RE: Re[4]: ippool issue
From: Alexander Lunyov Sent: Saturday, 1 November 2003 6:32 AM Thursday, October 30, 2003, 6:52:58 AM, you wrote: rlm_ippool: Searching for an entry for nas/port: mynas.domain.ru/17 rlm_ippool: Allocating ip to nas/port: mynas.domain.ru/17 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.254.213 to client on nas mynas.domain.ru,port 17 modcall[post-auth]: module main_pool returns ok for request 0 modcall: group post-auth returns ok for request 0 Sending Access-Accept of id 251 to x.x.x.2:4921 Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 900 Framed-MTU = 576 Framed-Protocol = PPP Service-Type = Framed-User Framed-IP-Address = 192.168.254.213 Framed-IP-Netmask = 255.255.255.0 Finished request 0 Going to the next request Thread 1 waiting to be assigned a request rad_recv: Accounting-Request packet from host x.x.x.2:4924, id=101, length=11 5 Thread 2 assigned request 1 Waking up in 5 seconds... Thread 2 handling request 1, (1 handled so far) User-Name = lan Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.254.213 Framed-IP-Netmask = 0.0.0.0 NAS-Identifier = mynas.domain.ru NAS-Port-Type = Async NAS-Port = 17 Acct-Status-Type = Start Acct-Session-Id = 11080-lan1067627926 Acct-Multi-Session-Id = Acct-Delay-Time = 0 But why Framed-IP-Netmask changed from 255.255.255.0 to 0.0.0.0? Deranged NAS? What Netmask does the _client_ get? -- Paul TBBle Hampson Bubblesworth Pty Ltd (ABN: 51 095 284 361) [EMAIL PROTECTED] On a sidewalk near Portland State University someone wrote `Trust Jesus', and someone else wrote `But Cut the Cards'. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ippool issue
Hello freeradius-users, Is there a possibility to pool range of IP addresses for NAS while NAS is not in that range? For example, if i try to pool 192.168.253.0/24 network for NAS with address 192.168.3.3 - it says that nas/port not found for that NAS address (192.168.3.3). is it possible to assign to NAS client IP address not from NAS network? -- Best regards, Alexander mailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ippool issue
Sure you can. But if you do that you cant get routed to any place. You need a gateway address within the same logical network. On Wed, 2003-10-29 at 19:29, Alexander Lunyov wrote: Hello freeradius-users, Is there a possibility to pool range of IP addresses for NAS while NAS is not in that range? For example, if i try to pool 192.168.253.0/24 network for NAS with address 192.168.3.3 - it says that nas/port not found for that NAS address (192.168.3.3). is it possible to assign to NAS client IP address not from NAS network? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: ippool issue
Hello Gustavo, Wednesday, October 29, 2003, 8:42:51 AM, you wrote: GAL Sure you can. GAL But if you do that you cant get routed to any place. GAL You need a gateway address within the same logical network. What do you mean? NAS in the same logical network or radius server in the same logical network? For example, i want this ippool working with NAS. ippool main_pool { range-start = 192.168.253.1 range-stop = 192.168.253.254 netmask = 255.255.0.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } NAS is a FreeBSD box with 3 multiport cards and 2 network interfaces. First iface is 192.168.33.127/24, second is x.x.x.2/24 ('white' network). So when authentification of ppp session is done and it's time to receive IP address for this session, radiusd cannot find range for this NAS. It says rad_recv: Access-Request packet from host x.x.x.2:2740, id=239, length=105 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) User-Name = lan Service-Type = Framed-User Framed-Protocol = PPP CHAP-Password = 0x0176a7169a89a0a8s8aa34a03e630f1ead CHAP-Challenge = 0x38328232349865433746313036313635 NAS-Identifier = zeus.domain.ru NAS-Port-Type = Ethernet NAS-Port = 61 [authentification and other skip] rlm_ippool: Searching for an entry for nas/port: zeus.domain.ru/61 modcall[post-auth]: module main_pool returns noop for request 0 modcall: group post-auth returns noop for request 0 Sending Access-Accept of id 239 to x.x.x.2:2740 Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 10 Framed-MTU = 576 Framed-IP-Address = 255.255.255.254 Framed-Protocol = PPP Service-Type = Framed-User Finished request 0 What should i do? Is there any 'magic word'? :) GAL On Wed, 2003-10-29 at 19:29, Alexander Lunyov wrote: Hello freeradius-users, Is there a possibility to pool range of IP addresses for NAS while NAS is not in that range? For example, if i try to pool 192.168.253.0/24 network for NAS with address 192.168.3.3 - it says that nas/port not found for that NAS address (192.168.3.3). is it possible to assign to NAS client IP address not from NAS network? GAL - GAL List info/subscribe/unsubscribe? See GAL http://www.freeradius.org/list/users.html -- Best regards, Alexandermailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: ippool issue
You need an address in the RAS to act as a gateway... You can configure any pool in whatever RAS but for example if the RAS is a cisco you will need to do something like: interface eth0 ip add xxx.xxx.xxx.1 secondary interface eth0 ip add yyy.yyy.yyy.1 secondary .. ... and now you can assign address within the blocks xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy The thing is you need to RAS as gateway for the dialin users On Wed, 2003-10-29 at 20:14, Alexander Lunyov wrote: Hello Gustavo, Wednesday, October 29, 2003, 8:42:51 AM, you wrote: GAL Sure you can. GAL But if you do that you cant get routed to any place. GAL You need a gateway address within the same logical network. What do you mean? NAS in the same logical network or radius server in the same logical network? For example, i want this ippool working with NAS. ippool main_pool { range-start = 192.168.253.1 range-stop = 192.168.253.254 netmask = 255.255.0.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no } NAS is a FreeBSD box with 3 multiport cards and 2 network interfaces. First iface is 192.168.33.127/24, second is x.x.x.2/24 ('white' network). So when authentification of ppp session is done and it's time to receive IP address for this session, radiusd cannot find range for this NAS. It says rad_recv: Access-Request packet from host x.x.x.2:2740, id=239, length=105 Thread 1 assigned request 0 --- Walking the entire request list --- Threads: total/active/spare threads = 5/1/4 Waking up in 5 seconds... Thread 1 handling request 0, (1 handled so far) User-Name = lan Service-Type = Framed-User Framed-Protocol = PPP CHAP-Password = 0x0176a7169a89a0a8s8aa34a03e630f1ead CHAP-Challenge = 0x38328232349865433746313036313635 NAS-Identifier = zeus.domain.ru NAS-Port-Type = Ethernet NAS-Port = 61 [authentification and other skip] rlm_ippool: Searching for an entry for nas/port: zeus.domain.ru/61 modcall[post-auth]: module main_pool returns noop for request 0 modcall: group post-auth returns noop for request 0 Sending Access-Accept of id 239 to x.x.x.2:2740 Framed-Compression = Van-Jacobson-TCP-IP Idle-Timeout = 10 Framed-MTU = 576 Framed-IP-Address = 255.255.255.254 Framed-Protocol = PPP Service-Type = Framed-User Finished request 0 What should i do? Is there any 'magic word'? :) GAL On Wed, 2003-10-29 at 19:29, Alexander Lunyov wrote: Hello freeradius-users, Is there a possibility to pool range of IP addresses for NAS while NAS is not in that range? For example, if i try to pool 192.168.253.0/24 network for NAS with address 192.168.3.3 - it says that nas/port not found for that NAS address (192.168.3.3). is it possible to assign to NAS client IP address not from NAS network? GAL - GAL List info/subscribe/unsubscribe? See GAL http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html