subject:"Affect Static IP by Freeradius\/ASA5510"

Affect Static IP by Freeradius/ASA5510

2009-02-04 Thread Phibee Network Operation Center


Hi

Sorry to restart the same subject, but actually i am search .. i am 
search 

but i don't see any solution ...


I use:
   FreeRadius with a Perl Script
   A Cisco ASA5510 IOS 8.0


In debug i have:


When a user don't have IP, use Pool :

==

rad_recv: Access-Request packet from host 10.218.7.243:1025, id=31, 
length=166

   User-Name = vpn...@xx.fr
   User-Password = XXX
   NAS-Port = 1658880
   Service-Type = Framed-User
   Framed-Protocol = PPP
   Called-Station-Id = 62.XX.XX.XX
   Calling-Station-Id = 88.XX.XX.XX
   NAS-Port-Type = Virtual
   Tunnel-Client-Endpoint:0 = 88.XX.XX.XX
   NAS-IP-Address = 10.218.7.243
   Cisco-AVPair = ip:source-ip=88.XX.XX.XXy\223
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
 modcall[authorize]: module preprocess returns ok for request 0
 modcall[authorize]: module chap returns noop for request 0
 modcall[authorize]: module mschap returns noop for request 0
   rlm_realm: Looking up realm xx.fr for User-Name = vpn...@xx.fr
   rlm_realm: No such realm xx.fr
 modcall[authorize]: module suffix returns noop for request 0
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module eap returns noop for request 0
   users: Matched entry DEFAULT at line 154
   users: Matched entry DEFAULT at line 173
   users: Matched entry DEFAULT at line 185
 modcall[authorize]: module files returns ok for request 0
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
 modcall[authorize]: module perl returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
 rad_check_password:  Found Auth-Type Perl
auth: type Perl
 Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 0
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
 modcall[authenticate]: module perl returns ok for request 0
modcall: leaving group Perl (returns ok) for request 0
Login OK: [vpn...@xx.fr/XXX] (from client 10.218.7.243 port 1658880 cli 
88.XX.XX.XX)

Sending Access-Accept of id 31 to 10.218.7.243 port 1025
   Framed-IP-Address = 255.255.255.254
   Framed-MTU = 576
   Service-Type = Framed-User
   Framed-Protocol = PPP
   Framed-Compression = Van-Jacobson-TCP-IP
   h323-credit-amount = 100
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 31 with timestamp 4989aa4d
Nothing to do.  Sleeping until we see a request.


No problems, the user connect and have a IP of the Pool


When i use a user with static IP:

rad_recv: Access-Request packet from host 10.218.7.243:1025, id=32, 
length=166

   User-Name = vpn...@xx.fr
   User-Password = XXX
   NAS-Port = 1662976
   Service-Type = Framed-User
   Framed-Protocol = PPP
   Called-Station-Id = 62.23.17.71
   Calling-Station-Id = 88.XX.XX.XX
   NAS-Port-Type = Virtual
   Tunnel-Client-Endpoint:0 = 88.XX.XX.XX
   NAS-IP-Address = 10.218.7.243
   Cisco-AVPair = ip:source-ip=88.XX.XX.XXy\223
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
 modcall[authorize]: module preprocess returns ok for request 1
 modcall[authorize]: module chap returns noop for request 1
 modcall[authorize]: module mschap returns noop for request 1
   rlm_realm: Looking up realm xx.fr for User-Name = vpn...@xx.fr
   rlm_realm: No such realm xx.fr
 modcall[authorize]: module suffix returns noop for request 1
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module eap returns noop for request 1
   users: Matched entry DEFAULT at line 154
   users: Matched entry DEFAULT at line 173
   users: Matched entry DEFAULT at line 185
 modcall[authorize]: module files returns ok for request 1
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 10.218.3.41
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair

Re: Affect Static IP by Freeradius/ASA5510

2009-02-04 Thread Alan DeKok

Phibee Network Operation Center wrote:
 I see Framed-IP-Address = 10.218.3.41 but at the end of the logs he have:
 
 Sending Access-Accept of id 32 to 10.218.7.243 port 1025
Framed-IP-Address = 255.255.255.254
 
 Why he sending 255.255.255.254 .

  Some part of the configuration *you* added does this.  The default
configuration as shipped with the server doesn't add a Framed-IP-Address
of 255.255.255.254.

  Look at the debug output, and look at the users file entries it matches.

  You could also simply grep the configuration files for
255.255.255.254, and see where it comes from.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Affect Static IP by Freeradius/ASA5510

2009-02-04 Thread Phibee Network Operation Center


Alan DeKok a écrit :

Phibee Network Operation Center wrote:
  

I see Framed-IP-Address = 10.218.3.41 but at the end of the logs he have:

Sending Access-Accept of id 32 to 10.218.7.243 port 1025
   Framed-IP-Address = 255.255.255.254

Why he sending 255.255.255.254 .



  Some part of the configuration *you* added does this.  The default
configuration as shipped with the server doesn't add a Framed-IP-Address
of 255.255.255.254.

  Look at the debug output, and look at the users file entries it matches.

  You could also simply grep the configuration files for
255.255.255.254, and see where it comes from.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


  


H very thanks Alan !

I have add a # into users:

DEFAULT Service-Type == Framed-User
#   Framed-IP-Address = 255.255.255.254,
   Framed-MTU = 576,
   Service-Type = Framed-User,
   Fall-Through = Yes


And now, the user have the good IP address 

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Affect Static IP by Freeradius/ASA5510

2009-02-04 Thread tnt


 I see Framed-IP-Address = 10.218.3.41 but at the end of the logs he have:

 Sending Access-Accept of id 32 to 10.218.7.243 port 1025
Framed-IP-Address = 255.255.255.254

 Why he sending 255.255.255.254 .


   Some part of the configuration *you* added does this.  The default
 configuration as shipped with the server doesn't add a Framed-IP-Address
 of 255.255.255.254.

   Look at the debug output, and look at the users file entries it matches.

   You could also simply grep the configuration files for
 255.255.255.254, and see where it comes from.

   Alan DeKok.
 -
 List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html




H very thanks Alan !

I have add a # into users:

DEFAULT Service-Type == Framed-User
#   Framed-IP-Address = 255.255.255.254,
Framed-MTU = 576,
Service-Type = Framed-User,
Fall-Through = Yes


And now, the user have the good IP address 


Can perl overwrite the value from users file? From debug he did give the
new address for $RAD_REPLY but it did not overwrite the previous value
(from users file).

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Affect Static IP by Freeradius/ASA5510

2009-02-04 Thread Alan DeKok

t...@kalik.net wrote:
 Can perl overwrite the value from users file? From debug he did give the
 new address for $RAD_REPLY but it did not overwrite the previous value
 (from users file).

  The perl module is supposed to *replace* the reply attributes with
whatever it has.  So a lingering IP address is strange.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: Affect Static IP by Freeradius/ASA5510

2009-02-04 Thread tnt

 Can perl overwrite the value from users file? From debug he did give the
 new address for $RAD_REPLY but it did not overwrite the previous value
 (from users file).

  The perl module is supposed to *replace* the reply attributes with
whatever it has.  So a lingering IP address is strange.

  Alan DeKok.
-

I have tested it on 2.1.3 and it works that way - value from users file
is replaced by the value entered in perl.

The man from Phibee: what freeradius version are you using? That looks
like 1.x. You should use latest version for new installations in order
to avoid bugs like this.

Ivan Kalik
Kalik Informatika ISP

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Affect Static IP by Freeradius/ASA5510

Re: Affect Static IP by Freeradius/ASA5510

Re: Affect Static IP by Freeradius/ASA5510

Re: Affect Static IP by Freeradius/ASA5510

Re: Affect Static IP by Freeradius/ASA5510

Re: Affect Static IP by Freeradius/ASA5510

6 matches

Site Navigation

Mail list logo

Footer information