Re: ips assignments outside of pool range
Well that was it. I added the 255.255.255.254 and have had it running all day, no problems so far. Thanks again Alan. On Friday 01 February 2002 01:49 pm, you wrote: > Lee W <[EMAIL PROTECTED]> wrote: > > Right now I have the 3com handling the pools not FreeRadius. I was > > told on this list that Freeradius can't handle a upper limit on > > address pools, that you can set a start limit with > > Framed-IP-Address, and it will assign up from said IP so I should > > use my hardware. > > Yes. > > > The RFC said Framed-Pool should be a string of the assigned address > > pool, if supported by the NAS so I think thats what I'm doing. > > You should double-check your NAS documentation for what *it* wants. > > > The Framed-IP-Address RFC said that a set a value of 0x > > indicates that the NAS should allow the user to select an address > > (e.g. Negotiated) and the value 0xFFFE indicates that the NAS > > should select an address for the user (e.g. Assigned from a pool of > > addresses kept by the NAS. Which in my case would be (pool1). So the > > only thing I can think I'm missing is the 0xFFFE setting for > > Framed-IP-Address. Am I close, or did I miss the boat all together? > > > > :-) > > You should probably do that. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ips assignments outside of pool range
Lee W <[EMAIL PROTECTED]> wrote: > Right now I have the 3com handling the pools not FreeRadius. I was > told on this list that Freeradius can't handle a upper limit on > address pools, that you can set a start limit with > Framed-IP-Address, and it will assign up from said IP so I should > use my hardware. Yes. > The RFC said Framed-Pool should be a string of the assigned address > pool, if supported by the NAS so I think thats what I'm doing. You should double-check your NAS documentation for what *it* wants. > The Framed-IP-Address RFC said that a set a value of 0x > indicates that the NAS should allow the user to select an address > (e.g. Negotiated) and the value 0xFFFE indicates that the NAS > should select an address for the user (e.g. Assigned from a pool of > addresses kept by the NAS. Which in my case would be (pool1). So the > only thing I can think I'm missing is the 0xFFFE setting for > Framed-IP-Address. Am I close, or did I miss the boat all together? > :-) You should probably do that. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ips assignments outside of pool range
Ok I found the RFC's (RFC 2138) & (RFC2869) Right now I have the 3com handling the pools not FreeRadius. I was told on this list that Freeradius can't handle a upper limit on address pools, that you can set a start limit with Framed-IP-Address, and it will assign up from said IP so I should use my hardware. The RFC said Framed-Pool should be a string of the assigned address pool, if supported by the NAS so I think thats what I'm doing. The Framed-IP-Address RFC said that a set a value of 0x indicates that the NAS should allow the user to select an address (e.g. Negotiated) and the value 0xFFFE indicates that the NAS should select an address for the user (e.g. Assigned from a pool of addresses kept by the NAS. Which in my case would be (pool1). So the only thing I can think I'm missing is the 0xFFFE setting for Framed-IP-Address. Am I close, or did I miss the boat all together? :-) Lee On Thursday 31 January 2002 02:14 pm, you wrote: > Lee W <[EMAIL PROTECTED]> wrote: > > Ah, so somthing like this shoudl work. > > > > This will pull from the users pool starating at 73.10 > > users NAS-IP-Address == 207.151.73.10 > > No. > > That defines a server-only hunt group, which is based on the > NAS-IP-Address. > > You want pools for the users, which define a Framed-IP-Address. See > the RFC's for the difference. > > If the allocation of user IP addresses is handled by the NAS, then > the only thing you have to do on the server is to return the right > Framed-Pool attribute for each user. > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ips assignments outside of pool range
Lee W <[EMAIL PROTECTED]> wrote: > Ah, so somthing like this shoudl work. > > This will pull from the users pool starating at 73.10 > users NAS-IP-Address == 207.151.73.10 No. That defines a server-only hunt group, which is based on the NAS-IP-Address. You want pools for the users, which define a Framed-IP-Address. See the RFC's for the difference. If the allocation of user IP addresses is handled by the NAS, then the only thing you have to do on the server is to return the right Framed-Pool attribute for each user. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ips assignments outside of pool range
Ah, so somthing like this shoudl work. This will pull from the users pool starating at 73.10 users NAS-IP-Address == 207.151.73.10 and this will pull from users2 pool starting at 74.10 users2 NAS-IP-Address == 207.151.74.10 And I have blocked root account :-) On Thursday 31 January 2002 01:11 pm, you wrote: > Lee W <[EMAIL PROTECTED]> wrote: > > Could it be that I have the Fall-Through=yes on the first default so its > > trying to move to the next pool? > > No. It should only match one or the other of the huntgroups... > > > ### Huntgroups > > users NAS-IP-Address == 207.x.x.x > > users2 NAS-IP-Address == 207.x.x.x > > If these IP addresses are different, then the assignment of the > huntgroups will be unique. > > > Also I was also concerned that with my current PAM setup I can dial in as > > user (root) supply a the password and get a connection. Is that a normal > > thing when using PAM/accessing the system password file? > > Yes. 'root', etc. aren't special accounts, so far as > username/password are concerned. > > You'll have to add entries in the 'users' file to block those accounts. > > > Thanks to all out there who has helped me. If it was not for this List > > group I would still forced to use MS as my Radius. > > That's nice to hear! > > Alan DeKok. > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html -- Lee Wolf EMR Data Services [EMAIL PROTECTED] 623-764-0870 cell 623-581-0842 voice 623-582-9499 fax EMR Internet A Serious Internet Experience ** 56K Dial-up ** DSL ** Web-hosting ** ** Co-location ** T1s ** ISDN ** ** High-Speed Fiber Backbone ** Linux powered ** ** Custom Web Design ** Site Development ** ** Search Engine Placement & Web Consultation ** Visit us at http://www.emr.net! Ask about our reseller programs! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ips assignments outside of pool range
Lee W <[EMAIL PROTECTED]> wrote: > Could it be that I have the Fall-Through=yes on the first default so its > trying to move to the next pool? No. It should only match one or the other of the huntgroups... > ### Huntgroups > users NAS-IP-Address == 207.x.x.x > users2 NAS-IP-Address == 207.x.x.x If these IP addresses are different, then the assignment of the huntgroups will be unique. > Also I was also concerned that with my current PAM setup I can dial in as > user (root) supply a the password and get a connection. Is that a normal > thing when using PAM/accessing the system password file? Yes. 'root', etc. aren't special accounts, so far as username/password are concerned. You'll have to add entries in the 'users' file to block those accounts. > Thanks to all out there who has helped me. If it was not for this List group > I would still forced to use MS as my Radius. That's nice to hear! Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html