Re: Group ip pools

2004-08-02 Thread Barry Murphy
Nah still not working,  works fine if i use radping or what ever that
program is and I specify a nas port. But the nas port only seems to come
through from the nas on a start request maybe. The port range starts from 0
and increments by 1 per user.

Any ideas?

Barry


- Original Message - 
From: "Paul Hampson" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, August 02, 2004 2:17 PM
Subject: Re: Group ip pools


> On Sun, Aug 01, 2004 at 02:17:41PM +1200, Barry Murphy wrote:
> > Going forward I have looked at the scripts and it shows that TTY is
being
> > used and clients are getting a Nas-Port begining with 0, then 1 for the
> > second user as shown below.
>
> > Sun Aug  1 12:00:49 2004
> > Acct-Session-Id = "410C2FFA01F0"
> > User-Name = "icepick"
> > Acct-Status-Type = Start
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Acct-Authentic = RADIUS
> > NAS-Port-Type = Async
> > Framed-IP-Address = 219.88.249.85
> > NAS-IP-Address = 10.23.19.2
> > NAS-Port = 0
> > Acct-Delay-Time = 0
> > Client-IP-Address = 10.22.19.2
> > Acct-Unique-Session-Id = "819283b999345e7d"
> > Timestamp = 1091318449
>
> > Sun Aug  1 13:26:04 2004
> > Acct-Session-Id = "410C43DA0201"
> > User-Name = "neil"
> > Acct-Status-Type = Start
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Acct-Authentic = RADIUS
> > NAS-Port-Type = Async
> > Framed-IP-Address = 219.88.249.89
> > NAS-IP-Address = 10.23.19.2
> > NAS-Port = 1
> > Acct-Delay-Time = 0
> > Client-IP-Address = 10.22.19.2
> > Acct-Unique-Session-Id = "f27a28a784f81cba"
> > Timestamp = 1091323564
>
> Those are Accounting-Start packets... To assign an address from an
> ippool, the port needs to be present in the Access-Request packet. By
> the time the RADIUS server sees the Accounting-Start packet, the IP
> address needs to've been already transmitted in the Access-Accept
> packet.
>
> On the other hand, it looks like a Framed-IP-Address _is_ being
> assigned... Is this still not working?
>
> -- 
> Paul "TBBle" Hampson, on an alternate email client.
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-08-01 Thread Paul Hampson
On Sun, Aug 01, 2004 at 02:17:41PM +1200, Barry Murphy wrote:
> Going forward I have looked at the scripts and it shows that TTY is being
> used and clients are getting a Nas-Port begining with 0, then 1 for the
> second user as shown below.

> Sun Aug  1 12:00:49 2004
> Acct-Session-Id = "410C2FFA01F0"
> User-Name = "icepick"
> Acct-Status-Type = Start
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Acct-Authentic = RADIUS
> NAS-Port-Type = Async
> Framed-IP-Address = 219.88.249.85
> NAS-IP-Address = 10.23.19.2
> NAS-Port = 0
> Acct-Delay-Time = 0
> Client-IP-Address = 10.22.19.2
> Acct-Unique-Session-Id = "819283b999345e7d"
> Timestamp = 1091318449

> Sun Aug  1 13:26:04 2004
> Acct-Session-Id = "410C43DA0201"
> User-Name = "neil"
> Acct-Status-Type = Start
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Acct-Authentic = RADIUS
> NAS-Port-Type = Async
> Framed-IP-Address = 219.88.249.89
> NAS-IP-Address = 10.23.19.2
> NAS-Port = 1
> Acct-Delay-Time = 0
> Client-IP-Address = 10.22.19.2
> Acct-Unique-Session-Id = "f27a28a784f81cba"
> Timestamp = 1091323564

Those are Accounting-Start packets... To assign an address from an
ippool, the port needs to be present in the Access-Request packet. By
the time the RADIUS server sees the Accounting-Start packet, the IP
address needs to've been already transmitted in the Access-Accept
packet.

On the other hand, it looks like a Framed-IP-Address _is_ being
assigned... Is this still not working?

-- 
Paul "TBBle" Hampson, on an alternate email client.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Barry Murphy
Going forward I have looked at the scripts and it shows that TTY is being
used and clients are getting a Nas-Port begining with 0, then 1 for the
second user as shown below.

Sun Aug  1 12:00:49 2004
Acct-Session-Id = "410C2FFA01F0"
User-Name = "icepick"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 219.88.249.85
NAS-IP-Address = 10.23.19.2
NAS-Port = 0
Acct-Delay-Time = 0
Client-IP-Address = 10.22.19.2
Acct-Unique-Session-Id = "819283b999345e7d"
Timestamp = 1091318449

Sun Aug  1 13:26:04 2004
Acct-Session-Id = "410C43DA0201"
User-Name = "neil"
Acct-Status-Type = Start
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Authentic = RADIUS
NAS-Port-Type = Async
Framed-IP-Address = 219.88.249.89
NAS-IP-Address = 10.23.19.2
NAS-Port = 1
Acct-Delay-Time = 0
Client-IP-Address = 10.22.19.2
Acct-Unique-Session-Id = "f27a28a784f81cba"
Timestamp = 1091323564

Barry


- Original Message - 
From: "Barry Murphy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 01, 2004 1:39 PM
Subject: Re: Group ip pools


> NTRadPing confirmed what you mentioned, i'm wondering if anyone has
managed
> to get debian ppp to send the interface number as the NAS-Port?
>
> i.e. ppp0 would be port 0, ppp1 would be Nas-Port=1 etc. Been googling for
> hours for this and days on this topic and come up with nothing.
>
> A link off http://www.chelcom.ru/~anton/projects/pppd-tacacs+radius/
shows:
> RADIUS plugin now uses ppp interface number instead of terminal device
> number as NAS-Port value because interface number is guaranteed to be
> unique.
>
> Barry
> - Original Message - 
> From: "Kostas Kalevras" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Sunday, August 01, 2004 2:42 AM
> Subject: Re: Group ip pools
>
>
> > On Sat, 31 Jul 2004, Barry Murphy wrote:
> >
> > > Could hte problem be because the user is connecting with a "Virtual"
> > > NAS-Port...
> > >
> > > rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74,
> > > length=113
> > > User-Name = "testing"
> > > Service-Type = Framed-User
> > > Framed-Protocol = PPP
> > > Framed-IP-Address = 192.168.44.59
> > > Framed-IP-Netmask = 255.255.255.255
> > > NAS-Identifier = "ns.unix.co.nz"
> > > NAS-Port-Type = Virtual
> > > Acct-Status-Type = Start
> > > Acct-Session-Id = "31558-testing1091264221"
> > > Acct-Multi-Session-Id = ""
> > > Acct-Delay-Time = 0
> >
> > The accounting packet does not contain a nas-port attribute. You need to
> fix
> > that, or rlm_ippool won't work
> >
> > >
> > >
> > > modcall: group Auth-Type returns ok for request 12
> > > Login OK: [testing] (from client 192.168.4.1 port 0)
> > > modcall: entering group post-auth for request 12
> > > rlm_ippool: Could not find nas port information. Return NOOP.
> > >   modcall[post-auth]: module "mainpool" returns noop for request 12
> > > radius_xlat:  '/var/log/radacct/192.168.4.1/reply-detail-20040731'
> > >
> > >
> > > Barry
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED] National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Barry Murphy
NTRadPing confirmed what you mentioned, i'm wondering if anyone has managed
to get debian ppp to send the interface number as the NAS-Port?

i.e. ppp0 would be port 0, ppp1 would be Nas-Port=1 etc. Been googling for
hours for this and days on this topic and come up with nothing.

A link off http://www.chelcom.ru/~anton/projects/pppd-tacacs+radius/ shows:
RADIUS plugin now uses ppp interface number instead of terminal device
number as NAS-Port value because interface number is guaranteed to be
unique.

Barry
- Original Message - 
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 01, 2004 2:42 AM
Subject: Re: Group ip pools


> On Sat, 31 Jul 2004, Barry Murphy wrote:
>
> > Could hte problem be because the user is connecting with a "Virtual"
> > NAS-Port...
> >
> > rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74,
> > length=113
> > User-Name = "testing"
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-IP-Address = 192.168.44.59
> > Framed-IP-Netmask = 255.255.255.255
> > NAS-Identifier = "ns.unix.co.nz"
> > NAS-Port-Type = Virtual
> > Acct-Status-Type = Start
> > Acct-Session-Id = "31558-testing1091264221"
> > Acct-Multi-Session-Id = ""
> > Acct-Delay-Time = 0
>
> The accounting packet does not contain a nas-port attribute. You need to
fix
> that, or rlm_ippool won't work
>
> >
> >
> > modcall: group Auth-Type returns ok for request 12
> > Login OK: [testing] (from client 192.168.4.1 port 0)
> > modcall: entering group post-auth for request 12
> > rlm_ippool: Could not find nas port information. Return NOOP.
> >   modcall[post-auth]: module "mainpool" returns noop for request 12
> > radius_xlat:  '/var/log/radacct/192.168.4.1/reply-detail-20040731'
> >
> >
> > Barry
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Barry Murphy
It's a pptp connection using debian poptop and ppp. Any ideas?

Thanks
Barry

- Original Message - 
From: "Kostas Kalevras" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 01, 2004 2:42 AM
Subject: Re: Group ip pools


> On Sat, 31 Jul 2004, Barry Murphy wrote:
>
> > Could hte problem be because the user is connecting with a "Virtual"
> > NAS-Port...
> >
> > rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74,
> > length=113
> > User-Name = "testing"
> > Service-Type = Framed-User
> > Framed-Protocol = PPP
> > Framed-IP-Address = 192.168.44.59
> > Framed-IP-Netmask = 255.255.255.255
> > NAS-Identifier = "ns.unix.co.nz"
> > NAS-Port-Type = Virtual
> > Acct-Status-Type = Start
> > Acct-Session-Id = "31558-testing1091264221"
> > Acct-Multi-Session-Id = ""
> > Acct-Delay-Time = 0
>
> The accounting packet does not contain a nas-port attribute. You need to
fix
> that, or rlm_ippool won't work
>
> >
> >
> > modcall: group Auth-Type returns ok for request 12
> > Login OK: [testing] (from client 192.168.4.1 port 0)
> > modcall: entering group post-auth for request 12
> > rlm_ippool: Could not find nas port information. Return NOOP.
> >   modcall[post-auth]: module "mainpool" returns noop for request 12
> > radius_xlat:  '/var/log/radacct/192.168.4.1/reply-detail-20040731'
> >
> >
> > Barry
>
> --
> Kostas Kalevras Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone: +30 210 7721861
> 'Go back to the shadow' Gandalf
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Alan DeKok
Barry Murphy <[EMAIL PROTECTED]> wrote:
> Could hte problem be because the user is connecting with a "Virtual"
> NAS-Port...

  Yes.  There's nothing in the Access-Request packet which lets the
server tell one virtual port from another.  The server therefore
cannot assign IP addresses, as it has no way of tracking who was
assigned what.

  Alan DeKok.


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Bruce A. Friend
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th.

Bruce Friend


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Chip Old
On Sat, 31 Jul 2004 10:44 -0400, Bruce A. Friend wrote:
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th.
Bruce Friend
Bruce, I assume you'll see this when you return from vacation.  Will you 
please learn how to configure your vacation autoresponder to ignore 
mailing list messages?  Every time a freeradius-users message hits your 
system, your autoresponder responds to the list address.  Surely if you're 
savvy enough to use radius, you're savvy enough to learn to use your 
autoresponder correctly.

--
Chip Old (Francis E. Old) E-Mail:  [EMAIL PROTECTED]
Manager, BCPL Network ServicesPhone:   410-887-6180
Manager, BCPL.NET Internet Services   FAX: 410-887-2091
320 York Road
Towson, MD 21204  USA
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Bruce A. Friend
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th.

Bruce Friend


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Kostas Kalevras
On Sat, 31 Jul 2004, Barry Murphy wrote:

> Could hte problem be because the user is connecting with a "Virtual"
> NAS-Port...
>
> rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74,
> length=113
> User-Name = "testing"
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 192.168.44.59
> Framed-IP-Netmask = 255.255.255.255
> NAS-Identifier = "ns.unix.co.nz"
> NAS-Port-Type = Virtual
> Acct-Status-Type = Start
> Acct-Session-Id = "31558-testing1091264221"
> Acct-Multi-Session-Id = ""
> Acct-Delay-Time = 0

The accounting packet does not contain a nas-port attribute. You need to fix
that, or rlm_ippool won't work

>
>
> modcall: group Auth-Type returns ok for request 12
> Login OK: [testing] (from client 192.168.4.1 port 0)
> modcall: entering group post-auth for request 12
> rlm_ippool: Could not find nas port information. Return NOOP.
>   modcall[post-auth]: module "mainpool" returns noop for request 12
> radius_xlat:  '/var/log/radacct/192.168.4.1/reply-detail-20040731'
>
>
> Barry

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Bruce A. Friend
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th.

Bruce Friend


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Bruce A. Friend
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th.

Bruce Friend


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Barry Murphy
Could hte problem be because the user is connecting with a "Virtual"
NAS-Port...

rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74,
length=113
User-Name = "testing"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.44.59
Framed-IP-Netmask = 255.255.255.255
NAS-Identifier = "ns.unix.co.nz"
NAS-Port-Type = Virtual
Acct-Status-Type = Start
Acct-Session-Id = "31558-testing1091264221"
Acct-Multi-Session-Id = ""
Acct-Delay-Time = 0


modcall: group Auth-Type returns ok for request 12
Login OK: [testing] (from client 192.168.4.1 port 0)
modcall: entering group post-auth for request 12
rlm_ippool: Could not find nas port information. Return NOOP.
  modcall[post-auth]: module "mainpool" returns noop for request 12
radius_xlat:  '/var/log/radacct/192.168.4.1/reply-detail-20040731'


Barry

- Original Message - 
From: "Barry Murphy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, July 31, 2004 7:26 PM
Subject: Re: Group ip pools


> I'm guessing I can just use ip pools from the radius.conf which I have
tried
> to do but it isn't working...
>
> ippool mainpool {
> range-start = 219.88.249.73
> range-stop = 219.88.249.80
> netmask = 255.255.255.255
> cache-size = 800
> session-db = ${raddbdir}/db.ippool
> ip-index = ${raddbdir}/db.ipindex
> override = no
> }
>
>
> under accounting{} I have added mainpool
> under post-auth {} I have also added mainpool
>
> I've added the following to sql on radgroupcheck
> testing Pool-Name := mainpool
>
> radius -X (
> rlm_sql (sql): Released sql socket id: 4
>   modcall[authorize]: module "sql" returns ok for request 0
> modcall: group authorize returns ok for request 0
>   rad_check_password:  Found Auth-Type MS-CHAP
> auth: type "MS-CHAP"
> modcall: entering group Auth-Type for request 0
>   rlm_mschap: doing MS-CHAPv2 with NT-Password
> rlm_mschap: adding MS-CHAPv2 MPPE keys
>   modcall[authenticate]: module "mschap" returns ok for request 0
> modcall: group Auth-Type returns ok for request 0
> Login OK: [testing] (from client 192.168.4.1 port 0)
> modcall: entering group post-auth for request 0
> rlm_ippool: Could not find nas port information. Return NOOP.
>   modcall[post-auth]: module "mainpool" returns noop for request 0
> radius_xlat:  '/var/log/radacct/192.168.4.1/reply-detail-20040731'
>
> Thanks
> Barry
>
> - Original Message - 
> From: "Barry Murphy" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, July 31, 2004 6:14 PM
> Subject: Group ip pools
>
>
> > Hi,
> >
> > I'm trying to setup ippools on a per group basis, I tried examples from
> the
> > below and couldn't get it to work. Any ideas?
> >
> >
http://lists.cistron.nl/pipermail/freeradius-users/2001-August/001482.html
> > >DEFAULTGroup == "dialupnf", Auth-Type := System
> > >Service-Type == Framed-User,
> > >Framed-IP-Address = 10.10.10.1+,
> > >Fall-Through = No
> >
> >
> >
>
http://listserver.uk.freebsd.org/pipermail/freebsd-users/2003-May/007864.html
> > > robing Auth-Type := Local, User-Password == "password"
> > >Service-Type = Framed-User,
> > >Framed-Protocol = PPP,
> > >Framed-IP-Address = 195.8.182.0,
> > >Framed-IP-Netmask = 255.255.255.0,
> >
> >
> > -
> > List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-31 Thread Barry Murphy
I'm guessing I can just use ip pools from the radius.conf which I have tried
to do but it isn't working...

ippool mainpool {
range-start = 219.88.249.73
range-stop = 219.88.249.80
netmask = 255.255.255.255
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
}


under accounting{} I have added mainpool
under post-auth {} I have also added mainpool

I've added the following to sql on radgroupcheck
testing Pool-Name := mainpool

radius -X (
rlm_sql (sql): Released sql socket id: 4
  modcall[authorize]: module "sql" returns ok for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type MS-CHAP
auth: type "MS-CHAP"
modcall: entering group Auth-Type for request 0
  rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
  modcall[authenticate]: module "mschap" returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [testing] (from client 192.168.4.1 port 0)
modcall: entering group post-auth for request 0
rlm_ippool: Could not find nas port information. Return NOOP.
  modcall[post-auth]: module "mainpool" returns noop for request 0
radius_xlat:  '/var/log/radacct/192.168.4.1/reply-detail-20040731'

Thanks
Barry

- Original Message - 
From: "Barry Murphy" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, July 31, 2004 6:14 PM
Subject: Group ip pools


> Hi,
>
> I'm trying to setup ippools on a per group basis, I tried examples from
the
> below and couldn't get it to work. Any ideas?
>
> http://lists.cistron.nl/pipermail/freeradius-users/2001-August/001482.html
> >DEFAULTGroup == "dialupnf", Auth-Type := System
> >Service-Type == Framed-User,
> >Framed-IP-Address = 10.10.10.1+,
> >Fall-Through = No
>
>
>
http://listserver.uk.freebsd.org/pipermail/freebsd-users/2003-May/007864.html
> > robing Auth-Type := Local, User-Password == "password"
> >Service-Type = Framed-User,
> >Framed-Protocol = PPP,
> >Framed-IP-Address = 195.8.182.0,
> >Framed-IP-Netmask = 255.255.255.0,
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Group ip pools

2004-07-30 Thread Bruce A. Friend
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th.

Bruce Friend


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Group ip pools

2004-07-30 Thread Barry Murphy
Hi,

I'm trying to setup ippools on a per group basis, I tried examples from the
below and couldn't get it to work. Any ideas?

http://lists.cistron.nl/pipermail/freeradius-users/2001-August/001482.html
>DEFAULTGroup == "dialupnf", Auth-Type := System
>Service-Type == Framed-User,
>Framed-IP-Address = 10.10.10.1+,
>Fall-Through = No


http://listserver.uk.freebsd.org/pipermail/freebsd-users/2003-May/007864.html
> robing Auth-Type := Local, User-Password == "password"
>Service-Type = Framed-User,
>Framed-Protocol = PPP,
>Framed-IP-Address = 195.8.182.0,
>Framed-IP-Netmask = 255.255.255.0,


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html