Having a bit of a time getting an Orinoco AS-2000 to get an ip address
from the ippool module.. I authenticate just fine, it just falls through
the users file to the dial-up stuff before it gets a match... Here's some
info:
users file
DEFAULT NAS-IP-Address == 172.16.1.8, Auth-Type := Pam, Group ==
wireless64, Pool-Name := wireless64
DEFAULT Auth-Type := Pam, Group == wireless64, Pool-Name := wireless64
DEFAULT Group == wireless128, Pool-Name := wireless128
DEFAULT Group == wireless192, Pool-Name := wireless192
DEFAULT Group == wireless256, Pool-Name := wireless256
DEFAULT Auth-Type := Pam, Huntgroup-Name == wireless64, Pool-Name :=
wireless64
DEFAULT Huntgroup-Name == wireless128, Pool-Name := wireless128
DEFAULT Huntgroup-Name == wireless192, Pool-Name := wireless192
DEFAULT Huntgroup-Name == wireless256, Pool-Name := wireless256
#DEFAULTSimultaneous-Use := 2
# Fall-Through = 1
#DEFAULT Auth-Type := Reject, Huntgroup-Name == mail
#DEFAULT Huntgroup-Name := local, Pool-Name := wireless64
#Filter-Id = locallan,
#Fall-Through = 1
#DEFAULTAuth-Type := Pam
#Service-Type = Framed-User,
#Framed-Protocol = PPP,
#Framed-IP-Address = 255.255.255.254,
#Framed-IP-Netmask = 255.255.255.255,
#Framed-Compression = Van-Jacobson-TCP-IP,
#Session-Timeout = 36,
#Idle-Timeout = 900,
#Framed-MTU = 576
With the dialup stuff commented, I do not get authenticated.. As you can
see, I'm trying several different ways to get a hit...
huntgroups
pop1NAS-IP-Address == 172.16.1.8
wireless64 Group = wireless64
wireless128 Group = wireless128
wireless192 Group = wireless192
wireless256 Group = wireless256
The user I'm testing with is in group wireless64 on the radius server. I
used something similar with Cistron to put people into groups that were
mail only (no Internet access), etc... Can't find any documentation that
says it works any differently now...
radiusd.conf
modules {
ippool wireless64 {
range-start = 64.123.115.131
range-stop = 64.123.115.143
netmask = 255.255.255.128
cache-size = 800
session-db = ${raddbdir}/db.wireless64
ip-index = ${raddbdir}/db.wireless64
}
ippool wireless128 {
range-start = 64.123.115.193
range-stop = 64.123.115.254
netmask = 255.255.255.128
cache-size = 800
session-db = ${raddbdir}/db.wireless128
ip-index = ${raddbdir}/db.wireless128
}
ippool wireless192 {
range-start = 64.123.115.149
range-stop = 64.123.115.160
netmask = 255.255.255.128
cache-size = 800
session-db = ${raddbdir}/db.wireless192
ip-index = ${raddbdir}/db.wireless192
}
ippool wireless256 {
range-start = 64.123.115.162
range-stop = 64.123.115.187
netmask = 255.255.255.128
cache-size = 800
session-db = ${raddbdir}/db.wireless256
ip-index = ${raddbdir}/db.wireless256
}
pam {
pam_auth = radiusd
}
files {
usersfile = ${confdir}/users
acctusersfile = ${confdir}/acct_users
compat = no
}
authorize {
preprocess
files
}
authenticate {
pam
}
accounting {
detail
radutmp
wireless64
wireless128
wireless192
wireless256
}
session {
radutmp
}
post-auth {
wireless64
wireless128
wireless192
wireless256
}
Any help appreciated...
---
Homer Parker
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html