Re: Next Pool option
On Wed, Jul 6, 2011 at 5:33 PM, Antonio Maciá wrote: > Hi Fajar, > > I have configured the code in the post-auth section. When the first pool is > exhausted it tries to give from the secondary, but although there are free > ips it fails. I tried changing the order of the pools, putting the secondary > pool first and it gives addresses correctly, so this pool is well > configured. > Here is the output: > > +++[basic_pool] returns notfound > +++? If (notfound) > ? Evaluating (notfound) -> TRUE > +++- entering if (notfound) {...} > [control] returns notfound > > [basic_pool2] No available ip addresses in pool > [basic_pool2] returns notfound > +++- if (notfound) returns notfound > ++- if("%{control:Pool-Name}" == "redundant_pool") returns notfound > > Any idea? ( shrug ) it works on my test. Start with pasting the complete radiusd -X output. It should be able to show any configuration error. From the limited lines that you post it should be very clear > [basic_pool2] No available ip addresses in pool ... then again it might be a bug in the code, in which case testing the latest version (I'd recommend using v2.1.x branch from git, which is what I currently use) should be useful. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Next Pool option
On Tue, Jul 5, 2011 at 3:35 PM, Antonio Maciá wrote: > Hi! > > > > Im running the 2.1.11 version and I would like to know how to > configure next-pool options in the ippool file in order to get a ip from a > secondary pool when the first pool is starved. > > Lets say I have two pools, 172.16.1.0/24 and 192.168.10.0/24 and I want > that as soon as the 172.16.1.0 range is empty, the Radius start giving > addresses form the 192.168.10.0 pool. Is it possible? >Unlang is your friend. >The key point is when a pool exhaust its ip address range, it will >return notfound. So you can have something like this in >modues/ippool-test: >ippool ippool-test1 { > range-start = 192.168.1.1 > range-stop = 192.168.1.254 > netmask = 255.255.255.0 > cache-size = 256 > session-db = ${db_dir}/db.ippool-test1 > ip-index = ${db_dir}/db.ipindex-test1 > override = no > maximum-timeout = 0 >} >pool ippool-test2 { > range-start = 192.168.2.1 > range-stop = 192.168.2.254 > netmask = 255.255.255.0 > cache-size = 256 > session-db = ${db_dir}/db.ippool-test2 > ip-index = ${db_dir}/db.ipindex-test2 > override = no > maximum-timeout = 0 >} >... and something like this on users (or db, wherever your users data is) >testuser Cleartext-Password := "testpass", Pool-Name := "redundant-pool" >... and something this in post-auth >if ("%{control:Pool-Name}" == "redundant-pool") { >update control { >Pool-Name := "ippool-test1" >} >ippool-test1 >if (notfound) { >update control { >Pool-Name := "ippool-test2" >} >ippool-test2 >} >} > >-- >Fajar Hi Fajar, I have configured the code in the post-auth section. When the first pool is exhausted it tries to give from the secondary, but although there are free ips it fails. I tried changing the order of the pools, putting the secondary pool first and it gives addresses correctly, so this pool is well configured. Here is the output: +++[basic_pool] returns notfound +++? If (notfound) ? Evaluating (notfound) -> TRUE +++- entering if (notfound) {...} [control] returns notfound [basic_pool2] No available ip addresses in pool [basic_pool2] returns notfound +++- if (notfound) returns notfound ++- if("%{control:Pool-Name}" == "redundant_pool") returns notfound Any idea? List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Next Pool option
On Tue, Jul 5, 2011 at 3:35 PM, Antonio Maciá wrote: > Hi! > > > > I’m running the 2.1.11 version and I would like to know how to > configure next-pool options in the ippool file in order to get a ip from a > secondary pool when the first pool is starved. > > Let’s say I have two pools, 172.16.1.0/24 and 192.168.10.0/24 and I want > that as soon as the 172.16.1.0 range is empty, the Radius start giving > addresses form the 192.168.10.0 pool. Is it possible? Unlang is your friend. The key point is when a pool exhaust its ip address range, it will return notfound. So you can have something like this in modues/ippool-test: ippool ippool-test1 { range-start = 192.168.1.1 range-stop = 192.168.1.254 netmask = 255.255.255.0 cache-size = 256 session-db = ${db_dir}/db.ippool-test1 ip-index = ${db_dir}/db.ipindex-test1 override = no maximum-timeout = 0 } ippool ippool-test2 { range-start = 192.168.2.1 range-stop = 192.168.2.254 netmask = 255.255.255.0 cache-size = 256 session-db = ${db_dir}/db.ippool-test2 ip-index = ${db_dir}/db.ipindex-test2 override = no maximum-timeout = 0 } ... and something like this on users (or db, wherever your users data is) testuser Cleartext-Password := "testpass", Pool-Name := "redundant-pool" ... and something this in post-auth if ("%{control:Pool-Name}" == "redundant-pool") { update control { Pool-Name := "ippool-test1" } ippool-test1 if (notfound) { update control { Pool-Name := "ippool-test2" } ippool-test2 } } -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html