Re: ip pool problem ?

[Oliver Graf]

On Thu, Dec 18, 2003 at 03:49:20PM +0700, [EMAIL PROTECTED] wrote:
> I need help on configuring freeradius , on ip pooling. issue i use mysql as the user 
> as well as ip database. But it seems , radius can works on range ip i gave but i 
> works on ip with "+", but i can control the ip assignment that server gave to user 
> who dials in. Also i previously try using main_ippool with range start & range stop, 
> it seems dont work. Can anyone help me figure out this phenomena ?

As far as I know, freeradius does not store ip pools in sql databases.

Perhaps you can provide some debugging output and confguration you
use (don't send everything, only the 'interesting' parts).

Oliver.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ip pool problem ?

[joko4003]

Dearest Freeradiusers,
 
I need help on configuring freeradius , on ip 
pooling. issue i use mysql as the user as well as ip database. But it seems , 
radius can works on range ip i gave but i works on ip with "+", but i can 
control the ip assignment that server gave to user who dials in. Also i 
previously try using main_ippool with range start & range stop, it seems 
dont work. Can anyone help me figure out this phenomena ?
 
Thx i look fwd for any respond and 
advice
 
Joko P.

Re: IP Pool Unused IPs deallocation?

[Oliver Graf]

On Thu, Dec 04, 2003 at 03:27:49PM +0200, m0bius wrote:
> Well you may actually be correct but from what I have read during the
> past months some NAS equipment didn't have any problems with the ip
> management via the radius server so I though this should be a most
> applicable method to setup radius.

It is a nice to manage all ips on the radius, but on the other hand I
do just the same with my pool based setup. All pools and pool
assignments are managed via the radius on our ascend and cisco nas
equipment (they both support nas side ip pools managed via radius very
well).

Oliver.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: IP Pool Unused IPs deallocation?

[m0bius]

> > > On the other hand: why not just let the MAX distribute the IPs?
make a
> > > pools-NAS-NAME entry which assigns your pools to the NAS and
choose
> > > the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I
have
> > > about a dozend MAX 2000/4000/6000/TNT with this setup).
> > 
> > So let me see if I get this straight. I should create something
like:
> > 
> > pools-nas1 Ascend-Assign-IP-Pool := "nas1_pool" ?

> No.

> Example (makes three pools on nas1 and has 3 test users which each get
> an ip from a different pool):

> pools-nas1Auth-Type := Local, User-Password == "ascend"
>   Service-Type = Outbound-User,
>   Ascend-IP-Pool-Definition = "1 10.10.10.1 126",
>   Ascend-IP-Pool-Definition = "2 10.10.20.1 126",
>   Ascend-IP-Pool-Definition = "3 10.10.30.1 126"

> user1 Auth-Type := Local, User-Password == "test1"
>   Service-Type = Framed,
>   Framed-Protocol = MPP,
>   Ascend-Maximum-Channels = 2,
>   Ascend-Assign-IP-Pool = 1,
>   Ascend-Idle-Limit = 3600,
>   Ascend-Client-Primary-DNS = 10.1.1.1,
>   Ascend-Client-Secondary-DNS = 10.2.1.1,
>   Ascend-Client-Assign-DNS = DNS-Assign-Yes
>
> user2 Auth-Type := Local, User-Password == "test2"
>   Service-Type = Framed,
>   Framed-Protocol = MPP,
>   Ascend-Maximum-Channels = 2,
>   Ascend-Assign-IP-Pool = 2,
>   Ascend-Idle-Limit = 3600,
>   Ascend-Client-Primary-DNS = 10.1.1.1,
>   Ascend-Client-Secondary-DNS = 10.2.1.1,
>   Ascend-Client-Assign-DNS = DNS-Assign-Yes

> user3 Auth-Type := Local, User-Password == "test3"
>   Service-Type = Framed,
>   Framed-Protocol = MPP,
>   Ascend-Maximum-Channels = 2,
>   Ascend-Assign-IP-Pool = 3,
>   Ascend-Idle-Limit = 3600,
>   Ascend-Client-Primary-DNS = 10.1.1.1,
>   Ascend-Client-Secondary-DNS = 10.2.1.1,
>   Ascend-Client-Assign-DNS = DNS-Assign-Yes

> This works well with fallback defaults / sql group replies.

I see. I will forward these changes to see whether the problems are
totally solved and let you know of the outcome. This hole issue with the
IP Pools has been in my mind since I first started working along with
Radius.

> > I don't know if I understood exactly what you mean. I've never
worked 
> > with ascend before. If however it's pretty much the above has this 
> > anything to do with the countless auth requests regarding 
> > pools-nas1/ascend I receive or have I screwed everything badly? :-)

> Oh, missed that paragraph...

> Yep. pool defs must go to the pools user of the nas. As soon as the
max 
> powers up, it asks for its pools. If it gets a user reply which has a 
> unknown pool, it should ask again.

Another helpful tip. Browsing the archives this subject had been
mentioned before but the answer was simply to put this user in
Service-Type = REJECT to avoid the logging of these connections. Let
along the manuals of the NAS equipment have been lost through the
centuries making my life much more difficult :-)

> I don't trust freeradius to assign IP addresses, cause the NAS is the
one > who knows if a session is there or if it is not. There is no real
point in > letting the radius assign ip adresses if your NAS equipment
can do it. And > if you are changing pools often, this is also no
problem if your running 
> some sort of dynamic routing protocol, cause the nas will announce
it's 
> learned pools via this way...

Well you may actually be correct but from what I have read during the
past months some NAS equipment didn't have any problems with the ip
management via the radius server so I though this should be a most
applicable method to setup radius.

> Oliver.

Thank you very much for all your help.

Regards, 
Paris




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP Pool Unused IPs deallocation?

[Oliver Graf]

On Thu, Dec 04, 2003 at 11:17:12AM +0200, m0bius wrote:
> I don't know if I understood exactly what you mean. I've never worked
> with ascend before. If however it's pretty much the above has this
> anything to do with the countless auth requests regarding
> pools-nas1/ascend I receive or have I screwed everything badly? :-)

Oh, missed that paragraph...

Yep. pool defs must go to the pools user of the nas. As soon as the
max powers up, it asks for its pools. If it gets a user reply which
has a unknown pool, it should ask again.

I don't trust freeradius to assign IP addresses, cause the NAS is the
one who knows if a session is there or if it is not. There is no real
point in letting the radius assign ip adresses if your NAS equipment
can do it. And if you are changing pools often, this is also no
problem if your running some sort of dynamic routing protocol, cause
the nas will announce it's learned pools via this way...

Oliver.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP Pool Unused IPs deallocation?

[Oliver Graf]

On Thu, Dec 04, 2003 at 11:17:12AM +0200, m0bius wrote:
> 
> > > DEFAULT Service-Type == Framed-User,  Pool-Name := "main_pool"
> > > Framed-MTU = 1500,
> > > Service-Type = Framed-User,
> > >     Fall-Through = 1,
> > > Ascend-IP-Pool-Definition = "1 111.222.333.97 93"
> 
> > As far as I understand, an Ascend-Pool def is not needed in the
> > described setup. If the radius assigns IPs, the MAX does not need a
> > pool, just route the IPs to it.
> 
> Actually Ascend-IP-Pool-Definition has been there since my early tests
> and hasn't been removed by a mistake.
> 
> > On the other hand: why not just let the MAX distribute the IPs? make a
> > pools-NAS-NAME entry which assigns your pools to the NAS and choose
> > the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I have
> > about a dozend MAX 2000/4000/6000/TNT with this setup).
> 
> So let me see if I get this straight. I should create something like:
> 
> pools-nas1 Ascend-Assign-IP-Pool := "nas1_pool" ?

No.

Example (makes three pools on nas1 and has 3 test users which each get
an ip from a different pool):

pools-nas1  Auth-Type := Local, User-Password == "ascend"
        Service-Type = Outbound-User,
Ascend-IP-Pool-Definition = "1 10.10.10.1 126",
Ascend-IP-Pool-Definition = "2 10.10.20.1 126",
Ascend-IP-Pool-Definition = "3 10.10.30.1 126"

user1   Auth-Type := Local, User-Password == "test1"
Service-Type = Framed,
Framed-Protocol = MPP,
Ascend-Maximum-Channels = 2,
Ascend-Assign-IP-Pool = 1,
Ascend-Idle-Limit = 3600,
Ascend-Client-Primary-DNS = 10.1.1.1,
Ascend-Client-Secondary-DNS = 10.2.1.1,
Ascend-Client-Assign-DNS = DNS-Assign-Yes

user2   Auth-Type := Local, User-Password == "test2"
Service-Type = Framed,
Framed-Protocol = MPP,
Ascend-Maximum-Channels = 2,
Ascend-Assign-IP-Pool = 2,
Ascend-Idle-Limit = 3600,
Ascend-Client-Primary-DNS = 10.1.1.1,
Ascend-Client-Secondary-DNS = 10.2.1.1,
Ascend-Client-Assign-DNS = DNS-Assign-Yes

user3   Auth-Type := Local, User-Password == "test3"
Service-Type = Framed,
Framed-Protocol = MPP,
Ascend-Maximum-Channels = 2,
Ascend-Assign-IP-Pool = 3,
Ascend-Idle-Limit = 3600,
Ascend-Client-Primary-DNS = 10.1.1.1,
Ascend-Client-Secondary-DNS = 10.2.1.1,
Ascend-Client-Assign-DNS = DNS-Assign-Yes

This works well with fallback defaults / sql group replies.

Oliver.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: IP Pool Unused IPs deallocation?

[m0bius]

> > DEFAULT Service-Type == Framed-User,  Pool-Name := "main_pool"
> > Framed-MTU = 1500,
> > Service-Type = Framed-User,
> > Fall-Through = 1,
> > Ascend-IP-Pool-Definition = "1 111.222.333.97 93"

> As far as I understand, an Ascend-Pool def is not needed in the
> described setup. If the radius assigns IPs, the MAX does not need a
> pool, just route the IPs to it.

Actually Ascend-IP-Pool-Definition has been there since my early tests
and hasn't been removed by a mistake.

> On the other hand: why not just let the MAX distribute the IPs? make a
> pools-NAS-NAME entry which assigns your pools to the NAS and choose
> the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I have
> about a dozend MAX 2000/4000/6000/TNT with this setup).

So let me see if I get this straight. I should create something like:

pools-nas1 Ascend-Assign-IP-Pool := "nas1_pool" ?

I don't know if I understood exactly what you mean. I've never worked
with ascend before. If however it's pretty much the above has this
anything to do with the countless auth requests regarding
pools-nas1/ascend I receive or have I screwed everything badly? :-)

> Oliver.


Regards,
Paris




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP Pool Unused IPs deallocation?

[Oliver Graf]

On Thu, Dec 04, 2003 at 03:07:41AM +0200, m0bius wrote:
> DEFAULT Service-Type == Framed-User,  Pool-Name := "main_pool"
> Framed-MTU = 1500,
> Service-Type = Framed-User,
> Fall-Through = 1,
> Ascend-IP-Pool-Definition = "1 111.222.333.97 93"

As far as I understand, an Ascend-Pool def is not needed in the
described setup. If the radius assigns IPs, the MAX does not need a
pool, just route the IPs to it.

On the other hand: why not just let the MAX distribute the IPs? make a
pools-NAS-NAME entry which assigns your pools to the NAS and choose
the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I have
about a dozend MAX 2000/4000/6000/TNT with this setup).

Oliver.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP Pool Unused IPs deallocation?

[m0bius]

Hi there,


For once more I seem to be having a slight problem with
FreeRadius. During mostly times of high connectivity from the dialup
users some users they connect normally but only a few seconds later the
link fails and get an error for redialing without any reason.

I've noticed a few strange things while searching for this...First of
all while I get a Login OK line on radiusd.log there is absolutely
nothing passed obviously to radacct since the dialup admin does not show
the connection attempt (By comparing the time of the last successful
connections). 

I have the following IP Pool configuration:

ippool main_pool {
   range-start = 111.222.333.97
   range-stop = 111.222.333.189
   netmask = 255.255.255.0
   cache-size = 93
   session-db = ${raddbdir}/db.ippool
   ip-index = ${raddbdir}/db.ipindex
   override = yes
}

And also something like:

DEFAULT Service-Type == Framed-User,  Pool-Name := "main_pool"
Framed-MTU = 1500,
Service-Type = Framed-User,
Fall-Through = 1,
    Ascend-IP-Pool-Definition = "1 111.222.333.97 93"

So I've noticed the following. While running radiusd on debug mode the
rlm-ippool seems to assign ips correctly. However I've noticed that the
ips on the db.* files are not seem to be freed on Accounting Stop. For
example at this very moment radwho | wc -l returns a value of 12 while
rlm_ippool_tool -c db.ippool db.ipindex returns 62. Shouldn't the ips
not used anymore become free or am I missing something more vital?

I cant seem to determine what is going on. I fear that there may be a
problem regarding the Ascend Lucent Max 6000 we are using that causes
the disconnections, since by reading past threads it seems that the
Ascend Maxes do not always work as they should be. But since the
configurations are enormous I would like to make sure that the radius is
configured properly so that I could focus on the Nases.  

Anyway I would be most grateful for any hints given that could finally
finish the radius issue for me once and for good :-)

Regards,
Paris Stamatopoulos




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: freeradius send only one Ascend-IP-Pool-Definition

[Chris Brotsos]

At 07:30 AM 9/26/2003, you wrote:
Hi,

please help. I want to send more than one IP-Pool-Definition to my
ascend box. Freeradius sends only one of them.
users-file:

"pools-Moritz"  Auth-Type := Local, User-Password =="secret"
Service-Type = Dialout-Framed-User,
        Ascend-IP-Pool-Definition = "1 111.111.100.129 70",
Ascend-IP-Pool-Definition = "2 111.111.101.0 32"
Use += for your operator



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

freeradius send only one Ascend-IP-Pool-Definition

[Hans Bornemann]

Hi,

please help. I want to send more than one IP-Pool-Definition to my
ascend box. Freeradius sends only one of them.

users-file:

"pools-Moritz"  Auth-Type := Local, User-Password =="secret"
Service-Type = Dialout-Framed-User, 
        Ascend-IP-Pool-Definition = "1 111.111.100.129 70",
Ascend-IP-Pool-Definition = "2 111.111.101.0 32"

debug mode:

auth: type Local
auth: user supplied User-Password matches local User-Password
Sending Access-Accept of id 34 to 111.111.111.60:1541
Service-Type = Outbound-User
Ascend-IP-Pool-Definition = "1 111.111.111.129 70"
Finished request 0

Thanks



-- 
Hans Bornemann

Universtitaet Dortmund
Hochschulrechenzentrum
August Schmidt Str. 12

44227 Dortmund

Tel. ++49 231 7552132
Fax. ++49 231 7552731


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ip-pool problem

[Kern Elvish]

I can't set ip-address for user.
When I recive Access-Request packet I add to Access-Accept reply field
"Framed-IP-Address = 192.168.164.164"
but my cisco (ubr7200) ignore it and set ip-address for user from
cisco-ip-pool.
I try to remove ip-pool on cisco, but in this way user don't create at all.
I try to send Access-Accept with and without "Framed-IP-Netmask",
"Framed-Protocol", "Service-Type".
Authorize and accounting work normal, if forget about manualy set ip-address
for some users.
I have freeradius 0.8.

rad_recv: Access-Request packet from host 192.168.164.34:1645, id=167,
length=170
NAS-IP-Address = 195.38.164.34
NAS-Port = 1
Cisco-NAS-Port = "Virtual-Access1*"
NAS-Port-Type = Virtual
User-Name = "kern"
Acct-Session-Id = "01C7"
MS-CHAP-Challenge = 0x09090acf9e70a853
MS-CHAP-Response = 0x540100 ... ecbb4a
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.164.164
...
...
Sending Access-Accept of id 167 to 192.168.164.34:1645
Framed-MTU = 576
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Compression = Van-Jacobson-TCP-IP
MS-CHAP-MPPE-Keys =
0xf03aa0dca9147c4f88a2f3bd8c51e766f90bbd3bcf4ea1e332bb3bf21b7d87cc
MS-MPPE-Encryption-Policy = 0x0001
MS-MPPE-Encryption-Types = 0x0006
Framed-IP-Netmask = 255.255.255.128
Framed-IP-Address = 192.168.164.254
...
...
rad_recv: Accounting-Request packet from host 192.168.164.34:1646, id=168,
length=114
NAS-IP-Address = 192.168.164.34
NAS-Port = 1
Cisco-NAS-Port = "Virtual-Access1*"
NAS-Port-Type = Virtual
User-Name = "kern"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Service-Type = Framed-User
Acct-Session-Id = "01C7"
Framed-Protocol = PPP
Framed-IP-Address = 192.168.164.164
Acct-Delay-Time = 0
...




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Lease IP-Pool

[Kostas Kalevras]

On Thu, 20 Feb 2003, Emilio Arenas wrote:

> We have problems with the lease in the ip-pool, alter two
> hours working, we receiving a message when the user try connect,
> "rlm_ippool: No available ip addresses in pool."
>
> It is possible establish a lease to ip-pool

1. Use the latest ippool version

2. Make sure you are not loosing accounting packets.

3. Post your ippool configuration along with your ip space requirements.

>
> Thanks.
>
> Emilio Arenas
> Network Administrator
> Spansurf 2000 S.L.
> email: [EMAIL PROTECTED]
> Telf: +34 952 669 300
> Fax:  +34 952 463 955
>
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Lease IP-Pool

[Emilio Arenas]

    We
have problems with the lease in the ip-pool, alter two hours working, we
receiving a message when the user try connect, “rlm_ippool:
No available ip addresses in pool.”

 

    It
is possible establish a lease to ip-pool

 

    Thanks.

 

   
Emilio Arenas
    Network Administrator
    Spansurf 2000 S.L.
    email: [EMAIL PROTECTED]
    Telf: +34 952 669 300
    Fax:  +34 952 463 955 

 

Re: AS5300, selecting IP pool

[Nader Skaros]

Hi Guys,

Evren: When looking at the cisco radius debug, There is no mention of
cisco-avpair (the dictionary is installed)
Im actually using ic-radius, which is almostthe same as free radius.

It seems as if radius isnt sending this information, or if it is, the cisco
box doesnt know about it.

Nader

> You just cant get radius send the required attribute or it sends the
> attribute but the as5300 somehow doesnt care?

> Here is a good example(although this is not actually freeradius)
> http://lists.cistron.nl/pipermail/cistron-radius/2001-July/001555.html

> Evren

On Wed, 8 Jan 2003, Nader Skaros wrote:

>
> Hi Guys,
>
> Im a bit of a newbie when it comes to access servers, but we have got a
cisco as5300 for our dialup customers and also our admin. We would like two
different ip-address pools, and securing users access using ACL's.
>
> Would anyone be able to give me a quick rundown on how to do this? I have
tried many different ways of doing this and in each case I just cant get
free radius to send the Cisco-AVPair attribute over. the nas keeps giving
ip's from the default pool
>
> Thanx in advance
> =)


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ip pool and netmasks with cicso as5400

[Scott_Knight]

I have a cisco as5400 with an ip pool setup for dynamic ip address
assignment.  For ip address assignment I use a script on the radius server
to lookup the ip in a file, if there isn't one it assigns 255.255.255.254.
Here are the default entries in the users file and the quick and very dirty
perl script...

DEFAULT Auth-Type := System
Fall-Through = 1

DEFAULT Service-Type == Framed-User
Framed-IP-Netmask = 255.255.252.0,
Framed-MTU = 1500,
Service-Type = Framed-User,
Exec-Program-Wait = "/usr/local/etc/raddb/getip.pl %u",
Fall-Through = Yes

DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

#!/usr/bin/perl

$user = $ARGV[0];

chop($pass = `grep -w ^$user /path/to/somefile`);
($userid, $f2, $pwd, $ip) = split(' ', $pass);

$ip = "255.255.255.254" unless $ip;
print "Framed-IP-Address = $ip,\n";
exit 0;
===

The correct ip address is being assigned to the client but the netmask is
not.  The addresses are a subnet of a class B and the mask that gets
assigned is always 255.255.0.0 instead of the 255.255.252.0 even thought
the radius server is sending the correct mask to the as5400.  Here is the
radius and ppp debugging output on the cisco:

*Jan 30 00:16:16.671: RADIUS/ENCODE(0075): ask "Username: "
*Jan 30 00:16:16.671: RADIUS/ENCODE(0075): send packet; GET_USER
*Jan 30 00:16:16.791: As1/78 PPP: Treating connection as a callin
*Jan 30 00:16:16.791: As1/78 PPP: Phase is ESTABLISHING, Passive Open
*Jan 30 00:16:16.791: As1/78 LCP: State is Listen
*Jan 30 00:16:16.799: As1/78 LCP: I CONFREQ [Listen] id 1 len 23
*Jan 30 00:16:16.799: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.799: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.799: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.799: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.799: As1/78 LCP:Callback 6  (0x0D0306)
*Jan 30 00:16:16.799: As1/78 LCP: O CONFREQ [Listen] id 1 len 24
*Jan 30 00:16:16.799: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.799: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:16.799: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:16.799: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.799: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.799: As1/78 LCP: O CONFREJ [Listen] id 1 len 7
*Jan 30 00:16:16.799: As1/78 LCP:Callback 6  (0x0D0306)
*Jan 30 00:16:16.903: As1/78 LCP: I CONFREQ [REQsent] id 2 len 20
*Jan 30 00:16:16.903: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.903: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.903: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.903: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:16.903: As1/78 LCP: O CONFACK [REQsent] id 2 len 20
*Jan 30 00:16:16.903: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:16.903: As1/78 LCP:MagicNumber 0x1EA24B6F
(0x05061EA24B6F)
*Jan 30 00:16:16.903: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:16.903: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.795: As1/78 LCP: TIMEout: State ACKsent
*Jan 30 00:16:18.795: As1/78 LCP: O CONFREQ [ACKsent] id 2 len 24
*Jan 30 00:16:18.795: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:18.795: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:18.795: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:18.795: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:18.795: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.883: As1/78 LCP: I CONFACK [ACKsent] id 2 len 24
*Jan 30 00:16:18.883: As1/78 LCP:ACCM 0x000A (0x0206000A)
*Jan 30 00:16:18.883: As1/78 LCP:AuthProto PAP (0x0304C023)
*Jan 30 00:16:18.883: As1/78 LCP:MagicNumber 0x9FF19824
(0x05069FF19824)
*Jan 30 00:16:18.883: As1/78 LCP:PFC (0x0702)
*Jan 30 00:16:18.883: As1/78 LCP:ACFC (0x0802)
*Jan 30 00:16:18.883: As1/78 LCP: State is Open
*Jan 30 00:16:18.883: As1/78 PPP: Phase is AUTHENTICATING, by this end
*Jan 30 00:16:18.895: As1/78 PAP: I AUTH-REQ id 1 len 19 from "iptest"
*Jan 30 00:16:18.895: As1/78 PAP: Authenticating peer iptest
*Jan 30 00:16:18.895: As1/78 PPP: Phase is FORWARDING, Attempting Forward
*Jan 30 00:16:18.895: As1/78 PPP: Phase is AUTHENTICATING, Unauthenticated
User
*Jan 30 00:16:18.895: RADIUS/ENCODE: Attribute has no value set for AAA
attribute clid
*Jan 30 00:16:18.895: RADIUS:  AAA Unsupported [91]  21
*Jan 30 00:16:18.895: RADIUS:   41 73 79 6E 63 31 2F 37 38 2A 53 65 72 69
61 6C  [Async1/78*Serial]
*Jan 30 00:16:18.895: RADIUS:   37 2F 31
[7/1]
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): Unsupported AAA attribute
parent-interface
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): Unsupported AAA attribute
parent-interface-type
*Jan 30 00:16:18.895: RADIUS/ENCODE(0075): acc

Re: AS5300, selecting IP pool

[Evren Yurtesen]

You just cant get radius send the required attribute or it sends the
attribute but the as5300 somehow doesnt care?

Here is a good example(although this is not actually freeradius)
http://lists.cistron.nl/pipermail/cistron-radius/2001-July/001555.html

Evren

On Wed, 8 Jan 2003, Nader Skaros wrote:

> 
> Hi Guys,
> 
> Im a bit of a newbie when it comes to access servers, but we have got a cisco as5300 
>for our dialup customers and also our admin. We would like two different ip-address 
>pools, and securing users access using ACL's.
> 
> Would anyone be able to give me a quick rundown on how to do this? I have tried many 
>different ways of doing this and in each case I just cant get free radius to send the 
>Cisco-AVPair attribute over. the nas keeps giving ip's from the default pool
> 
> Thanx in advance
> =)
> 
> 
> MyVoice http://www.myvoiceonline.net
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sql version of IP pool

[Guillermo Schimmel]

Would it work with two (or n) radius servers and only one IP database?

If so, PLEASE let me use it.

Thanks


Guillermo



Allister Maguire wrote:

>Hello,
>
>We have been working on a sql version of the ip pool module for our own
>use, a little more testing and it will be done.
>
>Would anyone else be interested in using it?
>
>Regards
>Allister P Maguire
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>  
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Sql version of IP pool

[Vector]

YES!!

- Original Message -
From: "Allister Maguire" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 11, 2002 4:49 PM
Subject: Sql version of IP pool


Hello,

We have been working on a sql version of the ip pool module for our own
use, a little more testing and it will be done.

Would anyone else be interested in using it?

Regards
Allister P Maguire

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Sql version of IP pool

[Allister Maguire]

Hello,

We have been working on a sql version of the ip pool module for our own
use, a little more testing and it will be done.

Would anyone else be interested in using it?

Regards
Allister P Maguire

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP pool problem, please help

[Kostas Kalevras]

On Thu, 10 Oct 2002, Andrew Kelaidis wrote:

> I have installed the freeRADIUS server and I 'm using the rlm_ippool module.
> Everything works fine until one account-stop packet had been lost. The user
> was log out but the dialup admin interface shows him as online and active in
> finger page. I remove the correct record from the radacct table so the user
> went offline. The problem is that the server had assigned him an ip address
> and when the user is trying to login again, the following error message
> appears:
> "The server did not assign an IP Address, error 738"
>
> I know that the ippool module keeps two files (not text files) with
> information about used IP addresses. I think that the "stacked" user can't
> login because the server has already assign him an ipaddress. Is there any
> ways to solve this problem? Please help...
>
> Andrew Kelaidis

I am not sure that is the problem. The ippool modules uses the nas/port
combination as the key not the username. If you login in the same nas/port the
module will deallocate the corresponding IP.
You could run your server in debug mode and watch the output when the user logs
in. That should help you find the problem.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP pool problem, please help

[Tim]

Can someone please post a copy of the output from radiusd -X  when a 
simultaneous login is detected, and freeradius runs the checkrad prog ..

thx ...





Tim Fraser

*
Relax Internet
Internet Service Provider (dial-up & ADSL) / Web Hosting
www.relax.com.au

*



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP pool problem, please help

[Andrew Kelaidis]

I have installed the freeRADIUS server and I 'm using the rlm_ippool module. 
Everything works fine until one account-stop packet had been lost. The user 
was log out but the dialup admin interface shows him as online and active in 
finger page. I remove the correct record from the radacct table so the user 
went offline. The problem is that the server had assigned him an ip address 
and when the user is trying to login again, the following error message 
appears:
"The server did not assign an IP Address, error 738"

I know that the ippool module keeps two files (not text files) with 
information about used IP addresses. I think that the "stacked" user can't 
login because the server has already assign him an ipaddress. Is there any 
ways to solve this problem? Please help...

Andrew Kelaidis

_
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ip pool assignment for AS5300

[ho k]

Hi 

How can user "abc"'s IP be assigned from radius
instead of from AS5300

User profile for user "abc":

abcAuth-Type := Local, Password == "abc"
   Service-Type = Framed-User,
   Framed-Protocol = PPP,
   Framed-IP-Address = 192.168.59.192,
   Framed-IP-Netmask = 255.255.255.255,
   Framed-Routing = Broadcast-Listen,
   Framed-MTU = 1500

and AS5300 configuration:

aaa authentication login default radius
aaa authentication ppp default radius
aaa authorization exec default if-authenticated radius
aaa authorization network default if-authenticated
radius
aaa accounting update newinfo
aaa accounting exec default start-stop radius
aaa accounting network default wait-start radius

...
interface Group-Async1
 ip unnumbered Ethernet0
 no ip directed-broadcast
 encapsulation ppp
 async default routing
 async mode interactive
 no peer default ip address
 no cdp enable
 ppp authentication pap
 group-range 1 30

Regards
K


___
Do You Yahoo!?
Get your free @yahoo.com.hk address at http://mail.english.yahoo.com.hk

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco Ip Pool from LDAP

[glozano]

I agree
it sounds crazy!!

We will try thanks a lot



___
Gustavo A. Lozano
Noldata
CTO

I know not with what weapons World War III will be fought,
but World War IV will be fought with sticks and stones. 
Albert Einstein

On Fri, 6 Sep 2002, Kostas Kalevras wrote:

> On Fri, 6 Sep 2002 [EMAIL PROTECTED] wrote:
> 
> > What we want is to Assign the Pool from Ldap.
> > The cisco has 3 pools configured with 3 different names.
> >
> > We want radius to tell the cisco to assign the ip address from
> > determinated pool to the users.
> >
> >
> > Radius is authenticauting everything well and sending the String
> > CiscoAssigngIpPool as attributte 208, but the cisto says Authorization
> > failed.
> >
> > If we remove the attribute ciscoAssignIpPool then it works.
> >
> > Regards
> >
> > Gustavo
> 
> We are using cisco av pair for the same job:
> Cisco-AVPair := "ip:addr-pool=dialin_pool"
> 
> We had the same problem and we got the folowing really crazy solution from
> cisco:
> 
> Remove Framed-IP-Address = 255.255.255.254 from the reply packet. So try
> removing the framed-ip-address attribute from your access-accept. Maybe this
> will solve your problem.
> 
> --
> Kostas Kalevras   Network Operations Center
> [EMAIL PROTECTED]National Technical University of Athens, Greece
> Work Phone:   +30 10 7721861
> 'Go back to the shadow'   Gandalf
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco Ip Pool from LDAP

[Kostas Kalevras]

On Fri, 6 Sep 2002 [EMAIL PROTECTED] wrote:

> What we want is to Assign the Pool from Ldap.
> The cisco has 3 pools configured with 3 different names.
>
> We want radius to tell the cisco to assign the ip address from
> determinated pool to the users.
>
>
> Radius is authenticauting everything well and sending the String
> CiscoAssigngIpPool as attributte 208, but the cisto says Authorization
> failed.
>
> If we remove the attribute ciscoAssignIpPool then it works.
>
> Regards
>
> Gustavo

We are using cisco av pair for the same job:
Cisco-AVPair := "ip:addr-pool=dialin_pool"

We had the same problem and we got the folowing really crazy solution from
cisco:

Remove Framed-IP-Address = 255.255.255.254 from the reply packet. So try
removing the framed-ip-address attribute from your access-accept. Maybe this
will solve your problem.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco Ip Pool from LDAP

[glozano]

What we want is to Assign the Pool from Ldap.
The cisco has 3 pools configured with 3 different names.

We want radius to tell the cisco to assign the ip address from
determinated pool to the users.


Radius is authenticauting everything well and sending the String
CiscoAssigngIpPool as attributte 208, but the cisto says Authorization 
failed.

If we remove the attribute ciscoAssignIpPool then it works.

Regards

Gustavo



___
Gustavo A. Lozano
Noldata
CTO

I know not with what weapons World War III will be fought,
but World War IV will be fought with sticks and stones. 
Albert Einstein

On Fri, 6 Sep 2002, Kostas Kalevras wrote:

> On 5 Sep 2002, Gustavo Lozano wrote:
> 
> > Hello
> >
> > I want to know if something has managed to obtain the CiscoAssignIpPool
> > from LDAP
> >
> > Dont know why I cant get it working, but seems something with the AV
> > Pairs stuff.
> >
> > Regards
> >
> > Gustavo
> 
> You really don't provide enough information. What is CiscoAssignIpPool?
> Have you added it in the ldap schema and in ldap.attrmap or do you add it
> as a generic item? Can you post an entry that contains it? What output do you
> get when you run the server in debug mode (radiusd -X)?
> 
> --
> Kostas Kalevras   Network Operations Center
> [EMAIL PROTECTED]National Technical University of Athens, Greece
> Work Phone:   +30 10 7721861
> 'Go back to the shadow'   Gandalf
> 
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Cisco Ip Pool from LDAP

[Kostas Kalevras]

On 5 Sep 2002, Gustavo Lozano wrote:

> Hello
>
> I want to know if something has managed to obtain the CiscoAssignIpPool
> from LDAP
>
> Dont know why I cant get it working, but seems something with the AV
> Pairs stuff.
>
> Regards
>
> Gustavo

You really don't provide enough information. What is CiscoAssignIpPool?
Have you added it in the ldap schema and in ldap.attrmap or do you add it
as a generic item? Can you post an entry that contains it? What output do you
get when you run the server in debug mode (radiusd -X)?

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Cisco Ip Pool from LDAP

[Gustavo Lozano]

Hello

I want to know if something has managed to obtain the CiscoAssignIpPool
from LDAP

Dont know why I cant get it working, but seems something with the AV
Pairs stuff.

Regards

Gustavo 



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool

[Kostas Kalevras]

On Thu, 22 Aug 2002, [iso-8859-1] ho k wrote:

> Hi
>
> The connection is still failed after changing the
> order in radiusd.conf and debug output as:
>
> DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type :=
> Accept, Pool-Name = "RAS"
> Service-Type = Framed-User,
> Framed-MTU = 1500,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Compression = Van-Jacobson-TCP-IP

Try changing Pool-Name = "RAS" to
Pool-Name := "RAS"

>
> but there is no problem of the connection for change
> the config to:
>
> DEFAULT Auth-Type := Accept
> Service-Type = Framed-User,
> Framed-IP-Address = 192.168.59.192+,
> Framed-MTU = 1500,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Compression = Van-Jacobson-TCP-IP
>
> Another question that may it work for this entry in
> "users" config:
> DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type :=
> System, Pool-Name = "RAS_1"
> Service-Type = Framed-User,
> Framed-MTU = 1500,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Compression = Van-Jacobson-TCP-IP
>
> DEFAULT NAS-IP-Address == 192.168.59.245, Auth-Type :=
> System, Pool-Name = "RAS_2"
> Service-Type = Framed-User,
> Framed-MTU = 1500,
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-Compression = Van-Jacobson-TCP-IP
>
> when I have two RAS which ip 192.168.59.244 and
> 192.168.59.255 are. They would assign separate ip
> range to two group of dialup users
>
> k

If you create two ippool instances named RAS_1 and RAS_2 you shouldn't have any
problems.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: IP Pool Question

[rakesh jha]

Title: RE: IP Pool Question





Thanks for the reply. However after modifying the pool range, I changed the users file as follwoing:
    Normaluser      Auth-Type :=local, password =="y"
    Service-type = framed,
    Framed-protocol = PPP,
    Framed-IP-Address = 255.255.255.254,
    Framed-IP-netmask = 255.255.255.255,
                Framed-Compression = Van-Jacobson-TCP-IP,
                Fall-Through = Yes,
                session-timeout = 1800


With this configuration I tried two PCs simulataneously and all the time I kept on getting IP x.x.x.254 on both PCs. According to the write up users should have been assigned different IP from the pool defined in Cisco 5300. 

Any clue?


Thanks


Rakesh


-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kostas
Kalevras
Sent: Wednesday, August 21, 2002 3:10 PM
To: '[EMAIL PROTECTED]'
Subject: Re: IP Pool Question



On Wed, 21 Aug 2002, rakesh jha wrote:


> Hello Radius Gurus,
>
> I need your help. I have just downloaded and installed freeradius 7 with
> rlm_ippool. I have following situation:
> We have defined an ip pool on Cisco 5300 from x.x.x.195 to x.x.x.254 with
> mask 255.255.255.192.
> We want IP from x.x.x.195 to x.x.x.214 statically to the privilege dial-in
> users and IP from x.x.x.215 to x.x.x.254 dynamically to other normal users.
> For normal users duplicate users ID is allowed.


Why not just define an IP pool in the 5300 from x.x.x.215 to x.x.x.254 and just
add a reply item of
Framed-IP-Address = 255.255.255.254 in the normal user entries. There's no real
reason in using the ippool module.
If you have more than one IP pools in your 5300 you could also send back a cisco
avpair like this:
Cisco-AVPair := "ip:addr-pool=my_pool_name"


Hope it helps


--
Kostas Kalevras     Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone:     +30 10 7721861
'Go back to the shadow' Gandalf


>
> To achieve this I am doing following.
>
> 1. In radiusd.conf I have added following:
>       usercollide = yes
>       compat = cistron
>
>       Ippool    {
>       Range-start = x.x.x.215
>       Range-stop = x.x.x.254
>       Netmask = 255.255.255.192
>       Cache-size = 800
>       Session-db = ${raddbdir}/db.ippool
>       Ip-index = ${raddbdir}/db.ip-index
>       }
>
> 2. In users file I have added following:
>
>   Privilegeuser   Auth-Type :=local, passwoed =="x"
>   Framed-IP-Address = x.x.x.195
>   Framed-IP-netmask = 255.255.255.255
>       Fall-through = yes
>
>   Normaluser          Auth-Type :=local, passwoed
> =="y"
>   Service-type = framed
>   Framed-protocol = PPP
>   Session-timeout =1800
>
>
>
> The whole idea is that mormaluser should get IP starting from x.x.x.215 till
> x.x.x.254 only and after that which ever is unused in range from 215 - 254.
> In my existing RADIUS server for normal users I have configured
> Framed-IP-Address = x.x.x.215+ and user may get IP beyond our subnet.
>
> Seeing the configuration, please confirm following:
>
>
>
> 1    Will this work OK
> 2.   The normaluser will get IP from range x.x.x.215 - x.x.x.254
>
> Thanks
>
> Rakesh Jha
> Kuwait
>
> ---
> Disclaimer:
> Any non official business related views, opinions  or other information
> presented in this electronic mail  are solely those of the sender/author.
> Burgan Bank does not endorse or accept responsibility for these opinions,
> views or conclusion.
>  If you are not the addressee indicated in this electronic mail or
> responsible for delivering this electronic message to the intended
> recipient,  you should delete this message and notify the sender
> immediately.
>
> Burgan Bank
> 
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



If you are not the addressee indicated in this electronic mail or
responsible for delivering this electronic message to the intended
recipient,  you should delete this message and notify the sender
immediately.

Re: ip pool

[ho k]

Hi

The connection is still failed after changing the
order in radiusd.conf and debug output as:

Module: Loaded files
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile =
"/usr/local/etc/raddb/acct_users"
 files: compat = "no"
Module: Instantiated files (files)
Module: Loaded IPPOOL
 ippool: session-db = "/usr/local/etc/raddb/db.ippool"
 ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
 ippool: range-start = 192.168.59.193 IP address
[192.168.59.193]
 ippool: range-stop = 192.168.59.195 IP address
[192.168.59.195]
 ippool: netmask = 255.255.255.0 IP address
[255.255.255.0]
 ippool: cache-size = 3
Module: Instantiated ippool (RAS)
Module: Loaded detail
 detail: detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename =
"/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Listening on IP address *, ports 1812/udp and
1813/udp, with proxy on 1814/udp.
Ready to process requests.


rad_recv: Access-Request packet from host
192.168.59.244:1093, id=58, length=73
User-Name = "noki"
User-Password =
"\3713\363tW\257\223^g%\0261A\254\211"
NAS-Port = 0
Framed-Protocol = PPP
NAS-Identifier = "AUD_AGENT"
NAS-Port-Type = Async
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm NULL for User-Name =
"noki"
rlm_realm: No such realm NULL
 modcall[authorize]: module "suffix" returns noop
users: Matched DEFAULT at 185
users: Matched DEFAULT at 211
users: Matched DEFAULT at 223
 modcall[authorize]: module "files" returns ok
 modcall[authorize]: module "RAS" returns noop
modcall: group authorize returns ok
  rad_check_password:  Found Auth-Type System
auth: type "System"
modcall: entering group authenticate
  modcall[authenticate]: module "unix" returns
notfound
modcall: group authenticate returns notfound
auth: Failed to validate the user.
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 58 to 192.168.59.244:1093
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 58 with timestamp 3d645b5f
Nothing to do.  Sleeping until we see a request.

Here is the context of radiusd.conf:
module {
   pam {...
   }
   unix {...
   }
   eap {...
   }

   ...
   (different modules in here)
   

   ippool RAS {
range-start = 192.168.59.193
range-stop = 192.168.59.195
netmask = 255.255.255.0
cache-size = 3
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
}

authorize {
preprocess
eap
suffix
files
RAS
}
authenticate {
unix
}
accounting {
detail
#   counter
unix
RAS
radutmp
}

and context of "users":

DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type :=
Accept, Pool-Name = "RAS"
Service-Type = Framed-User,
Framed-MTU = 1500,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

but there is no problem of the connection for change
the config to:
 
DEFAULT Auth-Type := Accept
Service-Type = Framed-User,
Framed-IP-Address = 192.168.59.192+,
Framed-MTU = 1500,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

Another question that may it work for this entry in
"users" config:
DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type :=
System, Pool-Name = "RAS_1"
Service-Type = Framed-User,
Framed-MTU = 1500,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

DEFAULT NAS-IP-Address == 192.168.59.245, Auth-Type :=
System, Pool-Name = "RAS_2"
Service-Type = Framed-User,
Framed-MTU = 1500,
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP

when I have two RAS which ip 192.168.59.244 and
192.168.59.255 are. They would assign separate ip
range to two group of dialup users

k

 --- Kostas Kalevras <[EMAIL PROTECTED]> wrote: > On
Wed, 21 Aug 2002, [iso-8859-1] ho k wrote:
> 
> > Dear All
> >
> > Can you point out the mistake about ip assignment
> from
> > radius side. Parts of radiusd.conf are as follows:
> >
> > 
> > authorize {
> > preprocess
> > suffix
> > files

Re: ip pool

[Kostas Kalevras]

On Wed, 21 Aug 2002, [iso-8859-1] ho k wrote:

> Dear All
>
> Can you point out the mistake about ip assignment from
> radius side. Parts of radiusd.conf are as follows:
>
> 
> authorize {
> preprocess
> suffix
> files
> RAS
> ippool RAS {
> range-start = 192.168.59.193
> range-stop = 192.168.59.195
> netmask = 255.255.255.0
> cache-size = 3
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> }
> }
>
> and failure connection output as:
> rad_recv: Access-Request packet from host
> 192.168.59.244:1083, id=49, lengt
> h=71
> User-Name = "bb"
> User-Password =
> "\323\317\322\267\272\330\014t\365\223\337\004i\022
> \273"
> NAS-Port = 0
> Framed-Protocol = PPP
> NAS-Identifier = "AUD_AGENT"
> NAS-Port-Type = Async
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess" returns ok
>   modcall[authorize]: module "RAS" returns noop
> rlm_realm: Looking up realm NULL for User-Name =
> "bb"
> rlm_realm: No such realm NULL
>   modcall[authorize]: module "suffix" returns noop
> users: Matched DEFAULT at 171
> users: Matched DEFAULT at 197
> users: Matched DEFAULT at 209
>   modcall[authorize]: module "files" returns ok
> modcall: group authorize returns ok

>From the modcall[authorize] messages it seems that your authorize section is

authorize{
preprocess
RAS
suffix
files
}

whilst it should be

authorize{
preprocess
suffix
files
RAS
}

>
> and the "usess" file as:
>
> DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type :=
> Accept, Pool-Name = "RAS"

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ip pool

[ho k]

Dear All

Can you point out the mistake about ip assignment from
radius side. Parts of radiusd.conf are as follows:

 
authorize {
preprocess
suffix
files
RAS
ippool RAS {
range-start = 192.168.59.193
range-stop = 192.168.59.195
netmask = 255.255.255.0
cache-size = 3
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
}

accounting {
#   acct_unique
detail
#   counter
unix
RAS
ippool RAS {
range-start = 192.168.59.193
range-stop = 192.168.59.195
netmask = 255.255.255.0
cache-size = 3
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
radutmp
#   sradutmp

and the debug output as:

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file:
/usr/local/etc/raddb/proxy.conf
Config:   including file:
/usr/local/etc/raddb/clients.conf
Config:   including file:
/usr/local/etc/raddb/snmp.conf
Config:   including file:
/usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacctdir =
"/usr/local/var/log/radius/radacct"
 main: hostname_lookups = no
read_config_files:  reading dictionary
read_config_files:  reading clients
read_config_files:  reading realms
read_config_files:  reading naslist
 main: max_request_time = 30
 main: cleanup_delay = 5
 main: max_requests = 1024
 main: delete_blocked_requests = 0
 main: port = 0
 main: allow_core_dumps = no
 main: log_stripped_names = no
 main: log_auth = no
 main: log_auth_badpass = no
 main: log_auth_goodpass = no
 main: pidfile =
"/usr/local/var/run/radiusd/radiusd.pid"
 main: user = "(null)"
 main: group = "(null)"
 main: usercollide = no
 main: lower_user = "no"
 main: lower_pass = "no"
 main: nospace_user = "no"
 main: nospace_pass = "no"
 main: proxy_requests = yes
 proxy: retry_delay = 5
 proxy: retry_count = 3
 proxy: synchronous = no
 proxy: default_fallback = yes
 proxy: dead_time = 120
 security: max_attributes = 200
 security: reject_delay = 1
 main: debug_level = 0
read_config_files:  entering modules setup
Module: Library search path is /usr/local/lib
Module: Loaded System
 unix: cache = yes
 unix: passwd = "/etc/passwd"
 unix: shadow = "/etc/shadow"
 unix: group = "/etc/group"
 unix: radwtmp = "/usr/local/var/log/radius/radwtmp"
 unix: usegroup = no
 unix: cache_reload = 600
HASH:  Reinitializing hash structures and lists for
caching...
  HASH:  user root found in hashtable bucket 11726
  HASH:  user daemon found in hashtable bucket 11668
  HASH:  user bin found in hashtable bucket 86651
  HASH:  user sys found in hashtable bucket 64201
  HASH:  user adm found in hashtable bucket 26466
  HASH:  user lp found in hashtable bucket 54068
  HASH:  user uucp found in hashtable bucket 38541
  HASH:  user nuucp found in hashtable bucket 74587
  HASH:  user listen found in hashtable bucket 49327
  HASH:  user nobody found in hashtable bucket 99723
  HASH:  user noaccess found in hashtable bucket 80609
  HASH:  user nobody4 found in hashtable bucket 84789
  HASH:  user bbuser found in hashtable bucket 55147
  HASH:  user log found in hashtable bucket 40576
  HASH:  user mysql found in hashtable bucket 46314
  HASH:  user nokia found in hashtable bucket 87202
HASH:  Stored 16 entries from /etc/passwd
HASH:  Stored 19 entries from /etc/group
Module: Instantiated unix (unix)
Module: Loaded preprocess
 preprocess: huntgroups =
"/usr/local/etc/raddb/huntgroups"
 preprocess: hints = "/usr/local/etc/raddb/hints"
 preprocess: with_ascend_hack = no
 preprocess: ascend_channels_per_line = 23
 preprocess: with_ntdomain_hack = no
 preprocess: with_specialix_jetstream_hack = no
 preprocess: with_cisco_vsa_hack = no
Module: Instantiated preprocess (preprocess)
Module: Loaded realm
 realm: format = "suffix"
 realm: delimiter = "@"
Module: Instantiated realm (suffix)
Module: Loaded files
 files: usersfile = "/usr/local/etc/raddb/users"
 files: acctusersfile =
"/usr/local/etc/raddb/acct_users"
 files: compat = "no"
Module: Instantiated files (files)
ERROR: Cannot find a configuration entry for module
"RAS".
#

however, when I put the "ippool RAS" section in
"module" section of radiusd.conf. the debug out as

Starting - reading configuration files ...
reread_config:  reading radiusd.conf
Config:   including file:
/usr/local/etc/raddb/proxy.conf
Config:   including file:
/usr/local/etc/raddb/clients.conf
Config:   including file:
/usr/local/etc/raddb/snmp.conf
Config:   including file:
/usr/local/etc/raddb/sql.conf
 main: prefix = "/usr/local"
 main: localstatedir = "/usr/local/var"
 main: logdir = "/usr/local/var/log/radius"
 main: libdir = "/usr/local/lib"
 main: radacc

Re: IP Pool Question

[Kostas Kalevras]

On Wed, 21 Aug 2002, rakesh jha wrote:

> Hello Radius Gurus,
>
> I need your help. I have just downloaded and installed freeradius 7 with
> rlm_ippool. I have following situation:
> We have defined an ip pool on Cisco 5300 from x.x.x.195 to x.x.x.254 with
> mask 255.255.255.192.
> We want IP from x.x.x.195 to x.x.x.214 statically to the privilege dial-in
> users and IP from x.x.x.215 to x.x.x.254 dynamically to other normal users.
> For normal users duplicate users ID is allowed.

Why not just define an IP pool in the 5300 from x.x.x.215 to x.x.x.254 and just
add a reply item of
Framed-IP-Address = 255.255.255.254 in the normal user entries. There's no real
reason in using the ippool module.
If you have more than one IP pools in your 5300 you could also send back a cisco
avpair like this:
Cisco-AVPair := "ip:addr-pool=my_pool_name"

Hope it helps

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf

>
> To achieve this I am doing following.
>
> 1. In radiusd.conf I have added following:
>   usercollide = yes
>   compat = cistron
>
>   Ippool{
>   Range-start = x.x.x.215
>   Range-stop = x.x.x.254
>   Netmask = 255.255.255.192
>   Cache-size = 800
>   Session-db = ${raddbdir}/db.ippool
>   Ip-index = ${raddbdir}/db.ip-index
>   }
>
> 2. In users file I have added following:
>
>   Privilegeuser   Auth-Type :=local, passwoed =="x"
>   Framed-IP-Address = x.x.x.195
>   Framed-IP-netmask = 255.255.255.255
>   Fall-through = yes
>
>   Normaluser  Auth-Type :=local, passwoed
> =="y"
>   Service-type = framed
>   Framed-protocol = PPP
>   Session-timeout =1800
>
>
>
> The whole idea is that mormaluser should get IP starting from x.x.x.215 till
> x.x.x.254 only and after that which ever is unused in range from 215 - 254.
> In my existing RADIUS server for normal users I have configured
> Framed-IP-Address = x.x.x.215+ and user may get IP beyond our subnet.
>
> Seeing the configuration, please confirm following:
>
>
>
> 1Will this work OK
> 2.   The normaluser will get IP from range x.x.x.215 - x.x.x.254
>
> Thanks
>
> Rakesh Jha
> Kuwait
>
> ---
> Disclaimer:
> Any non official business related views, opinions  or other information
> presented in this electronic mail  are solely those of the sender/author.
> Burgan Bank does not endorse or accept responsibility for these opinions,
> views or conclusion.
>  If you are not the addressee indicated in this electronic mail or
> responsible for delivering this electronic message to the intended
> recipient,  you should delete this message and notify the sender
> immediately.
>
> Burgan Bank
> 
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP Pool Question

[rakesh jha]

Title: IP Pool Question





Hello Radius Gurus,


I need your help. I have just downloaded and installed freeradius 7 with rlm_ippool. I have following situation:
We have defined an ip pool on Cisco 5300 from x.x.x.195 to x.x.x.254 with mask 255.255.255.192.
We want IP from x.x.x.195 to x.x.x.214 statically to the privilege dial-in users and IP from x.x.x.215 to x.x.x.254 dynamically to other normal users. For normal users duplicate users ID is allowed.

To achieve this I am doing following. 


1. In radiusd.conf I have added following:
        usercollide = yes
        compat = cistron


        Ippool    {
            Range-start = x.x.x.215
        Range-stop = x.x.x.254
        Netmask = 255.255.255.192
        Cache-size = 800
        Session-db = ${raddbdir}/db.ippool
        Ip-index = ${raddbdir}/db.ip-index
        }


2. In users file I have added following:
 
    Privilegeuser   Auth-Type :=local, passwoed =="x"
  Framed-IP-Address = x.x.x.195
  Framed-IP-netmask = 255.255.255.255
        Fall-through = yes


    Normaluser          Auth-Type :=local, passwoed =="y"
  Service-type = framed
  Framed-protocol = PPP
  Session-timeout =1800


 


The whole idea is that mormaluser should get IP starting from x.x.x.215 till x.x.x.254 only and after that which ever is unused in range from 215 - 254. In my existing RADIUS server for normal users I have configured Framed-IP-Address = x.x.x.215+ and user may get IP beyond our subnet.

Seeing the configuration, please confirm following:


 


1    Will this work OK
2.   The normaluser will get IP from range x.x.x.215 - x.x.x.254


Thanks 


Rakesh Jha
Kuwait







 Disclaimer: 

Any non 
official business related views, opinions or other information presented in this 
electronic mail are solely those of the sender/author. Burgan Bank does not 
endorse or accept responsibility for these opinions, views or conclusion. 

 
   

   
If you are not the addressee 
indicated in this electronic mail or responsible for delivering this electronic 
message to the intended recipient, you should delete this message and notify the 
sender immediately. 
Burgan Bank

Re: IP Pool questions

[Matias Ezequiel Fabiano]

I'm having a problem like Li Lin has. I need that the radius server assign
an IP address from a pool (172.25.6.2 /24) to each dial up subscriber, and
all the requirements will come from a NAS (There's no LAN behind
subscribers).
I see that the only IP that the server assigns is the one that i configure
in the attribute Framed-IP-Address. The question is: how I configure this
attribute for the user DEFAULT when I want the server do that? The
following doesnt't work

 DEFAULT Auth-Type := Local, User-Password == ""
  Service-Type = Framed-User,
  Framed-IP-Address = 172.25.6.2+,

If I'm wrong, can you explain me how to do what i want to do?.
Thanks

ŠËbú?²æìr¸›{û§²æìr¸›y'ž†Ûiÿü0ÁúÞz¶Šë(®åŠËºÇ«²f

RE: IP Pool questions

[Mark Hennessy]

Here's an example user named foo:

foo Auth-Type := System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 192.168.2.21,
Framed-Netmask = 255.255.255.252,
Framed-Route = "192.168.2.20/30 192.168.2.21 1",
Framed-Compression = Van-Jacobson-TCP-IP,
Idle-Timeout = 0,
Framed-MTU = 1500

Note the Framed-Route line.  /30 is equivalent to 255.255.255.252

This is just an example, you could use much larger blocks.

The subscriber would configure their equipment to use the IP address
192.168.2.21.  192.168.2.22 would be an IP usable within their LAN.
Remote gateway could be available in a larger network
specified by a more general netmask for the remote gateway where
appropriate.

Alternately, if you wish, you can do this:

foo Auth-Type := System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-Address = 192.168.2.2,
Framed-Netmask = 255.255.255.255,
Framed-Route = "192.168.3.0/28 192.168.2.2 1",
Framed-Compression = Van-Jacobson-TCP-IP,
Idle-Timeout = 0,
Framed-MTU = 1500

This would instead of providing a merged LAN IP block provide a
WAN/LAN-style structure, where you could give each dialup device their own
single IP and then forward blocks over those single IPs to their LAN.  In
this example, a /28 (13 usable addresses) is forwarded to this subscriber
for use in their LAN, they would have to have two separate interfaces, a
WAN interface for 192.168.2.2 and a LAN interface where they define one of
the IPs in the 192.168.3.0 block (such as 192.168.3.1).

--
 Mark P. Hennessy [EMAIL PROTECTED]

On Mon, 19 Aug 2002, Li Lin wrote:

> Date: Mon, 19 Aug 2002 17:43:31 -0400
> From: Li Lin <[EMAIL PROTECTED]>
> To: 'Mark Hennessy' <[EMAIL PROTECTED]>
> Cc: Li Lin <[EMAIL PROTECTED]>
> Subject: RE: IP Pool questions
>
> Hi Mark:
>
>  Yes, I am trying to set up a block of IPs to be passed to a subscriber.
>
>  Thanks
>
>  Li Lin
>
> -Original Message-
> From: Mark Hennessy [mailto:[EMAIL PROTECTED]]
> Sent: Monday, August 19, 2002 5:48 PM
> To: '[EMAIL PROTECTED]'
> Cc: Li Lin
> Subject: Re: IP Pool questions
>
> Are you trying to set up a block of IPs to be passed to a subscriber, or
> dynamically assign an IP from a pool to a subscriber?
>
> --
>  Mark P. Hennessy
> [EMAIL PROTECTED]
>
> On Mon, 19 Aug 2002, Li Lin wrote:
>
> > Date: Mon, 19 Aug 2002 17:38:10 -0400
> > From: Li Lin <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > To: "'[EMAIL PROTECTED]'"
> > <[EMAIL PROTECTED]>
> > Cc: Li Lin <[EMAIL PROTECTED]>
> > Subject: IP Pool questions
> >
> >
> > Dear Sir/Madam:
> >
> > I have a problem to setup IP pool. (The free radius server only assigns
> one
> > IP address)
> >
> > Could you please tell me:
> >
> > 1.  whether freeradius-0.3 supports IP pool or not?
> > 2.  any document for IP pool?
> >
> > Thanks
> >
> > Li Lin
> >
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP Pool questions

[Mark Hennessy]

Are you trying to set up a block of IPs to be passed to a subscriber, or
dynamically assign an IP from a pool to a subscriber?

--
 Mark P. Hennessy [EMAIL PROTECTED]

On Mon, 19 Aug 2002, Li Lin wrote:

> Date: Mon, 19 Aug 2002 17:38:10 -0400
> From: Li Lin <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: "'[EMAIL PROTECTED]'"
> <[EMAIL PROTECTED]>
> Cc: Li Lin <[EMAIL PROTECTED]>
> Subject: IP Pool questions
>
>
> Dear Sir/Madam:
>
> I have a problem to setup IP pool. (The free radius server only assigns one
> IP address)
>
> Could you please tell me:
>
> 1.whether freeradius-0.3 supports IP pool or not?
> 2.any document for IP pool?
>
> Thanks
>
> Li Lin
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP Pool questions

[Li Lin]

 

Dear Sir/Madam:

 

I have a problem to setup IP pool. (The free radius server
only assigns one IP address) 

 

Could you please tell me:

 


 whether freeradius-0.3 supports IP
 pool or not?
 any
 document for IP pool?


 

Thanks

 

Li Lin  

Re: IP pool

[Kostas Kalevras]

On Fri, 16 Aug 2002, Matias Ezequiel Fabiano wrote:

>
> Thanks, Kostas. That neither doesn't work.
> And I understand that if I put the attribute Pool-Name in the same line of
> the "User Name" (DEFAULT), the radius server will expect a IP Address, and
> I want that the radius server assigns it.

No, that happens if you use the matching operators ('==','!=' etc). If you set
it like this ('=',':=' etc) it gets added as a check item. Also _remove_ the
Framed-IP-Address from the reply items for the ippool module to work. It will
take care of handing out IP addresses.

> Is the attribute Framed-IP-Address correct? Because the server only assigns
> one address: 172.25.6.3, and if a second user tries to connect, the first
> get kicked out.
>
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP pool

[Matias Ezequiel Fabiano]

Thanks, Kostas. That neither doesn't work.
And I understand that if I put the attribute Pool-Name in the same line of
the "User Name" (DEFAULT), the radius server will expect a IP Address, and
I want that the radius server assigns it.
Is the attribute Framed-IP-Address correct? Because the server only assigns
one address: 172.25.6.3, and if a second user tries to connect, the first
get kicked out.





Kostas Kalevras <[EMAIL PROTECTED]>@lists.cistron.nl con fecha 16/08/2002
10:59:29

Por favor, responda a [EMAIL PROTECTED]

Enviado por:  [EMAIL PROTECTED]


Destinatarios:[EMAIL PROTECTED]
CC:
Asunto: Re: IP pool


On Fri, 16 Aug 2002, Matias Ezequiel Fabiano wrote:

>
> OK, the error in the Service-Type was corrected. But still doesn't work.
My
> users file is configured as follows, and I
> need that the radius server assigns the IP address from the pool
172.25.6.0 / 24. What is missing or wrong?
>
> DEFAULT Auth-Type := Local, User-Password == ""
>   Service-Type = Framed-User,
>   Framed-IP-Address = 172.25.6.2+
>
> Thanks

Please read again my previous email. I wrote:

>
> DEFAULT Auth-Type := Local, User-Password == "", Pool-Name
= "clientes"
^^
>
> Also the Service-Type assignment is wrong. Try reading 'man 5 users'

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone:   +30 10 7721861
'Go back to the shadow' Gandalf


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


.+-Šwèþ˛±ÊâmïîžË›±Êâmäžzm§ÿðÃëyêÚv+¬¢¸?–+-þë®Èmš

Re: IP pool

[Kostas Kalevras]

On Fri, 16 Aug 2002, Matias Ezequiel Fabiano wrote:

>
> OK, the error in the Service-Type was corrected. But still doesn't work. My
> users file is configured as follows, and I
> need that the radius server assigns the IP address from the pool 172.25.6.0 / 24. 
>What is missing or wrong?
>
> DEFAULT Auth-Type := Local, User-Password == ""
>   Service-Type = Framed-User,
>   Framed-IP-Address = 172.25.6.2+
>
> Thanks

Please read again my previous email. I wrote:

>
> DEFAULT Auth-Type := Local, User-Password == "", Pool-Name = "clientes"
^^
>
> Also the Service-Type assignment is wrong. Try reading 'man 5 users'

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP pool

[Matias Ezequiel Fabiano]

OK, the error in the Service-Type was corrected. But still doesn't work. My
users file is configured as follows, and I
need that the radius server assigns the IP address from the pool 172.25.6.0 / 24. What 
is missing or wrong?

DEFAULT Auth-Type := Local, User-Password == ""
  Service-Type = Framed-User,
  Framed-IP-Address = 172.25.6.2+

Thanks







Kostas Kalevras <[EMAIL PROTECTED]>@lists.cistron.nl con fecha 16/08/2002
00:24:35

Por favor, responda a [EMAIL PROTECTED]

Enviado por:  [EMAIL PROTECTED]


Destinatarios:[EMAIL PROTECTED]
CC:
Asunto: Re: IP pool


On Thu, 15 Aug 2002, Matias Ezequiel Fabiano wrote:

>
> Hello everybody,
>
> Alan, thanks for the answers.
> I have configured this, but still not work:
>
> * radius.conf
>
> ippool cientes {
> range-start = 172.25.6.2
> range-stop = 172.25.6.255
> netmask = 255.255.255.0
> cache-size = 800
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> }
>
> * users
>
> DEFAULT Auth-Type := Local, User-Password == ""
> Service-Type == Framed-User,
> Pool-Name = "clientes",
>
> Is it OK? Because I still have the same problem.
> If it's wrong, please tell me how to configure an ip pool for the users.
>
> Thanks a lot
>
> Matias

Try

DEFAULT Auth-Type := Local, User-Password == "", Pool-Name = "clientes"

Also the Service-Type assignment is wrong. Try reading 'man 5 users'

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone:   +30 10 7721861
'Go back to the shadow' Gandalf


-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


â²Ø§~ì¹»®&Þþéì¹»®&ÞI硶Úÿ0~·ž­§bºÊ+ƒùb²ßî±êì†Ù¥

Re: IP pool

[Kostas Kalevras]

On Thu, 15 Aug 2002, Matias Ezequiel Fabiano wrote:

>
> Hello everybody,
>
> Alan, thanks for the answers.
> I have configured this, but still not work:
>
> * radius.conf
>
> ippool cientes {
> range-start = 172.25.6.2
> range-stop = 172.25.6.255
> netmask = 255.255.255.0
> cache-size = 800
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> }
>
> * users
>
> DEFAULT Auth-Type := Local, User-Password == ""
> Service-Type == Framed-User,
> Pool-Name = "clientes",
>
> Is it OK? Because I still have the same problem.
> If it's wrong, please tell me how to configure an ip pool for the users.
>
> Thanks a lot
>
> Matias

Try

DEFAULT Auth-Type := Local, User-Password == "", Pool-Name = "clientes"

Also the Service-Type assignment is wrong. Try reading 'man 5 users'

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP pool

[Matias Ezequiel Fabiano]

Hello everybody,

Alan, thanks for the answers.
I have configured this, but still not work:

* radius.conf

ippool cientes {
range-start = 172.25.6.2
range-stop = 172.25.6.255
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}

* users

DEFAULT Auth-Type := Local, User-Password == ""
Service-Type == Framed-User,
Pool-Name = "clientes",

Is it OK? Because I still have the same problem.
If it's wrong, please tell me how to configure an ip pool for the users.

Thanks a lot

Matias




"Alan DeKok" <[EMAIL PROTECTED]>@lists.cistron.nl con fecha 15/08/2002 11:20:41

Por favor, responda a [EMAIL PROTECTED]

Enviado por:  [EMAIL PROTECTED]


Destinatarios:    [EMAIL PROTECTED]
CC:
Asunto: Re: IP pool


"Matias Ezequiel Fabiano" <[EMAIL PROTECTED]> wrote:
> When I start the radius daemon and users try to authenticate, the
> server only assigns one IP address (172.25.6.3), and therefore
> only one user can use the service at the same time.  The users
> file looks like this:

> DEFAULT Auth-Type := Local, User-Password == "adgj"
> Service-Type == Framed-User,
> Framed-IP-Address = 172.25.6.2+,

  That's not an IP pool.  It adds the NAS-Port to the IP address.

> Is the IP pool well defined? Thanks for the answers

  See the 'ippool' module, in radiusd.conf.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html


.+-Šwèþ˛±ÊâmïîžË›±Êâmäžzm§ÿðÃëyêÚv+¬¢¸?–+-þë®Èmš

Re: IP pool

[Alan DeKok]

"Matias Ezequiel Fabiano" <[EMAIL PROTECTED]> wrote:
> When I start the radius daemon and users try to authenticate, the
> server only assigns one IP address (172.25.6.3), and therefore
> only one user can use the service at the same time.  The users
> file looks like this:
 
> DEFAULT Auth-Type := Local, User-Password == "adgj"
> Service-Type == Framed-User,
> Framed-IP-Address = 172.25.6.2+,

  That's not an IP pool.  It adds the NAS-Port to the IP address.

> Is the IP pool well defined? Thanks for the answers

  See the 'ippool' module, in radiusd.conf.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP pool

[Matias Ezequiel Fabiano]

Hello,

When I start the radius daemon and users try to authenticate, the server
only assigns one IP address (172.25.6.3), and therefore only one user can
use the service at the same time.
The users file looks like this:

DEFAULT Auth-Type := Local, User-Password == "adgj"
Service-Type == Framed-User,
Framed-IP-Address = 172.25.6.2+,

Is the IP pool well defined? Thanks for the answers


La   información  contenida  en  este  correo  es  para  uso exclusivo de
los destinatarios  del  mismo. Está prohibido a  las personas o entidades
que no sean los destinatarios de este correo, realizar cualquier tipo de
modificación, copia o distribución del mismo.
Si  Ud. recibe este correo por error, tenga a  bien notificar al emisor y
eliminarlo.

This email is confidential and intended solely for the use of the
individual to whom it is addressed. Any views or opinions presented are
solely those of the author  and do not necessarily represent those of
Personal. If you are not the intended recipient, be advised that you have
received this email in error and that any use, dissemination, forwarding,
printing, or copying of this email is strictly prohibited. If you have
received this email in error please contact the sender.(Embedded image
moved to file: pic01866.pcx)



pic01866.pcx
Description: Binary data

Re: ip pool again

[Kostas Kalevras]

On Wed, 14 Aug 2002, Guillermo Schimmel wrote:

> Yes, it seems like I have several errors. Now Its working.
>
> Now, I have read that you can use the Pool-Name attribute to select one
> IP Address pool, that's why I started trying this.
> I have to share a NAS for Internet Access and VPN access and I'm going
> to do that by routing and firewalling, assigning different pools based
> on some like group.
>
> So, I define two (or more) pools in radiusd.conf like:
>
> ippool test1 { ...}
> ippool test2 { ...}
> ...
> ippool testn { ...}
>
> And I thought that in the authorization section I had to put "ippool",
> and it would take the Pool-Name attribute to choose a pool.
> But now It seems like I have to put one specific ip pool.
> Could you please tell me which is the correct usage of this feature?

ippool test1 { ... } ippool test2 { ... } are all instances of the ip pool
module. You have to add them all in the authorize and accounting sections in
radiusd.conf and use the Pool-Name attribute to select which one will run.

>
>
> Thank you very very much for your help.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool again

[Guillermo Schimmel]

Yes, it seems like I have several errors. Now Its working.

Now, I have read that you can use the Pool-Name attribute to select one 
IP Address pool, that's why I started trying this.
I have to share a NAS for Internet Access and VPN access and I'm going 
to do that by routing and firewalling, assigning different pools based 
on some like group.

So, I define two (or more) pools in radiusd.conf like:

ippool test1 { ...}
ippool test2 { ...}
...
ippool testn { ...}

And I thought that in the authorization section I had to put "ippool", 
and it would take the Pool-Name attribute to choose a pool.
But now It seems like I have to put one specific ip pool.
Could you please tell me which is the correct usage of this feature?


Thank you very very much for your help.



Kostas Kalevras wrote:

>On Wed, 14 Aug 2002, Guillermo Schimmel wrote:
>
>  
>
>>Module: Loaded IPPOOL
>> ippool: session-db = "/usr/local/etc/raddb/db.ippool"
>> ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
>> ippool: range-start = 10.170.201.1 IP address [10.170.201.1]
>> ippool: range-stop = 10.170.200.254 IP address [10.170.200.254]
>> ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
>> ippool: cache-size = 254
>>rlm_ippool: Invalid configuration data given.
>>radiusd.conf[330]: prueba: Module instantiation failed.
>>
>>
>
>Check your range-start. It should probable read 10.170.200.1. In any case it
>should not be an ip number lower than the range-stop.
>
>--
>Kostas KalevrasNetwork Operations Center
>[EMAIL PROTECTED] National Technical University of Athens, Greece
>Work Phone:+30 10 7721861
>'Go back to the shadow'Gandalf
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>  
>




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool again

[Kostas Kalevras]

On Wed, 14 Aug 2002, Guillermo Schimmel wrote:

> Module: Loaded IPPOOL
>  ippool: session-db = "/usr/local/etc/raddb/db.ippool"
>  ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
>  ippool: range-start = 10.170.201.1 IP address [10.170.201.1]
>  ippool: range-stop = 10.170.200.254 IP address [10.170.200.254]
>  ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
>  ippool: cache-size = 254
> rlm_ippool: Invalid configuration data given.
> radiusd.conf[330]: prueba: Module instantiation failed.

Check your range-start. It should probable read 10.170.200.1. In any case it
should not be an ip number lower than the range-stop.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool again

[Guillermo Schimmel]

Kostas Kalevras wrote:

>On Wed, 14 Aug 2002, Guillermo Schimmel wrote:
>
>  
>
>>authorize {
>>preprocess
>>files
>>ippool
>>chap
>>group {
>> ldap1 {
>> fail = 1
>> notfound = 2
>> noop = return
>> ok = return
>> updated  = return
>> reject   = return
>> userlock = return
>> invalid  = return
>> handled  = return
>>}
>> ldap2 {
>> fail = 1
>> notfound = 2
>> noop = return
>> ok   = return
>> updated  = return
>> reject   = return
>> userlock = return
>> invalid  = return
>> handled  = return
>>}
>>}
>>}
>>
>>accounting {
>>acct_unique
>>detail
>>sql
>>ippool
>>}
>>
>>
>
>Replace ippool with prueba and everything should work ok.
>  
>
Now the server doesn't start. It gives the following error:

Module: Loaded IPPOOL
 ippool: session-db = "/usr/local/etc/raddb/db.ippool"
 ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
 ippool: range-start = 10.170.201.1 IP address [10.170.201.1]
 ippool: range-stop = 10.170.200.254 IP address [10.170.200.254]
 ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
 ippool: cache-size = 254
rlm_ippool: Invalid configuration data given.
radiusd.conf[330]: prueba: Module instantiation failed.





>--
>Kostas KalevrasNetwork Operations Center
>[EMAIL PROTECTED] National Technical University of Athens, Greece
>Work Phone:+30 10 7721861
>'Go back to the shadow'Gandalf
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>  
>




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool again

[Kostas Kalevras]

On Wed, 14 Aug 2002, Guillermo Schimmel wrote:

> authorize {
> preprocess
> files
> ippool
> chap
> group {
>  ldap1 {
>  fail = 1
>  notfound = 2
>  noop = return
>  ok = return
>  updated  = return
>  reject   = return
>  userlock = return
>  invalid  = return
>  handled  = return
> }
>  ldap2 {
>  fail = 1
>  notfound = 2
>  noop = return
>  ok   = return
>  updated  = return
>  reject   = return
>  userlock = return
>  invalid  = return
>  handled  = return
> }
> }
> }
>
> accounting {
> acct_unique
> detail
> sql
> ippool
> }

Replace ippool with prueba and everything should work ok.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool again

[Guillermo Schimmel]

Kostas Kalevras wrote:

>On Wed, 14 Aug 2002, Guillermo Schimmel wrote:
>
>  
>
>>Yes, I have done so.
>>
>>Is this output OK? (The noop part)
>>
>>modcall: entering group authorize
>>  modcall[authorize]: module "preprocess" returns ok
>>  modcall[authorize]: module "files" returns notfound
>>  modcall[authorize]: module "ippool" returns noop
>>rlm_chap: Could not find proper Chap-Password attribute in request
>>  modcall[authorize]: module "chap" returns noop
>>modcall: entering group group
>>
>>Where else should I look?
>>
>>
>
>Please post the authorize and accounting sections of your radiusd.conf
>  
>
authorize {
preprocess
files
ippool
chap
group {
 ldap1 {
 fail = 1
 notfound = 2
 noop = return
 ok = return
 updated  = return
 reject   = return
 userlock = return
 invalid  = return
 handled  = return
}
 ldap2 {
 fail = 1
 notfound = 2
 noop = return
 ok   = return
 updated  = return
 reject   = return
 userlock = return
 invalid  = return
 handled  = return
}
}
}

accounting {
acct_unique
detail
sql
ippool
}

>  
>
>>Is there any documentation for the ippool module?
>>
>>
>
>Apart from the comments in the configuration file, no.
>
>--
>Kostas KalevrasNetwork Operations Center
>[EMAIL PROTECTED] National Technical University of Athens, Greece
>Work Phone:+30 10 7721861
>'Go back to the shadow'Gandalf
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>  
>




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool again

[Kostas Kalevras]

On Wed, 14 Aug 2002, Guillermo Schimmel wrote:

> Yes, I have done so.
>
> Is this output OK? (The noop part)
>
> modcall: entering group authorize
>   modcall[authorize]: module "preprocess" returns ok
>   modcall[authorize]: module "files" returns notfound
>   modcall[authorize]: module "ippool" returns noop
> rlm_chap: Could not find proper Chap-Password attribute in request
>   modcall[authorize]: module "chap" returns noop
> modcall: entering group group
>
> Where else should I look?

Please post the authorize and accounting sections of your radiusd.conf

>
> Is there any documentation for the ippool module?

Apart from the comments in the configuration file, no.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool again

[Guillermo Schimmel]

Kostas Kalevras wrote:

>On Tue, 13 Aug 2002, Guillermo Schimmel wrote:
>
>  
>
>>It still doesn't work.
>>
>>
>>
>>>Hi list:
>>>
>>>   I'm starting the tests with the ippool module.
>>>
>>>   I added this line on the users file:
>>>
>>>DEFAULT     NAS-IP-Address == "10.169.255.11",  Auth-Type :=
>>>Accept, Pool-Name := "prueba"
>>>
>>>   And created an IP pool:
>>>
>>>ippool prueba {
>>>   range-start = 10.170.200.1
>>>   range-stop =  10.170.200.254
>>>   netmask = 255.255.255.0
>>>   cache-size = 800
>>>   session-db = /raddb/db.ippool
>>>   ip-index = /raddb/db.ipindex
>>>}
>>>
>>>  
>>>
>>I can start the server and it works ok, but it doesn't reply with
>>the Framed-IP-Address attribute.
>>
>>
>>
>>>   What am I doing wrong?
>>>
>>>   I'm sorry if this is ANOTHER stupid question.
>>>
>>>   Thanks a lot for your time.
>>>
>>>
>>>Guillermo
>>>  
>>>
>
>Have you added the module in the authorize and accounting sections in
>radiusd.conf? Make sure also that ippool comes after the files module in the
>authorize section.
>  
>
Yes, I have done so.

Is this output OK? (The noop part)

modcall: entering group authorize
  modcall[authorize]: module "preprocess" returns ok
  modcall[authorize]: module "files" returns notfound
  modcall[authorize]: module "ippool" returns noop
rlm_chap: Could not find proper Chap-Password attribute in request
  modcall[authorize]: module "chap" returns noop
modcall: entering group group

Where else should I look?

Is there any documentation for the ippool module?


Thanks


Guillermo







>--
>Kostas KalevrasNetwork Operations Center
>[EMAIL PROTECTED] National Technical University of Athens, Greece
>Work Phone:+30 10 7721861
>'Go back to the shadow'Gandalf
>
>
>- 
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>  
>




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ip pool again

[Kostas Kalevras]

On Tue, 13 Aug 2002, Guillermo Schimmel wrote:

> It still doesn't work.
>
> >
> > Hi list:
> >
> >I'm starting the tests with the ippool module.
> >
> >I added this line on the users file:
> >
> > DEFAULT NAS-IP-Address == "10.169.255.11",  Auth-Type :=
> > Accept, Pool-Name := "prueba"
> >
> >And created an IP pool:
> >
> > ippool prueba {
> >range-start = 10.170.200.1
> >range-stop =  10.170.200.254
> >netmask = 255.255.255.0
> >cache-size = 800
> >session-db = /raddb/db.ippool
> >ip-index = /raddb/db.ipindex
> > }
> >
> I can start the server and it works ok, but it doesn't reply with
> the Framed-IP-Address attribute.
>
> >What am I doing wrong?
> >
> >I'm sorry if this is ANOTHER stupid question.
> >
> >Thanks a lot for your time.
> >
> >
> > Guillermo

Have you added the module in the authorize and accounting sections in
radiusd.conf? Make sure also that ippool comes after the files module in the
authorize section.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ip pool again

[Guillermo Schimmel]

It still doesn't work.

>
> Hi list:
>
>I'm starting the tests with the ippool module.
>
>I added this line on the users file:
>
> DEFAULT NAS-IP-Address == "10.169.255.11",  Auth-Type := 
> Accept, Pool-Name := "prueba"
>
>And created an IP pool:
>
> ippool prueba {
>range-start = 10.170.200.1
>range-stop =  10.170.200.254
>netmask = 255.255.255.0
>cache-size = 800
>session-db = /raddb/db.ippool
>ip-index = /raddb/db.ipindex
> }
>
I can start the server and it works ok, but it doesn't reply with 
the Framed-IP-Address attribute.

>What am I doing wrong?
>
>I'm sorry if this is ANOTHER stupid question.
>
>Thanks a lot for your time.
>
>
> Guillermo
>




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

SOLVED: Sorry: Re: ip pool: Unknown attribute Pool-Name

[Guillermo Schimmel]

I'm sorry.
This was really stupid.

I was using the old dictionary file, from fr 0.4.



Guillermo Schimmel wrote:

>
> Hi list:
>
>I'm starting the tests with the ippool module.
>
>I added this line on the users file:
>
> DEFAULT NAS-IP-Address == "10.169.255.11",  Auth-Type := 
> Accept, Pool-Name := "prueba"
>
>And created an IP pool:
>
> ippool prueba {
>range-start = 10.170.200.1
>range-stop =  10.170.200.254
>netmask = 255.255.255.0
>cache-size = 800
>session-db = /raddb/db.ippool
>ip-index = /raddb/db.ipindex
> }
>
>Now, when I start the server it says:
>
> /usr/local/etc/raddb/users[144]: Parse error (check) for entry 
> DEFAULT: Unknown attribute Pool-Name
>
>What am I doing wrong?
>
>I'm sorry if this is a stupid question, but I have looked in the 
> docs and in the list and can't find any hint.
>
>Thanks a lot for your time.
>
>
> Guillermo
>
>
>
>
>
>
> - List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>
>




- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ip pool: Unknown attribute Pool-Name

[Guillermo Schimmel]

Hi list:

I'm starting the tests with the ippool module.

I added this line on the users file:

DEFAULT NAS-IP-Address == "10.169.255.11",  Auth-Type := Accept, 
Pool-Name := "prueba"

    And created an IP pool:

ippool prueba {
range-start = 10.170.200.1
range-stop =  10.170.200.254
netmask = 255.255.255.0
cache-size = 800
session-db = /raddb/db.ippool
ip-index = /raddb/db.ipindex
}

Now, when I start the server it says:

/usr/local/etc/raddb/users[144]: Parse error (check) for entry DEFAULT: 
Unknown attribute Pool-Name

What am I doing wrong?

I'm sorry if this is a stupid question, but I have looked in the 
docs and in the list and can't find any hint.

Thanks a lot for your time.


Guillermo






- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

software IP Pool

[Ador Dauz]

Hi all,

Is there any configure to limit the IP Pool,
of the specific group? coz I used the rlm_ippool
but when I consumed all the range, the next time
I login it gave me IP address which out of the range.

Thanks
--ador

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP Pool assignment

[Steve Tow]

Hello,

I've been banging my head on a wall over a simple problem and thought I'd see 
if anyone had a similar setup or any tips. I am using FreeRADIUS v0.5. It 
works just peachy except trying to get it to assign IP addesses out of a 
different IP pool for particular users. We are connecting to a Cisco 2600 
with IOS version 12.0. I have tried sending several different attributes to 
no avail. A couple samples from the 'users' file that failed:

test1Auth-Type := System
   Framed-Pool = "filter_pool"
test2Auth-Type := System
   Cisco-AVPair = "ip:addr-pool=filter_pool"

I have also tried other attributes that I have seen in documentation and 
mailing lists, but I can't seem to get it going. In some instances I can see 
the attribute being passed by the RADIUS server using "debug radius" on the 
Cisco router, but it seems to be ignored. I have this same setup working with 
a different type of router:

diffip      Auth-Type := System
X-Ascend-Assign-IP-Pool = 2

works just fine on this non-cisco router so I know roughly how to do it, just 
not with Cisco. The IOS line describing the IP pool is:

ip local pool filter_pool 10.10.1.2 10.10.1.10

Has anyone tried doing something similar to this or have some basic tips that 
I am missing thus far?

Thanx!!

-- 
[]
Steve Tow
Systems Engineer
Vital Support Systems
Email: [EMAIL PROTECTED]
Phone: (515) 334-5700


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

group ip pool

[Topaz M. Bott]

I am setting up a multi subnet network.  The subnet that a dial in user gets
depends on there “group”.  I have 26 groups all over 100 accounts.
They are all dialing one modem pool.  How can I do this.  I read thought the
FAQ & archive.

Help thx,

tmb





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

group ip pool

[Topaz M. Bott]

I am setting up a multi subnet network.  The subnet that a dial in user gets depends on there “group”.
 I have 26 groups all over 100 accounts.

They are all dialing one modem pool.  How can I do this.  I read thought the FAQ & archive.

 

Help thx, 

 

tmb

Re: IP POOL

[Jacobo González Simón]

Ok, i found rlm_ippool.

can i use it whith ldap authentication?
how?

Thanks


Jacobo =?iso-8859-1?Q?Gonz=E1lez=20Sim=F3n?= escribió:
> 
> Hi all,
> 
> I´m testing freeradius and ldap( with radtest utility, i have not
> another ras server that one is running whith another radius ), and it
> seems to work fine. Now the problem:
> 
> I had read in users file this:
> 
> #
> # Set up different IP address pools for the terminal servers.
> # Note that the "+" behind the IP address means that this is the "base"
> # IP address. The Port-Id (S0, S1 etc) will be added to it.
> #
> #DEFAULTService-Type == Framed-User, Huntgroup-Name == "alphen"
> #   Framed-IP-Address = 192.168.1.32+,
> #   Fall-Through = Yes
> 
> #DEFAULTService-Type == Framed-User, Huntgroup-Name == "delft"
> #   Framed-IP-Address = 192.168.2.32+,
> #   Fall-Through = Yes
> 
> and in my ldap base i have an entry:
> 
> dn: uid=pepe,ou=miembros,dc=midominio.es,o=miempresa
> objectclass: person
> objectclass: radiusprofile
> cn: JOSE
> uid: pepe
> radiusServiceType: Framed-User
> radiusFramedProtocol: PPP
> radiusFramedIPAddress: 192.168.254.1+
> radiusFramedIPNetmask: 255.255.255.255
> .
> .
> .
> .
> .
> .
> .
> 
> Well, wich is the limit for dinamic IP address?
> 
> 192.168.254.1+ meaning that all of 192.168.254.0/255.255.255.0 is
> available for dynamic ip?
> 
> I need delimit my pool to few ips, how can i do it?
> 
> Thanks at all, and sorry for my poor english
> 
> Jacobo
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP POOL

[Chris Parker]

At 06:14 PM 4/10/2002 +0200, Jacobo González Simón wrote:
>Hello again,
>
>  i have freeradius-0.5 from freeradius.org and i haven´t
>src/modules/rlm_ippool, where cai i find it?

CVS, or one of the nightly builds.  It has been added since the 0.5
release.

-Chris
--
\\\|||///  \  StarNet Inc.  \Chris Parker
\ ~   ~ /   \   WX *is* Wireless!\   Director, Engineering
| @   @ |\   http://www.starnetwx.net \  (847) 963-0116
oOo---(_)---oOo--\--
   \ Wholesale Internet Services - http://www.megapop.net



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP POOL

[Jacobo González Simón]

Hello again,

 i have freeradius-0.5 from freeradius.org and i haven´t 
src/modules/rlm_ippool, where cai i find it?

Thanks

Kostas Kalevras escribió:
> 
> On Mon, 8 Apr 2002, Jacobo [iso-8859-1] González Simón wrote:
> 
> > Thanks for your reply but i don`t undestand you.
> >
> > I haven´t rlm_ippool module.
> >
> > Kostas Kalevras escribió:
> >
> > >
> > > Try the rlm_ippool module. It will do your job just fine. Check out the
> > > comments in radiusd.conf.
> >  > > rlm_counter module and do s/counter/ippool.
> > ??
> > Where do i copy Makefile?
> >
> > what´s s/counter/ippool?
> >
> > Thanks, Jacobo
> 
> Check out the latest cvs for the rlm_ippool module.
> You will have to copy the Makefile in src/modules/rlm_ippool
> s/counter/ippool means replace all occurences of the word counter in the
> makefile with ippool.
> 
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED]  National Technical University of Athens, Greece
> Work Phone: +30 10 7721861
> 'Go back to the shadow' Gandalf
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP POOL

[Kostas Kalevras]

On Mon, 8 Apr 2002, Jacobo [iso-8859-1] González Simón wrote:

> Thanks for your reply but i don`t undestand you.
>
> I haven´t rlm_ippool module.
>
> Kostas Kalevras escribió:
>
> >
> > Try the rlm_ippool module. It will do your job just fine. Check out the
> > comments in radiusd.conf.
>  > rlm_counter module and do s/counter/ippool.
> ??
> Where do i copy Makefile?
>
> what´s s/counter/ippool?
>
> Thanks, Jacobo

Check out the latest cvs for the rlm_ippool module.
You will have to copy the Makefile in src/modules/rlm_ippool
s/counter/ippool means replace all occurences of the word counter in the
makefile with ippool.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP POOL

[Jacobo González Simón]

Thanks for your reply but i don`t undestand you.

I haven´t rlm_ippool module. 

Kostas Kalevras escribió:

> 
> Try the rlm_ippool module. It will do your job just fine. Check out the
> comments in radiusd.conf. 
 rlm_counter module and do s/counter/ippool.
??
Where do i copy Makefile?

what´s s/counter/ippool?

Thanks, Jacobo


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IP POOL

[Kostas Kalevras]

On Tue, 2 Apr 2002, Jacobo [iso-8859-1] González Simón wrote:

> Hi all,
>
> I´m testing freeradius and ldap( with radtest utility, i have not
> another ras server that one is running whith another radius ), and it
> seems to work fine. Now the problem:
>
> I had read in users file this:
>
> #
> # Set up different IP address pools for the terminal servers.
> # Note that the "+" behind the IP address means that this is the "base"
> # IP address. The Port-Id (S0, S1 etc) will be added to it.
> #
> #DEFAULTService-Type == Framed-User, Huntgroup-Name == "alphen"
> #   Framed-IP-Address = 192.168.1.32+,
> #   Fall-Through = Yes
>
> #DEFAULTService-Type == Framed-User, Huntgroup-Name == "delft"
> #   Framed-IP-Address = 192.168.2.32+,
> #   Fall-Through = Yes
>
>
> and in my ldap base i have an entry:
>
> dn: uid=pepe,ou=miembros,dc=midominio.es,o=miempresa
> objectclass: person
> objectclass: radiusprofile
> cn: JOSE
> uid: pepe
> radiusServiceType: Framed-User
> radiusFramedProtocol: PPP
> radiusFramedIPAddress: 192.168.254.1+
> radiusFramedIPNetmask: 255.255.255.255
> .
> .
> .
> .
> .
> .
> .
>
> Well, wich is the limit for dinamic IP address?
>
> 192.168.254.1+ meaning that all of 192.168.254.0/255.255.255.0 is
> available for dynamic ip?
>
> I need delimit my pool to few ips, how can i do it?
>
> Thanks at all, and sorry for my poor english
>
> Jacobo

Try the rlm_ippool module. It will do your job just fine. Check out the
comments in radiusd.conf. If it does not compile copy the Makefile from the
rlm_counter module and do s/counter/ippool.

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]  National Technical University of Athens, Greece
Work Phone: +30 10 7721861
'Go back to the shadow' Gandalf


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

IP POOL

[Jacobo González Simón]

Hi all, 

I´m testing freeradius and ldap( with radtest utility, i have not
another ras server that one is running whith another radius ), and it
seems to work fine. Now the problem:

I had read in users file this:

#
# Set up different IP address pools for the terminal servers.
# Note that the "+" behind the IP address means that this is the "base"
# IP address. The Port-Id (S0, S1 etc) will be added to it.
#
#DEFAULTService-Type == Framed-User, Huntgroup-Name == "alphen"
#   Framed-IP-Address = 192.168.1.32+,
#   Fall-Through = Yes

#DEFAULTService-Type == Framed-User, Huntgroup-Name == "delft"
#   Framed-IP-Address = 192.168.2.32+,
#   Fall-Through = Yes


and in my ldap base i have an entry:

dn: uid=pepe,ou=miembros,dc=midominio.es,o=miempresa
objectclass: person
objectclass: radiusprofile
cn: JOSE
uid: pepe
radiusServiceType: Framed-User
radiusFramedProtocol: PPP
radiusFramedIPAddress: 192.168.254.1+
radiusFramedIPNetmask: 255.255.255.255
.
.
.
.
.
.
.

Well, wich is the limit for dinamic IP address?

192.168.254.1+ meaning that all of 192.168.254.0/255.255.255.0 is
available for dynamic ip?

I need delimit my pool to few ips, how can i do it?

Thanks at all, and sorry for my poor english

Jacobo


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html