Re: ip pool problem ?
On Thu, Dec 18, 2003 at 03:49:20PM +0700, [EMAIL PROTECTED] wrote: > I need help on configuring freeradius , on ip pooling. issue i use mysql as the user > as well as ip database. But it seems , radius can works on range ip i gave but i > works on ip with "+", but i can control the ip assignment that server gave to user > who dials in. Also i previously try using main_ippool with range start & range stop, > it seems dont work. Can anyone help me figure out this phenomena ? As far as I know, freeradius does not store ip pools in sql databases. Perhaps you can provide some debugging output and confguration you use (don't send everything, only the 'interesting' parts). Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool Unused IPs deallocation?
On Thu, Dec 04, 2003 at 03:27:49PM +0200, m0bius wrote: > Well you may actually be correct but from what I have read during the > past months some NAS equipment didn't have any problems with the ip > management via the radius server so I though this should be a most > applicable method to setup radius. It is a nice to manage all ips on the radius, but on the other hand I do just the same with my pool based setup. All pools and pool assignments are managed via the radius on our ascend and cisco nas equipment (they both support nas side ip pools managed via radius very well). Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IP Pool Unused IPs deallocation?
> > > On the other hand: why not just let the MAX distribute the IPs? make a > > > pools-NAS-NAME entry which assigns your pools to the NAS and choose > > > the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I have > > > about a dozend MAX 2000/4000/6000/TNT with this setup). > > > > So let me see if I get this straight. I should create something like: > > > > pools-nas1 Ascend-Assign-IP-Pool := "nas1_pool" ? > No. > Example (makes three pools on nas1 and has 3 test users which each get > an ip from a different pool): > pools-nas1Auth-Type := Local, User-Password == "ascend" > Service-Type = Outbound-User, > Ascend-IP-Pool-Definition = "1 10.10.10.1 126", > Ascend-IP-Pool-Definition = "2 10.10.20.1 126", > Ascend-IP-Pool-Definition = "3 10.10.30.1 126" > user1 Auth-Type := Local, User-Password == "test1" > Service-Type = Framed, > Framed-Protocol = MPP, > Ascend-Maximum-Channels = 2, > Ascend-Assign-IP-Pool = 1, > Ascend-Idle-Limit = 3600, > Ascend-Client-Primary-DNS = 10.1.1.1, > Ascend-Client-Secondary-DNS = 10.2.1.1, > Ascend-Client-Assign-DNS = DNS-Assign-Yes > > user2 Auth-Type := Local, User-Password == "test2" > Service-Type = Framed, > Framed-Protocol = MPP, > Ascend-Maximum-Channels = 2, > Ascend-Assign-IP-Pool = 2, > Ascend-Idle-Limit = 3600, > Ascend-Client-Primary-DNS = 10.1.1.1, > Ascend-Client-Secondary-DNS = 10.2.1.1, > Ascend-Client-Assign-DNS = DNS-Assign-Yes > user3 Auth-Type := Local, User-Password == "test3" > Service-Type = Framed, > Framed-Protocol = MPP, > Ascend-Maximum-Channels = 2, > Ascend-Assign-IP-Pool = 3, > Ascend-Idle-Limit = 3600, > Ascend-Client-Primary-DNS = 10.1.1.1, > Ascend-Client-Secondary-DNS = 10.2.1.1, > Ascend-Client-Assign-DNS = DNS-Assign-Yes > This works well with fallback defaults / sql group replies. I see. I will forward these changes to see whether the problems are totally solved and let you know of the outcome. This hole issue with the IP Pools has been in my mind since I first started working along with Radius. > > I don't know if I understood exactly what you mean. I've never worked > > with ascend before. If however it's pretty much the above has this > > anything to do with the countless auth requests regarding > > pools-nas1/ascend I receive or have I screwed everything badly? :-) > Oh, missed that paragraph... > Yep. pool defs must go to the pools user of the nas. As soon as the max > powers up, it asks for its pools. If it gets a user reply which has a > unknown pool, it should ask again. Another helpful tip. Browsing the archives this subject had been mentioned before but the answer was simply to put this user in Service-Type = REJECT to avoid the logging of these connections. Let along the manuals of the NAS equipment have been lost through the centuries making my life much more difficult :-) > I don't trust freeradius to assign IP addresses, cause the NAS is the one > who knows if a session is there or if it is not. There is no real point in > letting the radius assign ip adresses if your NAS equipment can do it. And > if you are changing pools often, this is also no problem if your running > some sort of dynamic routing protocol, cause the nas will announce it's > learned pools via this way... Well you may actually be correct but from what I have read during the past months some NAS equipment didn't have any problems with the ip management via the radius server so I though this should be a most applicable method to setup radius. > Oliver. Thank you very much for all your help. Regards, Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool Unused IPs deallocation?
On Thu, Dec 04, 2003 at 11:17:12AM +0200, m0bius wrote: > I don't know if I understood exactly what you mean. I've never worked > with ascend before. If however it's pretty much the above has this > anything to do with the countless auth requests regarding > pools-nas1/ascend I receive or have I screwed everything badly? :-) Oh, missed that paragraph... Yep. pool defs must go to the pools user of the nas. As soon as the max powers up, it asks for its pools. If it gets a user reply which has a unknown pool, it should ask again. I don't trust freeradius to assign IP addresses, cause the NAS is the one who knows if a session is there or if it is not. There is no real point in letting the radius assign ip adresses if your NAS equipment can do it. And if you are changing pools often, this is also no problem if your running some sort of dynamic routing protocol, cause the nas will announce it's learned pools via this way... Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool Unused IPs deallocation?
On Thu, Dec 04, 2003 at 11:17:12AM +0200, m0bius wrote: > > > > DEFAULT Service-Type == Framed-User, Pool-Name := "main_pool" > > > Framed-MTU = 1500, > > > Service-Type = Framed-User, > > > Fall-Through = 1, > > > Ascend-IP-Pool-Definition = "1 111.222.333.97 93" > > > As far as I understand, an Ascend-Pool def is not needed in the > > described setup. If the radius assigns IPs, the MAX does not need a > > pool, just route the IPs to it. > > Actually Ascend-IP-Pool-Definition has been there since my early tests > and hasn't been removed by a mistake. > > > On the other hand: why not just let the MAX distribute the IPs? make a > > pools-NAS-NAME entry which assigns your pools to the NAS and choose > > the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I have > > about a dozend MAX 2000/4000/6000/TNT with this setup). > > So let me see if I get this straight. I should create something like: > > pools-nas1 Ascend-Assign-IP-Pool := "nas1_pool" ? No. Example (makes three pools on nas1 and has 3 test users which each get an ip from a different pool): pools-nas1 Auth-Type := Local, User-Password == "ascend" Service-Type = Outbound-User, Ascend-IP-Pool-Definition = "1 10.10.10.1 126", Ascend-IP-Pool-Definition = "2 10.10.20.1 126", Ascend-IP-Pool-Definition = "3 10.10.30.1 126" user1 Auth-Type := Local, User-Password == "test1" Service-Type = Framed, Framed-Protocol = MPP, Ascend-Maximum-Channels = 2, Ascend-Assign-IP-Pool = 1, Ascend-Idle-Limit = 3600, Ascend-Client-Primary-DNS = 10.1.1.1, Ascend-Client-Secondary-DNS = 10.2.1.1, Ascend-Client-Assign-DNS = DNS-Assign-Yes user2 Auth-Type := Local, User-Password == "test2" Service-Type = Framed, Framed-Protocol = MPP, Ascend-Maximum-Channels = 2, Ascend-Assign-IP-Pool = 2, Ascend-Idle-Limit = 3600, Ascend-Client-Primary-DNS = 10.1.1.1, Ascend-Client-Secondary-DNS = 10.2.1.1, Ascend-Client-Assign-DNS = DNS-Assign-Yes user3 Auth-Type := Local, User-Password == "test3" Service-Type = Framed, Framed-Protocol = MPP, Ascend-Maximum-Channels = 2, Ascend-Assign-IP-Pool = 3, Ascend-Idle-Limit = 3600, Ascend-Client-Primary-DNS = 10.1.1.1, Ascend-Client-Secondary-DNS = 10.2.1.1, Ascend-Client-Assign-DNS = DNS-Assign-Yes This works well with fallback defaults / sql group replies. Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IP Pool Unused IPs deallocation?
> > DEFAULT Service-Type == Framed-User, Pool-Name := "main_pool" > > Framed-MTU = 1500, > > Service-Type = Framed-User, > > Fall-Through = 1, > > Ascend-IP-Pool-Definition = "1 111.222.333.97 93" > As far as I understand, an Ascend-Pool def is not needed in the > described setup. If the radius assigns IPs, the MAX does not need a > pool, just route the IPs to it. Actually Ascend-IP-Pool-Definition has been there since my early tests and hasn't been removed by a mistake. > On the other hand: why not just let the MAX distribute the IPs? make a > pools-NAS-NAME entry which assigns your pools to the NAS and choose > the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I have > about a dozend MAX 2000/4000/6000/TNT with this setup). So let me see if I get this straight. I should create something like: pools-nas1 Ascend-Assign-IP-Pool := "nas1_pool" ? I don't know if I understood exactly what you mean. I've never worked with ascend before. If however it's pretty much the above has this anything to do with the countless auth requests regarding pools-nas1/ascend I receive or have I screwed everything badly? :-) > Oliver. Regards, Paris - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool Unused IPs deallocation?
On Thu, Dec 04, 2003 at 03:07:41AM +0200, m0bius wrote: > DEFAULT Service-Type == Framed-User, Pool-Name := "main_pool" > Framed-MTU = 1500, > Service-Type = Framed-User, > Fall-Through = 1, > Ascend-IP-Pool-Definition = "1 111.222.333.97 93" As far as I understand, an Ascend-Pool def is not needed in the described setup. If the radius assigns IPs, the MAX does not need a pool, just route the IPs to it. On the other hand: why not just let the MAX distribute the IPs? make a pools-NAS-NAME entry which assigns your pools to the NAS and choose the pool via the Ascend-Assign-IP-Pool attribute. Works fine (I have about a dozend MAX 2000/4000/6000/TNT with this setup). Oliver. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP pool problem, please help
On Thu, 10 Oct 2002, Andrew Kelaidis wrote: > I have installed the freeRADIUS server and I 'm using the rlm_ippool module. > Everything works fine until one account-stop packet had been lost. The user > was log out but the dialup admin interface shows him as online and active in > finger page. I remove the correct record from the radacct table so the user > went offline. The problem is that the server had assigned him an ip address > and when the user is trying to login again, the following error message > appears: > "The server did not assign an IP Address, error 738" > > I know that the ippool module keeps two files (not text files) with > information about used IP addresses. I think that the "stacked" user can't > login because the server has already assign him an ipaddress. Is there any > ways to solve this problem? Please help... > > Andrew Kelaidis I am not sure that is the problem. The ippool modules uses the nas/port combination as the key not the username. If you login in the same nas/port the module will deallocate the corresponding IP. You could run your server in debug mode and watch the output when the user logs in. That should help you find the problem. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP pool problem, please help
Can someone please post a copy of the output from radiusd -X when a simultaneous login is detected, and freeradius runs the checkrad prog .. thx ... Tim Fraser * Relax Internet Internet Service Provider (dial-up & ADSL) / Web Hosting www.relax.com.au * - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool
On Thu, 22 Aug 2002, [iso-8859-1] ho k wrote: > Hi > > The connection is still failed after changing the > order in radiusd.conf and debug output as: > > DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type := > Accept, Pool-Name = "RAS" > Service-Type = Framed-User, > Framed-MTU = 1500, > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-Compression = Van-Jacobson-TCP-IP Try changing Pool-Name = "RAS" to Pool-Name := "RAS" > > but there is no problem of the connection for change > the config to: > > DEFAULT Auth-Type := Accept > Service-Type = Framed-User, > Framed-IP-Address = 192.168.59.192+, > Framed-MTU = 1500, > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-Compression = Van-Jacobson-TCP-IP > > Another question that may it work for this entry in > "users" config: > DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type := > System, Pool-Name = "RAS_1" > Service-Type = Framed-User, > Framed-MTU = 1500, > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-Compression = Van-Jacobson-TCP-IP > > DEFAULT NAS-IP-Address == 192.168.59.245, Auth-Type := > System, Pool-Name = "RAS_2" > Service-Type = Framed-User, > Framed-MTU = 1500, > Service-Type = Framed-User, > Framed-Protocol = PPP, > Framed-Compression = Van-Jacobson-TCP-IP > > when I have two RAS which ip 192.168.59.244 and > 192.168.59.255 are. They would assign separate ip > range to two group of dialup users > > k If you create two ippool instances named RAS_1 and RAS_2 you shouldn't have any problems. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: IP Pool Question
Title: RE: IP Pool Question Thanks for the reply. However after modifying the pool range, I changed the users file as follwoing: Normaluser Auth-Type :=local, password =="y" Service-type = framed, Framed-protocol = PPP, Framed-IP-Address = 255.255.255.254, Framed-IP-netmask = 255.255.255.255, Framed-Compression = Van-Jacobson-TCP-IP, Fall-Through = Yes, session-timeout = 1800 With this configuration I tried two PCs simulataneously and all the time I kept on getting IP x.x.x.254 on both PCs. According to the write up users should have been assigned different IP from the pool defined in Cisco 5300. Any clue? Thanks Rakesh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kostas Kalevras Sent: Wednesday, August 21, 2002 3:10 PM To: '[EMAIL PROTECTED]' Subject: Re: IP Pool Question On Wed, 21 Aug 2002, rakesh jha wrote: > Hello Radius Gurus, > > I need your help. I have just downloaded and installed freeradius 7 with > rlm_ippool. I have following situation: > We have defined an ip pool on Cisco 5300 from x.x.x.195 to x.x.x.254 with > mask 255.255.255.192. > We want IP from x.x.x.195 to x.x.x.214 statically to the privilege dial-in > users and IP from x.x.x.215 to x.x.x.254 dynamically to other normal users. > For normal users duplicate users ID is allowed. Why not just define an IP pool in the 5300 from x.x.x.215 to x.x.x.254 and just add a reply item of Framed-IP-Address = 255.255.255.254 in the normal user entries. There's no real reason in using the ippool module. If you have more than one IP pools in your 5300 you could also send back a cisco avpair like this: Cisco-AVPair := "ip:addr-pool=my_pool_name" Hope it helps -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf > > To achieve this I am doing following. > > 1. In radiusd.conf I have added following: > usercollide = yes > compat = cistron > > Ippool { > Range-start = x.x.x.215 > Range-stop = x.x.x.254 > Netmask = 255.255.255.192 > Cache-size = 800 > Session-db = ${raddbdir}/db.ippool > Ip-index = ${raddbdir}/db.ip-index > } > > 2. In users file I have added following: > > Privilegeuser Auth-Type :=local, passwoed =="x" > Framed-IP-Address = x.x.x.195 > Framed-IP-netmask = 255.255.255.255 > Fall-through = yes > > Normaluser Auth-Type :=local, passwoed > =="y" > Service-type = framed > Framed-protocol = PPP > Session-timeout =1800 > > > > The whole idea is that mormaluser should get IP starting from x.x.x.215 till > x.x.x.254 only and after that which ever is unused in range from 215 - 254. > In my existing RADIUS server for normal users I have configured > Framed-IP-Address = x.x.x.215+ and user may get IP beyond our subnet. > > Seeing the configuration, please confirm following: > > > > 1 Will this work OK > 2. The normaluser will get IP from range x.x.x.215 - x.x.x.254 > > Thanks > > Rakesh Jha > Kuwait > > --- > Disclaimer: > Any non official business related views, opinions or other information > presented in this electronic mail are solely those of the sender/author. > Burgan Bank does not endorse or accept responsibility for these opinions, > views or conclusion. > If you are not the addressee indicated in this electronic mail or > responsible for delivering this electronic message to the intended > recipient, you should delete this message and notify the sender > immediately. > > Burgan Bank > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html If you are not the addressee indicated in this electronic mail or responsible for delivering this electronic message to the intended recipient, you should delete this message and notify the sender immediately.
Re: ip pool
Hi The connection is still failed after changing the order in radiusd.conf and debug output as: Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded IPPOOL ippool: session-db = "/usr/local/etc/raddb/db.ippool" ippool: ip-index = "/usr/local/etc/raddb/db.ipindex" ippool: range-start = 192.168.59.193 IP address [192.168.59.193] ippool: range-stop = 192.168.59.195 IP address [192.168.59.195] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 3 Module: Instantiated ippool (RAS) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp. Ready to process requests. rad_recv: Access-Request packet from host 192.168.59.244:1093, id=58, length=73 User-Name = "noki" User-Password = "\3713\363tW\257\223^g%\0261A\254\211" NAS-Port = 0 Framed-Protocol = PPP NAS-Identifier = "AUD_AGENT" NAS-Port-Type = Async modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm NULL for User-Name = "noki" rlm_realm: No such realm NULL modcall[authorize]: module "suffix" returns noop users: Matched DEFAULT at 185 users: Matched DEFAULT at 211 users: Matched DEFAULT at 223 modcall[authorize]: module "files" returns ok modcall[authorize]: module "RAS" returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type System auth: type "System" modcall: entering group authenticate modcall[authenticate]: module "unix" returns notfound modcall: group authenticate returns notfound auth: Failed to validate the user. Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 58 to 192.168.59.244:1093 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 58 with timestamp 3d645b5f Nothing to do. Sleeping until we see a request. Here is the context of radiusd.conf: module { pam {... } unix {... } eap {... } ... (different modules in here) ippool RAS { range-start = 192.168.59.193 range-stop = 192.168.59.195 netmask = 255.255.255.0 cache-size = 3 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } } authorize { preprocess eap suffix files RAS } authenticate { unix } accounting { detail # counter unix RAS radutmp } and context of "users": DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type := Accept, Pool-Name = "RAS" Service-Type = Framed-User, Framed-MTU = 1500, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP but there is no problem of the connection for change the config to: DEFAULT Auth-Type := Accept Service-Type = Framed-User, Framed-IP-Address = 192.168.59.192+, Framed-MTU = 1500, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP Another question that may it work for this entry in "users" config: DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type := System, Pool-Name = "RAS_1" Service-Type = Framed-User, Framed-MTU = 1500, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT NAS-IP-Address == 192.168.59.245, Auth-Type := System, Pool-Name = "RAS_2" Service-Type = Framed-User, Framed-MTU = 1500, Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP when I have two RAS which ip 192.168.59.244 and 192.168.59.255 are. They would assign separate ip range to two group of dialup users k --- Kostas Kalevras <[EMAIL PROTECTED]> wrote: > On Wed, 21 Aug 2002, [iso-8859-1] ho k wrote: > > > Dear All > > > > Can you point out the mistake about ip assignment > from > > radius side. Parts of radiusd.conf are as follows: > > > > > > authorize { > > preprocess > > suffix > > files
Re: ip pool
On Wed, 21 Aug 2002, [iso-8859-1] ho k wrote: > Dear All > > Can you point out the mistake about ip assignment from > radius side. Parts of radiusd.conf are as follows: > > > authorize { > preprocess > suffix > files > RAS > ippool RAS { > range-start = 192.168.59.193 > range-stop = 192.168.59.195 > netmask = 255.255.255.0 > cache-size = 3 > session-db = ${raddbdir}/db.ippool > ip-index = ${raddbdir}/db.ipindex > } > } > > and failure connection output as: > rad_recv: Access-Request packet from host > 192.168.59.244:1083, id=49, lengt > h=71 > User-Name = "bb" > User-Password = > "\323\317\322\267\272\330\014t\365\223\337\004i\022 > \273" > NAS-Port = 0 > Framed-Protocol = PPP > NAS-Identifier = "AUD_AGENT" > NAS-Port-Type = Async > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "RAS" returns noop > rlm_realm: Looking up realm NULL for User-Name = > "bb" > rlm_realm: No such realm NULL > modcall[authorize]: module "suffix" returns noop > users: Matched DEFAULT at 171 > users: Matched DEFAULT at 197 > users: Matched DEFAULT at 209 > modcall[authorize]: module "files" returns ok > modcall: group authorize returns ok >From the modcall[authorize] messages it seems that your authorize section is authorize{ preprocess RAS suffix files } whilst it should be authorize{ preprocess suffix files RAS } > > and the "usess" file as: > > DEFAULT NAS-IP-Address == 192.168.59.244, Auth-Type := > Accept, Pool-Name = "RAS" -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool Question
On Wed, 21 Aug 2002, rakesh jha wrote: > Hello Radius Gurus, > > I need your help. I have just downloaded and installed freeradius 7 with > rlm_ippool. I have following situation: > We have defined an ip pool on Cisco 5300 from x.x.x.195 to x.x.x.254 with > mask 255.255.255.192. > We want IP from x.x.x.195 to x.x.x.214 statically to the privilege dial-in > users and IP from x.x.x.215 to x.x.x.254 dynamically to other normal users. > For normal users duplicate users ID is allowed. Why not just define an IP pool in the 5300 from x.x.x.215 to x.x.x.254 and just add a reply item of Framed-IP-Address = 255.255.255.254 in the normal user entries. There's no real reason in using the ippool module. If you have more than one IP pools in your 5300 you could also send back a cisco avpair like this: Cisco-AVPair := "ip:addr-pool=my_pool_name" Hope it helps -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf > > To achieve this I am doing following. > > 1. In radiusd.conf I have added following: > usercollide = yes > compat = cistron > > Ippool{ > Range-start = x.x.x.215 > Range-stop = x.x.x.254 > Netmask = 255.255.255.192 > Cache-size = 800 > Session-db = ${raddbdir}/db.ippool > Ip-index = ${raddbdir}/db.ip-index > } > > 2. In users file I have added following: > > Privilegeuser Auth-Type :=local, passwoed =="x" > Framed-IP-Address = x.x.x.195 > Framed-IP-netmask = 255.255.255.255 > Fall-through = yes > > Normaluser Auth-Type :=local, passwoed > =="y" > Service-type = framed > Framed-protocol = PPP > Session-timeout =1800 > > > > The whole idea is that mormaluser should get IP starting from x.x.x.215 till > x.x.x.254 only and after that which ever is unused in range from 215 - 254. > In my existing RADIUS server for normal users I have configured > Framed-IP-Address = x.x.x.215+ and user may get IP beyond our subnet. > > Seeing the configuration, please confirm following: > > > > 1Will this work OK > 2. The normaluser will get IP from range x.x.x.215 - x.x.x.254 > > Thanks > > Rakesh Jha > Kuwait > > --- > Disclaimer: > Any non official business related views, opinions or other information > presented in this electronic mail are solely those of the sender/author. > Burgan Bank does not endorse or accept responsibility for these opinions, > views or conclusion. > If you are not the addressee indicated in this electronic mail or > responsible for delivering this electronic message to the intended > recipient, you should delete this message and notify the sender > immediately. > > Burgan Bank > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool questions
I'm having a problem like Li Lin has. I need that the radius server assign an IP address from a pool (172.25.6.2 /24) to each dial up subscriber, and all the requirements will come from a NAS (There's no LAN behind subscribers). I see that the only IP that the server assigns is the one that i configure in the attribute Framed-IP-Address. The question is: how I configure this attribute for the user DEFAULT when I want the server do that? The following doesnt't work DEFAULT Auth-Type := Local, User-Password == "" Service-Type = Framed-User, Framed-IP-Address = 172.25.6.2+, If I'm wrong, can you explain me how to do what i want to do?. Thanks Ëbú?²æìr¸{û§²æìr¸y'Ûiÿü0ÁúÞz¶ë(®å˺ǫ²f
RE: IP Pool questions
Here's an example user named foo: foo Auth-Type := System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = 192.168.2.21, Framed-Netmask = 255.255.255.252, Framed-Route = "192.168.2.20/30 192.168.2.21 1", Framed-Compression = Van-Jacobson-TCP-IP, Idle-Timeout = 0, Framed-MTU = 1500 Note the Framed-Route line. /30 is equivalent to 255.255.255.252 This is just an example, you could use much larger blocks. The subscriber would configure their equipment to use the IP address 192.168.2.21. 192.168.2.22 would be an IP usable within their LAN. Remote gateway could be available in a larger network specified by a more general netmask for the remote gateway where appropriate. Alternately, if you wish, you can do this: foo Auth-Type := System Service-Type = Framed-User, Framed-Protocol = PPP, Framed-Address = 192.168.2.2, Framed-Netmask = 255.255.255.255, Framed-Route = "192.168.3.0/28 192.168.2.2 1", Framed-Compression = Van-Jacobson-TCP-IP, Idle-Timeout = 0, Framed-MTU = 1500 This would instead of providing a merged LAN IP block provide a WAN/LAN-style structure, where you could give each dialup device their own single IP and then forward blocks over those single IPs to their LAN. In this example, a /28 (13 usable addresses) is forwarded to this subscriber for use in their LAN, they would have to have two separate interfaces, a WAN interface for 192.168.2.2 and a LAN interface where they define one of the IPs in the 192.168.3.0 block (such as 192.168.3.1). -- Mark P. Hennessy [EMAIL PROTECTED] On Mon, 19 Aug 2002, Li Lin wrote: > Date: Mon, 19 Aug 2002 17:43:31 -0400 > From: Li Lin <[EMAIL PROTECTED]> > To: 'Mark Hennessy' <[EMAIL PROTECTED]> > Cc: Li Lin <[EMAIL PROTECTED]> > Subject: RE: IP Pool questions > > Hi Mark: > > Yes, I am trying to set up a block of IPs to be passed to a subscriber. > > Thanks > > Li Lin > > -Original Message- > From: Mark Hennessy [mailto:[EMAIL PROTECTED]] > Sent: Monday, August 19, 2002 5:48 PM > To: '[EMAIL PROTECTED]' > Cc: Li Lin > Subject: Re: IP Pool questions > > Are you trying to set up a block of IPs to be passed to a subscriber, or > dynamically assign an IP from a pool to a subscriber? > > -- > Mark P. Hennessy > [EMAIL PROTECTED] > > On Mon, 19 Aug 2002, Li Lin wrote: > > > Date: Mon, 19 Aug 2002 17:38:10 -0400 > > From: Li Lin <[EMAIL PROTECTED]> > > Reply-To: [EMAIL PROTECTED] > > To: "'[EMAIL PROTECTED]'" > > <[EMAIL PROTECTED]> > > Cc: Li Lin <[EMAIL PROTECTED]> > > Subject: IP Pool questions > > > > > > Dear Sir/Madam: > > > > I have a problem to setup IP pool. (The free radius server only assigns > one > > IP address) > > > > Could you please tell me: > > > > 1. whether freeradius-0.3 supports IP pool or not? > > 2. any document for IP pool? > > > > Thanks > > > > Li Lin > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pool questions
Are you trying to set up a block of IPs to be passed to a subscriber, or dynamically assign an IP from a pool to a subscriber? -- Mark P. Hennessy [EMAIL PROTECTED] On Mon, 19 Aug 2002, Li Lin wrote: > Date: Mon, 19 Aug 2002 17:38:10 -0400 > From: Li Lin <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > To: "'[EMAIL PROTECTED]'" > <[EMAIL PROTECTED]> > Cc: Li Lin <[EMAIL PROTECTED]> > Subject: IP Pool questions > > > Dear Sir/Madam: > > I have a problem to setup IP pool. (The free radius server only assigns one > IP address) > > Could you please tell me: > > 1.whether freeradius-0.3 supports IP pool or not? > 2.any document for IP pool? > > Thanks > > Li Lin > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP pool
On Fri, 16 Aug 2002, Matias Ezequiel Fabiano wrote: > > Thanks, Kostas. That neither doesn't work. > And I understand that if I put the attribute Pool-Name in the same line of > the "User Name" (DEFAULT), the radius server will expect a IP Address, and > I want that the radius server assigns it. No, that happens if you use the matching operators ('==','!=' etc). If you set it like this ('=',':=' etc) it gets added as a check item. Also _remove_ the Framed-IP-Address from the reply items for the ippool module to work. It will take care of handing out IP addresses. > Is the attribute Framed-IP-Address correct? Because the server only assigns > one address: 172.25.6.3, and if a second user tries to connect, the first > get kicked out. > > -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP pool
Thanks, Kostas. That neither doesn't work. And I understand that if I put the attribute Pool-Name in the same line of the "User Name" (DEFAULT), the radius server will expect a IP Address, and I want that the radius server assigns it. Is the attribute Framed-IP-Address correct? Because the server only assigns one address: 172.25.6.3, and if a second user tries to connect, the first get kicked out. Kostas Kalevras <[EMAIL PROTECTED]>@lists.cistron.nl con fecha 16/08/2002 10:59:29 Por favor, responda a [EMAIL PROTECTED] Enviado por: [EMAIL PROTECTED] Destinatarios:[EMAIL PROTECTED] CC: Asunto: Re: IP pool On Fri, 16 Aug 2002, Matias Ezequiel Fabiano wrote: > > OK, the error in the Service-Type was corrected. But still doesn't work. My > users file is configured as follows, and I > need that the radius server assigns the IP address from the pool 172.25.6.0 / 24. What is missing or wrong? > > DEFAULT Auth-Type := Local, User-Password == "" > Service-Type = Framed-User, > Framed-IP-Address = 172.25.6.2+ > > Thanks Please read again my previous email. I wrote: > > DEFAULT Auth-Type := Local, User-Password == "", Pool-Name = "clientes" ^^ > > Also the Service-Type assignment is wrong. Try reading 'man 5 users' -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html .+-wèþ˱Êâmïî˱Êâmäzm§ÿðÃëyêÚv+¬¢¸?+-þë®Èm
Re: IP pool
On Fri, 16 Aug 2002, Matias Ezequiel Fabiano wrote: > > OK, the error in the Service-Type was corrected. But still doesn't work. My > users file is configured as follows, and I > need that the radius server assigns the IP address from the pool 172.25.6.0 / 24. >What is missing or wrong? > > DEFAULT Auth-Type := Local, User-Password == "" > Service-Type = Framed-User, > Framed-IP-Address = 172.25.6.2+ > > Thanks Please read again my previous email. I wrote: > > DEFAULT Auth-Type := Local, User-Password == "", Pool-Name = "clientes" ^^ > > Also the Service-Type assignment is wrong. Try reading 'man 5 users' -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP pool
OK, the error in the Service-Type was corrected. But still doesn't work. My users file is configured as follows, and I need that the radius server assigns the IP address from the pool 172.25.6.0 / 24. What is missing or wrong? DEFAULT Auth-Type := Local, User-Password == "" Service-Type = Framed-User, Framed-IP-Address = 172.25.6.2+ Thanks Kostas Kalevras <[EMAIL PROTECTED]>@lists.cistron.nl con fecha 16/08/2002 00:24:35 Por favor, responda a [EMAIL PROTECTED] Enviado por: [EMAIL PROTECTED] Destinatarios:[EMAIL PROTECTED] CC: Asunto: Re: IP pool On Thu, 15 Aug 2002, Matias Ezequiel Fabiano wrote: > > Hello everybody, > > Alan, thanks for the answers. > I have configured this, but still not work: > > * radius.conf > > ippool cientes { > range-start = 172.25.6.2 > range-stop = 172.25.6.255 > netmask = 255.255.255.0 > cache-size = 800 > session-db = ${raddbdir}/db.ippool > ip-index = ${raddbdir}/db.ipindex > } > > * users > > DEFAULT Auth-Type := Local, User-Password == "" > Service-Type == Framed-User, > Pool-Name = "clientes", > > Is it OK? Because I still have the same problem. > If it's wrong, please tell me how to configure an ip pool for the users. > > Thanks a lot > > Matias Try DEFAULT Auth-Type := Local, User-Password == "", Pool-Name = "clientes" Also the Service-Type assignment is wrong. Try reading 'man 5 users' -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html â²Ø§~ì¹»®&Þþéì¹»®&ÞI硶Úÿ0~·§bºÊ+ùb²ßî±êìÙ¥
Re: IP pool
On Thu, 15 Aug 2002, Matias Ezequiel Fabiano wrote: > > Hello everybody, > > Alan, thanks for the answers. > I have configured this, but still not work: > > * radius.conf > > ippool cientes { > range-start = 172.25.6.2 > range-stop = 172.25.6.255 > netmask = 255.255.255.0 > cache-size = 800 > session-db = ${raddbdir}/db.ippool > ip-index = ${raddbdir}/db.ipindex > } > > * users > > DEFAULT Auth-Type := Local, User-Password == "" > Service-Type == Framed-User, > Pool-Name = "clientes", > > Is it OK? Because I still have the same problem. > If it's wrong, please tell me how to configure an ip pool for the users. > > Thanks a lot > > Matias Try DEFAULT Auth-Type := Local, User-Password == "", Pool-Name = "clientes" Also the Service-Type assignment is wrong. Try reading 'man 5 users' -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP pool
Hello everybody, Alan, thanks for the answers. I have configured this, but still not work: * radius.conf ippool cientes { range-start = 172.25.6.2 range-stop = 172.25.6.255 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex } * users DEFAULT Auth-Type := Local, User-Password == "" Service-Type == Framed-User, Pool-Name = "clientes", Is it OK? Because I still have the same problem. If it's wrong, please tell me how to configure an ip pool for the users. Thanks a lot Matias "Alan DeKok" <[EMAIL PROTECTED]>@lists.cistron.nl con fecha 15/08/2002 11:20:41 Por favor, responda a [EMAIL PROTECTED] Enviado por: [EMAIL PROTECTED] Destinatarios: [EMAIL PROTECTED] CC: Asunto: Re: IP pool "Matias Ezequiel Fabiano" <[EMAIL PROTECTED]> wrote: > When I start the radius daemon and users try to authenticate, the > server only assigns one IP address (172.25.6.3), and therefore > only one user can use the service at the same time. The users > file looks like this: > DEFAULT Auth-Type := Local, User-Password == "adgj" > Service-Type == Framed-User, > Framed-IP-Address = 172.25.6.2+, That's not an IP pool. It adds the NAS-Port to the IP address. > Is the IP pool well defined? Thanks for the answers See the 'ippool' module, in radiusd.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html .+-wèþ˱Êâmïî˱Êâmäzm§ÿðÃëyêÚv+¬¢¸?+-þë®Èm
Re: IP pool
"Matias Ezequiel Fabiano" <[EMAIL PROTECTED]> wrote: > When I start the radius daemon and users try to authenticate, the > server only assigns one IP address (172.25.6.3), and therefore > only one user can use the service at the same time. The users > file looks like this: > DEFAULT Auth-Type := Local, User-Password == "adgj" > Service-Type == Framed-User, > Framed-IP-Address = 172.25.6.2+, That's not an IP pool. It adds the NAS-Port to the IP address. > Is the IP pool well defined? Thanks for the answers See the 'ippool' module, in radiusd.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
On Wed, 14 Aug 2002, Guillermo Schimmel wrote: > Yes, it seems like I have several errors. Now Its working. > > Now, I have read that you can use the Pool-Name attribute to select one > IP Address pool, that's why I started trying this. > I have to share a NAS for Internet Access and VPN access and I'm going > to do that by routing and firewalling, assigning different pools based > on some like group. > > So, I define two (or more) pools in radiusd.conf like: > > ippool test1 { ...} > ippool test2 { ...} > ... > ippool testn { ...} > > And I thought that in the authorization section I had to put "ippool", > and it would take the Pool-Name attribute to choose a pool. > But now It seems like I have to put one specific ip pool. > Could you please tell me which is the correct usage of this feature? ippool test1 { ... } ippool test2 { ... } are all instances of the ip pool module. You have to add them all in the authorize and accounting sections in radiusd.conf and use the Pool-Name attribute to select which one will run. > > > Thank you very very much for your help. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
Yes, it seems like I have several errors. Now Its working. Now, I have read that you can use the Pool-Name attribute to select one IP Address pool, that's why I started trying this. I have to share a NAS for Internet Access and VPN access and I'm going to do that by routing and firewalling, assigning different pools based on some like group. So, I define two (or more) pools in radiusd.conf like: ippool test1 { ...} ippool test2 { ...} ... ippool testn { ...} And I thought that in the authorization section I had to put "ippool", and it would take the Pool-Name attribute to choose a pool. But now It seems like I have to put one specific ip pool. Could you please tell me which is the correct usage of this feature? Thank you very very much for your help. Kostas Kalevras wrote: >On Wed, 14 Aug 2002, Guillermo Schimmel wrote: > > > >>Module: Loaded IPPOOL >> ippool: session-db = "/usr/local/etc/raddb/db.ippool" >> ippool: ip-index = "/usr/local/etc/raddb/db.ipindex" >> ippool: range-start = 10.170.201.1 IP address [10.170.201.1] >> ippool: range-stop = 10.170.200.254 IP address [10.170.200.254] >> ippool: netmask = 255.255.255.0 IP address [255.255.255.0] >> ippool: cache-size = 254 >>rlm_ippool: Invalid configuration data given. >>radiusd.conf[330]: prueba: Module instantiation failed. >> >> > >Check your range-start. It should probable read 10.170.200.1. In any case it >should not be an ip number lower than the range-stop. > >-- >Kostas KalevrasNetwork Operations Center >[EMAIL PROTECTED] National Technical University of Athens, Greece >Work Phone:+30 10 7721861 >'Go back to the shadow'Gandalf > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
On Wed, 14 Aug 2002, Guillermo Schimmel wrote: > Module: Loaded IPPOOL > ippool: session-db = "/usr/local/etc/raddb/db.ippool" > ippool: ip-index = "/usr/local/etc/raddb/db.ipindex" > ippool: range-start = 10.170.201.1 IP address [10.170.201.1] > ippool: range-stop = 10.170.200.254 IP address [10.170.200.254] > ippool: netmask = 255.255.255.0 IP address [255.255.255.0] > ippool: cache-size = 254 > rlm_ippool: Invalid configuration data given. > radiusd.conf[330]: prueba: Module instantiation failed. Check your range-start. It should probable read 10.170.200.1. In any case it should not be an ip number lower than the range-stop. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
Kostas Kalevras wrote: >On Wed, 14 Aug 2002, Guillermo Schimmel wrote: > > > >>authorize { >>preprocess >>files >>ippool >>chap >>group { >> ldap1 { >> fail = 1 >> notfound = 2 >> noop = return >> ok = return >> updated = return >> reject = return >> userlock = return >> invalid = return >> handled = return >>} >> ldap2 { >> fail = 1 >> notfound = 2 >> noop = return >> ok = return >> updated = return >> reject = return >> userlock = return >> invalid = return >> handled = return >>} >>} >>} >> >>accounting { >>acct_unique >>detail >>sql >>ippool >>} >> >> > >Replace ippool with prueba and everything should work ok. > > Now the server doesn't start. It gives the following error: Module: Loaded IPPOOL ippool: session-db = "/usr/local/etc/raddb/db.ippool" ippool: ip-index = "/usr/local/etc/raddb/db.ipindex" ippool: range-start = 10.170.201.1 IP address [10.170.201.1] ippool: range-stop = 10.170.200.254 IP address [10.170.200.254] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 254 rlm_ippool: Invalid configuration data given. radiusd.conf[330]: prueba: Module instantiation failed. >-- >Kostas KalevrasNetwork Operations Center >[EMAIL PROTECTED] National Technical University of Athens, Greece >Work Phone:+30 10 7721861 >'Go back to the shadow'Gandalf > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
On Wed, 14 Aug 2002, Guillermo Schimmel wrote: > authorize { > preprocess > files > ippool > chap > group { > ldap1 { > fail = 1 > notfound = 2 > noop = return > ok = return > updated = return > reject = return > userlock = return > invalid = return > handled = return > } > ldap2 { > fail = 1 > notfound = 2 > noop = return > ok = return > updated = return > reject = return > userlock = return > invalid = return > handled = return > } > } > } > > accounting { > acct_unique > detail > sql > ippool > } Replace ippool with prueba and everything should work ok. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
Kostas Kalevras wrote: >On Wed, 14 Aug 2002, Guillermo Schimmel wrote: > > > >>Yes, I have done so. >> >>Is this output OK? (The noop part) >> >>modcall: entering group authorize >> modcall[authorize]: module "preprocess" returns ok >> modcall[authorize]: module "files" returns notfound >> modcall[authorize]: module "ippool" returns noop >>rlm_chap: Could not find proper Chap-Password attribute in request >> modcall[authorize]: module "chap" returns noop >>modcall: entering group group >> >>Where else should I look? >> >> > >Please post the authorize and accounting sections of your radiusd.conf > > authorize { preprocess files ippool chap group { ldap1 { fail = 1 notfound = 2 noop = return ok = return updated = return reject = return userlock = return invalid = return handled = return } ldap2 { fail = 1 notfound = 2 noop = return ok = return updated = return reject = return userlock = return invalid = return handled = return } } } accounting { acct_unique detail sql ippool } > > >>Is there any documentation for the ippool module? >> >> > >Apart from the comments in the configuration file, no. > >-- >Kostas KalevrasNetwork Operations Center >[EMAIL PROTECTED] National Technical University of Athens, Greece >Work Phone:+30 10 7721861 >'Go back to the shadow'Gandalf > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
On Wed, 14 Aug 2002, Guillermo Schimmel wrote: > Yes, I have done so. > > Is this output OK? (The noop part) > > modcall: entering group authorize > modcall[authorize]: module "preprocess" returns ok > modcall[authorize]: module "files" returns notfound > modcall[authorize]: module "ippool" returns noop > rlm_chap: Could not find proper Chap-Password attribute in request > modcall[authorize]: module "chap" returns noop > modcall: entering group group > > Where else should I look? Please post the authorize and accounting sections of your radiusd.conf > > Is there any documentation for the ippool module? Apart from the comments in the configuration file, no. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
Kostas Kalevras wrote: >On Tue, 13 Aug 2002, Guillermo Schimmel wrote: > > > >>It still doesn't work. >> >> >> >>>Hi list: >>> >>> I'm starting the tests with the ippool module. >>> >>> I added this line on the users file: >>> >>>DEFAULT NAS-IP-Address == "10.169.255.11", Auth-Type := >>>Accept, Pool-Name := "prueba" >>> >>> And created an IP pool: >>> >>>ippool prueba { >>> range-start = 10.170.200.1 >>> range-stop = 10.170.200.254 >>> netmask = 255.255.255.0 >>> cache-size = 800 >>> session-db = /raddb/db.ippool >>> ip-index = /raddb/db.ipindex >>>} >>> >>> >>> >>I can start the server and it works ok, but it doesn't reply with >>the Framed-IP-Address attribute. >> >> >> >>> What am I doing wrong? >>> >>> I'm sorry if this is ANOTHER stupid question. >>> >>> Thanks a lot for your time. >>> >>> >>>Guillermo >>> >>> > >Have you added the module in the authorize and accounting sections in >radiusd.conf? Make sure also that ippool comes after the files module in the >authorize section. > > Yes, I have done so. Is this output OK? (The noop part) modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "files" returns notfound modcall[authorize]: module "ippool" returns noop rlm_chap: Could not find proper Chap-Password attribute in request modcall[authorize]: module "chap" returns noop modcall: entering group group Where else should I look? Is there any documentation for the ippool module? Thanks Guillermo >-- >Kostas KalevrasNetwork Operations Center >[EMAIL PROTECTED] National Technical University of Athens, Greece >Work Phone:+30 10 7721861 >'Go back to the shadow'Gandalf > > >- >List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pool again
On Tue, 13 Aug 2002, Guillermo Schimmel wrote: > It still doesn't work. > > > > > Hi list: > > > >I'm starting the tests with the ippool module. > > > >I added this line on the users file: > > > > DEFAULT NAS-IP-Address == "10.169.255.11", Auth-Type := > > Accept, Pool-Name := "prueba" > > > >And created an IP pool: > > > > ippool prueba { > >range-start = 10.170.200.1 > >range-stop = 10.170.200.254 > >netmask = 255.255.255.0 > >cache-size = 800 > >session-db = /raddb/db.ippool > >ip-index = /raddb/db.ipindex > > } > > > I can start the server and it works ok, but it doesn't reply with > the Framed-IP-Address attribute. > > >What am I doing wrong? > > > >I'm sorry if this is ANOTHER stupid question. > > > >Thanks a lot for your time. > > > > > > Guillermo Have you added the module in the authorize and accounting sections in radiusd.conf? Make sure also that ippool comes after the files module in the authorize section. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
SOLVED: Sorry: Re: ip pool: Unknown attribute Pool-Name
I'm sorry. This was really stupid. I was using the old dictionary file, from fr 0.4. Guillermo Schimmel wrote: > > Hi list: > >I'm starting the tests with the ippool module. > >I added this line on the users file: > > DEFAULT NAS-IP-Address == "10.169.255.11", Auth-Type := > Accept, Pool-Name := "prueba" > >And created an IP pool: > > ippool prueba { >range-start = 10.170.200.1 >range-stop = 10.170.200.254 >netmask = 255.255.255.0 >cache-size = 800 >session-db = /raddb/db.ippool >ip-index = /raddb/db.ipindex > } > >Now, when I start the server it says: > > /usr/local/etc/raddb/users[144]: Parse error (check) for entry > DEFAULT: Unknown attribute Pool-Name > >What am I doing wrong? > >I'm sorry if this is a stupid question, but I have looked in the > docs and in the list and can't find any hint. > >Thanks a lot for your time. > > > Guillermo > > > > > > > - List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP POOL
Ok, i found rlm_ippool. can i use it whith ldap authentication? how? Thanks Jacobo =?iso-8859-1?Q?Gonz=E1lez=20Sim=F3n?= escribió: > > Hi all, > > I´m testing freeradius and ldap( with radtest utility, i have not > another ras server that one is running whith another radius ), and it > seems to work fine. Now the problem: > > I had read in users file this: > > # > # Set up different IP address pools for the terminal servers. > # Note that the "+" behind the IP address means that this is the "base" > # IP address. The Port-Id (S0, S1 etc) will be added to it. > # > #DEFAULTService-Type == Framed-User, Huntgroup-Name == "alphen" > # Framed-IP-Address = 192.168.1.32+, > # Fall-Through = Yes > > #DEFAULTService-Type == Framed-User, Huntgroup-Name == "delft" > # Framed-IP-Address = 192.168.2.32+, > # Fall-Through = Yes > > and in my ldap base i have an entry: > > dn: uid=pepe,ou=miembros,dc=midominio.es,o=miempresa > objectclass: person > objectclass: radiusprofile > cn: JOSE > uid: pepe > radiusServiceType: Framed-User > radiusFramedProtocol: PPP > radiusFramedIPAddress: 192.168.254.1+ > radiusFramedIPNetmask: 255.255.255.255 > . > . > . > . > . > . > . > > Well, wich is the limit for dinamic IP address? > > 192.168.254.1+ meaning that all of 192.168.254.0/255.255.255.0 is > available for dynamic ip? > > I need delimit my pool to few ips, how can i do it? > > Thanks at all, and sorry for my poor english > > Jacobo > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP POOL
At 06:14 PM 4/10/2002 +0200, Jacobo González Simón wrote: >Hello again, > > i have freeradius-0.5 from freeradius.org and i haven´t >src/modules/rlm_ippool, where cai i find it? CVS, or one of the nightly builds. It has been added since the 0.5 release. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | @ @ |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP POOL
Hello again, i have freeradius-0.5 from freeradius.org and i haven´t src/modules/rlm_ippool, where cai i find it? Thanks Kostas Kalevras escribió: > > On Mon, 8 Apr 2002, Jacobo [iso-8859-1] González Simón wrote: > > > Thanks for your reply but i don`t undestand you. > > > > I haven´t rlm_ippool module. > > > > Kostas Kalevras escribió: > > > > > > > > Try the rlm_ippool module. It will do your job just fine. Check out the > > > comments in radiusd.conf. > > > > rlm_counter module and do s/counter/ippool. > > ?? > > Where do i copy Makefile? > > > > what´s s/counter/ippool? > > > > Thanks, Jacobo > > Check out the latest cvs for the rlm_ippool module. > You will have to copy the Makefile in src/modules/rlm_ippool > s/counter/ippool means replace all occurences of the word counter in the > makefile with ippool. > > -- > Kostas Kalevras Network Operations Center > [EMAIL PROTECTED] National Technical University of Athens, Greece > Work Phone: +30 10 7721861 > 'Go back to the shadow' Gandalf > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP POOL
On Mon, 8 Apr 2002, Jacobo [iso-8859-1] González Simón wrote: > Thanks for your reply but i don`t undestand you. > > I haven´t rlm_ippool module. > > Kostas Kalevras escribió: > > > > > Try the rlm_ippool module. It will do your job just fine. Check out the > > comments in radiusd.conf. > > rlm_counter module and do s/counter/ippool. > ?? > Where do i copy Makefile? > > what´s s/counter/ippool? > > Thanks, Jacobo Check out the latest cvs for the rlm_ippool module. You will have to copy the Makefile in src/modules/rlm_ippool s/counter/ippool means replace all occurences of the word counter in the makefile with ippool. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP POOL
Thanks for your reply but i don`t undestand you. I haven´t rlm_ippool module. Kostas Kalevras escribió: > > Try the rlm_ippool module. It will do your job just fine. Check out the > comments in radiusd.conf. rlm_counter module and do s/counter/ippool. ?? Where do i copy Makefile? what´s s/counter/ippool? Thanks, Jacobo - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP POOL
On Tue, 2 Apr 2002, Jacobo [iso-8859-1] González Simón wrote: > Hi all, > > I´m testing freeradius and ldap( with radtest utility, i have not > another ras server that one is running whith another radius ), and it > seems to work fine. Now the problem: > > I had read in users file this: > > # > # Set up different IP address pools for the terminal servers. > # Note that the "+" behind the IP address means that this is the "base" > # IP address. The Port-Id (S0, S1 etc) will be added to it. > # > #DEFAULTService-Type == Framed-User, Huntgroup-Name == "alphen" > # Framed-IP-Address = 192.168.1.32+, > # Fall-Through = Yes > > #DEFAULTService-Type == Framed-User, Huntgroup-Name == "delft" > # Framed-IP-Address = 192.168.2.32+, > # Fall-Through = Yes > > > and in my ldap base i have an entry: > > dn: uid=pepe,ou=miembros,dc=midominio.es,o=miempresa > objectclass: person > objectclass: radiusprofile > cn: JOSE > uid: pepe > radiusServiceType: Framed-User > radiusFramedProtocol: PPP > radiusFramedIPAddress: 192.168.254.1+ > radiusFramedIPNetmask: 255.255.255.255 > . > . > . > . > . > . > . > > Well, wich is the limit for dinamic IP address? > > 192.168.254.1+ meaning that all of 192.168.254.0/255.255.255.0 is > available for dynamic ip? > > I need delimit my pool to few ips, how can i do it? > > Thanks at all, and sorry for my poor english > > Jacobo Try the rlm_ippool module. It will do your job just fine. Check out the comments in radiusd.conf. If it does not compile copy the Makefile from the rlm_counter module and do s/counter/ippool. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 10 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html