RE: dynamic IP address through Cisco AP
> > Wireless authentication CANNOT assign IP addresses. > > You have to use RADIUS to authenticte the wireless user, > and DHCP to > > assign the user an IP address. > > So if I understand: > - user wireless user authentification and client IP address are two > independent problems. Most certainly. > - RADIUS logs contain MAC address and DHCP logs contain pair > of MAC address and IP address. Yes. Although the times of the accounting start and the dhcp lease start won't match exactly (even if dhcpd and radiusd are running on the same machine). Guy This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic IP address through Cisco AP
> Wireless authentication CANNOT assign IP addresses. > You have to use RADIUS to authenticte the wireless user, and DHCP to > assign the user an IP address. So if I understand: - user wireless user authentification and client IP address are two independent problems. - RADIUS logs contain MAC address and DHCP logs contain pair of MAC address and IP address. Thanks a lot. -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network & system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dynamic IP address through Cisco AP
> > You're trying to use a PPP mechanism over an "ethernet" media. > > Wireless clients use DHCP for the acquisition of IP addresses (and > > other parameters), not Framed-IP-Address. Remove the IP-pool info > > from your RADIUS server (unless you're also using dialup NASes) and > > put it onto a server running DHCP and all should be well :) > > Understood. > But I want some logs of: which user get which IP address in > which time. Will be this information in radius acct_log ? Hmm, that information isn't included in the accounting data because the RADIUS server doesn't know it nor does the AP. You might try correlating the information in Calling-Station-Id (i.e. the host's MAC address), which *is* recorded in the accounting data, with dhcp logs. /var/db/dhcpd.leases matches a lease start time to a MAC and an IP address. However, once the lease expires, that information might be overwritten. Regards, Guy This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dynamic IP address through Cisco AP
> You're trying to use a PPP mechanism over an "ethernet" media. Wireless > clients use DHCP for the acquisition of IP addresses (and other > parameters), not Framed-IP-Address. Remove the IP-pool info from your > RADIUS server (unless you're also using dialup NASes) and put it onto a > server running DHCP and all should be well :) Understood. But I want some logs of: which user get which IP address in which time. Will be this information in radius acct_log ? -- Bc. Jan 'EIS' Satko Slovak University of Agriculture network & system managerTr. A. Hlinku 2 Tel: +421 37 7412 616 949 76 Nitra Slovakia - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: dynamic IP address through Cisco AP
Jan Satko <[EMAIL PROTECTED]> wrote: > I have configured freeradius (with realm and IP pool) with PEAP support on > mysql backend. NAS is Cisco 1100 and client is CB21AG (Cisco) pcmcia > adapter. Authorization and authentification works ok. > But my problem is that my winXP didn't recieved IP address from the pool. > But Freeradius send it ! Wireless authentication CANNOT assign IP addresses. You have to use RADIUS to authenticte the wireless user, and DHCP to assign the user an IP address. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: dynamic IP address through Cisco AP
You're trying to use a PPP mechanism over an "ethernet" media. Wireless clients use DHCP for the acquisition of IP addresses (and other parameters), not Framed-IP-Address. Remove the IP-pool info from your RADIUS server (unless you're also using dialup NASes) and put it onto a server running DHCP and all should be well :) Regards, Guy > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Jan Satko > Sent: 15 July 2004 15:38 > To: [EMAIL PROTECTED] > Subject: dynamic IP address through Cisco AP > > > Hi. > I'm running freeradius 1.0.0-pre3 od RH9.0. > I have configured freeradius (with realm and IP pool) with > PEAP support on mysql backend. NAS is Cisco 1100 and client > is CB21AG (Cisco) pcmcia adapter. Authorization and > authentification works ok. But my problem is that my winXP > didn't recieved IP address from the pool. But Freeradius send it ! > > rlm_ippool: Searching for an entry for nas/port: x.x.x.x/264 > rlm_ippool: Allocating ip to nas/port: x.x.x.x/264 > rlm_ippool: num: 1 > rlm_ippool: Allocated ip x.x.x.x to client on nas x.x.x.x,port 264 > modcall[post-auth]: module "ip_users" returns ok for request 10 > modcall: group post-auth returns ok for request 10 > Sending Access-Accept of id 22 to x.x.x.x:21645 > MS-MPPE-Recv-Key = > 0xbd26e075c1307e8cd870088a20f6ae673eaac040ec91cf18fae1106b251bc2a4 > MS-MPPE-Send-Key = > 0xb1f2feddb2d416232f90277a1edee44b31041b85270c15b91077e6c2a9cef1c5 > EAP-Message = 0x030a0004 > Message-Authenticator = 0x > User-Name = "jansat01" > Framed-IP-Address = x.x.x.x > Framed-IP-Netmask = 255.255.255.0 > Finished request 10 > > When I shutdown the winXP client Freeradius release IP address. > > rlm_ippool: Searching for an entry for nas/port: x.x.x.x/264 > rlm_ippool: Deallocated entry for ip/port: x.x.x.x/264 > rlm_ippool: num: 0 > modcall[accounting]: module "ip_users" returns ok for request 12 > > Cisco 1100 (AP) recieve RADIUS message about > Framed-IP-address (debug dhcp show it). > > Where is the problem ? I have more APs so DHCP on each AP > isn't good for me. I hoped that Freeradius IP pool solved > this problem for me. > > Thanks. > > -- >Bc. Jan 'EIS' Satko Slovak University of Agriculture > network & system managerTr. A. Hlinku 2 > Tel: +421 37 7412 616 949 76 Nitra Slovakia > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > This e-mail is private and may be confidential and is for the intended recipient only. If misdirected, please notify us by telephone and confirm that it has been deleted from your system and any copies destroyed. If you are not the intended recipient you are strictly prohibited from using, printing, copying, distributing or disseminating this e-mail or any information contained in it. We use reasonable endeavours to virus scan all e-mails leaving the Company but no warranty is given that this e-mail and any attachments are virus free. You should undertake your own virus checking. The right to monitor e-mail communications through our network is reserved by us. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
