Re[2]: ippool bug or config problem?
Tuesday, September 24, 2002, 7:29:03 PM, [EMAIL PROTECTED] wrote: > On Tue, 24 Sep 2002 [EMAIL PROTECTED] wrote: >> >> ippool assign the same ip address for two different users. >> May be my config is broken? >> When i use large pool (1-254), i have the same bug after restarting >> radiusd. >> - Now I try send auth packet with radclient (user >mmike): >> >> Thread 1 handling request 0, (1 handled so far) >> Service-Type = Framed-User >> Framed-Protocol = PPP >> User-Name = "mmike" >> MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565 >> MS-CHAP2-Response = >0x01002bbf1007dc607b833af3cdd279ece38b2284ae758753dd9cd3e78d98dfcdde06a8db899b56543336 >> NAS-IP-Address = 192.168.0.5 >> NAS-Port = 0 > All Access-Requests contain the same NAS/Port pair. rlm_ippool will consider the > corresponding ip allocated stale and will free it. As a result it will get > reallocated to another user. Whith large pool (1-254) ippool returns differ ip for the same requests. (old db-files removed) Auth-request: Service-Type = Framed-User Framed-Protocol = PPP User-Name = "mmike" MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565 MS-CHAP2-Response = 0x01002bbf1007dc607b833af3cdd279ece38b2284ae758753dd9cd3e78d98dfcdde06a8db899b56543336 NAS-IP-Address = 192.168.0.5 NAS-Port = 0 # radiusd -xx | grep ippool ippool: session-db = "/etc/raddb/pools/db.pool-1-fast" ippool: ip-index = "/etc/raddb/pools/db.pool-1-fast.idx" ippool: range-start = 192.168.5.1 IP address [192.168.5.1] ippool: range-stop = 192.168.5.254 IP address [192.168.5.254] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 800 rlm_ippool: Initializing database Module: Instantiated ippool (ippool-1-fast) REQUEST #1 rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.55 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok REQUEST #2 rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: Found a stale entry for ip/port: 192.168.5.55/0 rlm_ippool: num: 0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.217 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok REQUEST #3 rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: Found a stale entry for ip/port: 192.168.5.217/0 rlm_ippool: num: 0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.92 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok REQUEST #4 rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0 rlm_ippool: Found a stale entry for ip/port: 192.168.5.92/0 rlm_ippool: num: 0 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.5.233 to client on nas 192.168.0.5,port 0 modcall[post-auth]: module "ippool-1-fast" returns ok - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool bug or config problem?
On Tue, 24 Sep 2002 [EMAIL PROTECTED] wrote: > > ippool assign the same ip address for two different users. > May be my config is broken? > When i use large pool (1-254), i have the same bug after restarting > radiusd. > - Now I try send auth packet with radclient (user >mmike): > > Thread 1 handling request 0, (1 handled so far) > Service-Type = Framed-User > Framed-Protocol = PPP > User-Name = "mmike" > MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565 > MS-CHAP2-Response = >0x01002bbf1007dc607b833af3cdd279ece38b2284ae758753dd9cd3e78d98dfcdde06a8db899b56543336 > NAS-IP-Address = 192.168.0.5 > NAS-Port = 0 All Access-Requests contain the same NAS/Port pair. rlm_ippool will consider the corresponding ip allocated stale and will free it. As a result it will get reallocated to another user. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ippool bug or config problem?
ippool assign the same ip address for two different users.
May be my config is broken?
When i use large pool (1-254), i have the same bug after restarting
radiusd.
- radiusd.conf
modules {
ippool ippool-1-fast {
range-start = 192.168.5.1
range-stop = 192.168.5.6
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/pools/db.pool-1-fast
ip-index = ${raddbdir}/pools/db.pool-1-fast.idx
}
}
accounting {
detail
unix
radutmp
ippool-1-fast
}
post-auth {
ippool-1-fast
}
- end of radiusd.conf
- users
DEFAULT NAS-IP-Address == "192.168.0.5", Service-Type == Framed-User, Pool-Name :=
"ippool-1-fast"
Framed-MTU = 1500,
Service-Type = Framed-User,
Fall-Through = 1
- end of users
Now run radiusd:
root@vpn:/etc/raddb# radiusd -xx
Starting - reading configuration files ...
...
Module: Loaded IPPOOL
ippool: session-db = "/etc/raddb/pools/db.pool-1-fast"
ippool: ip-index = "/etc/raddb/pools/db.pool-1-fast.idx"
ippool: range-start = 192.168.5.1 IP address [192.168.5.1]
ippool: range-stop = 192.168.5.6 IP address [192.168.5.6]
ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
ippool: cache-size = 800
rlm_ippool: Initializing database
Module: Instantiated ippool (ippool-1-fast)
Initializing the thread pool...
thread: start_servers = 5
thread: max_servers = 32
thread: min_spare_servers = 3
thread: max_spare_servers = 10
thread: max_requests_per_server = 0
thread: cleanup_delay = 5
Ready to process requests.
Thread 5 waiting to be assigned a request
rad_recv: Access-Request packet from host 192.168.0.5:1026, id=70, length=133
Thread 1 assigned request 0
--- Walking the entire request list ---
Threads: total/active/spare threads = 5/1/4
Nothing to do. Sleeping until we see a request.
- Now I try send auth packet with radclient (user
mmike):
Thread 1 handling request 0, (1 handled so far)
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "mmike"
MS-CHAP-Challenge = 0xb9ca50b535f1d25c8d22873d4c203565
MS-CHAP2-Response =
0x01002bbf1007dc607b833af3cdd279ece38b2284ae758753dd9cd3e78d98dfcdde06a8db899b56543336
NAS-IP-Address = 192.168.0.5
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_passwd: Added User-Password: mike
rlm_passwd: Added Group: fast
rlm_passwd: Adding Auth-Type: MS-CHAP
modcall[authorize]: module "raddb_userlist" returns ok
modcall[authorize]: module "mschap" returns ok
rlm_realm: No '@' in User-Name = "mmike", looking up realm NULL
rlm_realm: No such realm NULL
modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 201
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
rad_check_password: Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group authenticate
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module "mschap" returns ok
modcall: group authenticate returns ok
Login OK: [mmike] (from client 192.168.0.5 port 0)
modcall: entering group post-auth
rlm_ippool: Searching for an entry for nas/port: 192.168.0.5/0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 192.168.5.3 to client on nas 192.168.0.5,port 0
modcall[post-auth]: module "ippool-1-fast" returns ok
modcall: group post-auth returns ok
Sending Access-Accept of id 70 to 192.168.0.5:1026
Framed-MTU = 1500
Service-Type = Framed-User
MS-CHAP2-Success = 0x01533d453742313241354342463337383533443044383236383
73933463331363332363844463839414236
MS-MPPE-Recv-Key = 0xe3464568c260d4f054599eac8c270f89762624d03837024c13e
53c392029a3ca21c2
MS-MPPE-Send-Key = 0xe345be695620746dcc14948143420d08d333dd86889a5a66f9a
1e084b1c5a4b6d723
MS-MPPE-Encryption-Policy = 0x0002
MS-MPPE-Encryption-Types = 0x0004
Framed-IP-Address = 192.168.5.3
OK ip assigned 192.168.5.3
Now I try to connect with pppd+radiusclient (user mmmike)
Nothing to do. Sleeping until we see a request.
Thread 1 handling request 5, (2 handled so far)
Service-Type = Framed-User
Framed-Protocol = PPP
User-Name = "mmmike"
MS-CHAP-Challenge = 0x35a4ce64ebf19fc25af6921225399273
MS-CHAP2-Response = 0x010068295ca3c0f2c063e229225a129b53df00
00405f88f247c0d22d083286a7123eb6cc61415f5401ad09fc
NAS-IP-Address = 192.168.0.5
NAS-Port = 0
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_passwd: Added User-Password: mike
rlm_passwd: Added Group: fast
rlm_passwd: Adding Auth-Type: MS-CHAP
modcall[authorize]: modu
