool ippool-1-fast { range-start = 192.168.5.1 range-stop = 192.168.5.6 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/pools/db.pool-1-fast ip-index = ${raddbdir}/pools/db.pool-1-fast.idx } } accounting { detail unix radutmp ippool-1-fast } post-auth { ippool-1-fast } - end of radiusd.conf - users DEFAULT NAS-IP-Address == "192.168.0.5", Service-Type == Framed-User, Pool-Name := "ippool-1-fast" Framed-MTU = 1500, Service-Type = Framed-User, Fall-Through = 1 - end of users Now run radiusd: root@vpn:/etc/raddb# radiusd -xx Starting - reading configuration files ... ... Module: Loaded IPPOOL ippool: session-db = "/etc/raddb/pools/db.pool-1-fast" ippool: ip-index = "/etc/raddb/pools/db.pool-1-fast.idx" ippool: range-start = 192.168.5.1 IP address [192.168.5.1] ippool: range-stop = 192.168.5.6 IP address [192.168.5.6] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 800 rlm_ippool: Initializing database Module: Instantiated ippool (ippool-1-fast) Initializing the thread pool... thread: start_servers = 5 thread: max_servers = 32 thread: min_spare_servers = 3 thread: max_spare_servers = 10 thread: max_requests_per_server = 0 thread: cleanup_delay = 5 Ready to process requests. Thread 5 waiting to be assigned a request rad_recv: Access-Request packet from host 192.168.0.5:1026, id=70, length=133 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Nothing to do. Sleeping until we see a request. - Now I try send auth packet with radclient (user mmike): Thread 1 handling request 0, (1 handled so far) Service-Type = Framed-User Framed-Protocol = PPP User-Name = "mmike" MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565 MS-CHAP2-Response = 0x01002bbf1007dc607b833af3cdd279ece38b2284ae758753dd9cd3e78d98dfcdde06a8db899b56543336 NAS-IP-Address = 192.168.0.5 NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_passwd: Added User-Password: mike rlm_passwd: Added Group: fast rlm_passwd: Adding Auth-Type: MS-CHAP modcall[authorize]: module "raddb_userlist" returns ok modcall[authorize]: module "mschap" returns ok rlm_realm: No '@' in User-Name = "mmike", looking up realm NULL rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 201 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok rad_check_password: Found Auth-Type MS-CHAP auth: type "MS-CHAP" modcall: entering group authenticate rlm_mschap: doing MS-CHAPv2 with NT-Password rlm_mschap: adding MS-CHAPv2 MPPE keys modcall[authenticate]: module "mschap" returns ok modcall: group authenticate returns ok Login OK: [mmike] (from client 192.168.0.5 port 0) modcall: entering group post-auth rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.3 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok modcall: group post-auth returns ok Sending Access-Accept of id 70 to 192.168.0.5:1026 Framed-MTU = 1500 Service-Type = Framed-User MS-CHAP2-Success = 0x01533d453742313241354342463337383533443044383236383 73933463331363332363844463839414236 MS-MPPE-Recv-Key = 0xe3464568c260d4f054599eac8c270f89762624d03837024c13e 53c392029a3ca21c2 MS-MPPE-Send-Key = 0xe345be695620746dcc14948143420d08d333dd86889a5a66f9a 1e084b1c5a4b6d723 MS-MPPE-Encryption-Policy = 0x0002 MS-MPPE-Encryption-Types = 0x0004 Framed-IP-Address = 192.168.5.3 OK ip assigned 192.168.5.3 Now I try to connect with pppd+radiusclient (user mmmike) Nothing to do. Sleeping until we see a request. Thread 1 handling request 5, (2 handled so far) Service-Type = Framed-User Framed-Protocol = PPP User-Name = "mmmike" MS-CHAP-Challenge = 0x35a4ce64ebf19fc25af6921225399273 MS-CHAP2-Response = 0x010068295ca3c0f2c063e229225a129b53df00 00405f88f247c0d22d083286a7123eb6cc61415f5401ad09fc NAS-IP-Address = 192.168.0.5 NAS-Port = 0 modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_passwd: Added User-Password: mike rlm_passwd: Added Group: fast rlm_passwd: Adding Auth-Type: MS-CHAP modcall[authorize]: modu