IP Pools How ?
Hello ; New to this great mailing list and the whole linux world so please bare with me. :) Im using FreeRADIUS Version 1.1.7 with fedora core 10 and my freeradius frontend is DMA Softlabs Radius Manager. http://www.dmasoftlab.com/cont/home My clients are authenticating through distrubuted remote pppoe servers on a wireless network. I want to use freeradius Ip Pool functionality to assign dynamic public IPs to customers since my frontend doesnt support that feature. Is there a step by step approach on how to do it ? is just modyfying the radius.conf and users file is enough? Do i have to create any sql tables for this ? Thanks and greetings from Northern Cyprus - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pools How ?
Hi Dogus:
In addition to the radiusd.conf and users file config that I assume you've
already figured out, you have to define the pool names in raddb/default if
you're going to use any pool name other than main_pool. ie:
# Return an address to the IP Pool when we see a stop record.
# main_pool
custom_pool
Here I commented out main_pool and defined two new ones, which I
configured in radiusd.conf:
ippool custom_pool {
range-start = 192.168.99.101
range-stop = 192.168.99.253
netmask = 255.255.255.0
cache-size = 251
session-db = ${db_dir}/db.custom_ippool
ip-index = ${db_dir}/db.custom_ipindex
override = yes
}
Then in users:
DEFAULT Group == vpn_users, Pool-Name :=custom_pool
Framed-Protocol == PPP,
Framed-Compression = Van-Jacobson-TCP-IP
Where vpn_users is a unix group on the radius server. Make sure to
remove the db.* files any time you make changes to the pool addresses.
You can define as many pools as you want like this. It's not all readily
apparent in any docs I found (at least not the first part), but there are
examples for the pools in radiusd.conf and users file.
HTH,
On Tue, 23 Jun 2009, Dogus Yalman wrote:
Hello ;
New to this great mailing list and the whole linux world so please bare with
me. :)
Im using FreeRADIUS Version 1.1.7 with fedora core 10 and my freeradius
frontend is DMA Softlabs Radius Manager.
http://www.dmasoftlab.com/cont/home
My clients are authenticating through distrubuted remote pppoe servers on a
wireless network.
I want to use freeradius Ip Pool functionality to assign dynamic public IPs to
customers since my frontend doesnt support that feature.
Is there a step by step approach on how to do it ? is just modyfying the
radius.conf and users file is enough? Do i have to create any sql tables for
this ?
Thanks and greetings from Northern Cyprus
James Smallacombe PlantageNet, Inc. CEO and Janitor
u...@3.am http://3.am
=
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: R: freeradius and IP pools
Mon Dec 15 10:38:11 2008 : Info: No Pool-Name defined (did cli port user us...@without_ip) Tecnically the authentication works fine, I want only understand if I can avoid this message. Don't log it. You will need to alter the code for that. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: R: freeradius and IP pools
-Messaggio originale-
Da: freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org
[mailto:freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org] Per
conto di t...@kalik.net
Inviato: venerdì 12 dicembre 2008 18.00
A: FreeRadius users mailing list
Oggetto: Re: R: freeradius and IP pools
OK. I have in proxy.conf:
realm with_ip {
authhost= LOCAL
accthost= LOCAL
realm without_ip {
authhost= LOCAL
accthost= LOCAL
Next I have mysql tables containing usernames:
mysql select * from radcheck;
++--+-+++---+
| id | username | realm | attribute | op | value |
++--+-+++---+
| 1 | user | with_ip | Cleartext-Password | := | ip|
++--+-+++---+
mysql select * from radgroupcheck;
++-+---++--+
| id | groupname | attribute | op | value|
++-+---++--+
| 1 | withipgroup | Pool-Name | := | ip_pool |
++-+---++--+
mysql select * from radippool;
++---+-+
| id | pool_name | framedipaddress |
++---+-+
| 1 | ip_pool | 10.0.0.1|
| 2 | ip_pool | 10.0.0.2|
++---+-+
mysql select * from radusergroup;
+--+-+-+--+
| username | realm | groupname | priority |
+--+-+-+--+
| user | with_ip | withipgroup |1 |
+--+-+-+--+
That's good for ip-provided users and it works. But I need to understand
how
to configure the second user, the without-ip one.
Make just radcheck entry for that one.
Ivan Kalik
Kalik Informatika ISP
I configured user2 in radcheck table
++--++++---+
| id | username | realm | attribute | op | value |
++--++++---+
| 1 | user1| with_ip| Cleartext-Password | := | ip|
| 2 | user2| without_ip | Cleartext-Password | := | noip |
++--++++---+
without group membership for this user2. In radius.log I see this message:
Mon Dec 15 10:38:11 2008 : Info: No Pool-Name defined (did cli port
user us...@without_ip)
Tecnically the authentication works fine, I want only understand if I can
avoid this message.
Thanks, Arrigo.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: freeradius and IP pools
If both users are the same, it is better to configure just one user and make checks stripping the realm. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968398337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
freeradius and IP pools
Hi. I need to use freeradius in multiple ways. I mean: based on realm, I need to assign or not an IP address. For example: u...@with_ip has to receive an IP from configured RADIPPOOL table u...@without_ip has only to be authenticated (a user who log to a portal, for example). How can I make it possibile? Where can I setup this behaviuor? Thanks. Arrigo. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: freeradius and IP pools
For example: u...@with_ip has to receive an IP from configured RADIPPOOL table u...@without_ip has only to be authenticated (a user who log to a portal, for example). How can I make it possibile? Where can I setup this behaviuor? Create those realms as local realms in proxy.conf. Put: DEFAULT Realm == with_ip, Pool-Name:= your_pool_name in users file. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
R: freeradius and IP pools
OK. I have in proxy.conf:
realm with_ip {
authhost= LOCAL
accthost= LOCAL
realm without_ip {
authhost= LOCAL
accthost= LOCAL
Next I have mysql tables containing usernames:
mysql select * from radcheck;
++--+-+++---+
| id | username | realm | attribute | op | value |
++--+-+++---+
| 1 | user | with_ip | Cleartext-Password | := | ip|
++--+-+++---+
mysql select * from radgroupcheck;
++-+---++--+
| id | groupname | attribute | op | value|
++-+---++--+
| 1 | withipgroup | Pool-Name | := | ip_pool |
++-+---++--+
mysql select * from radippool;
++---+-+
| id | pool_name | framedipaddress |
++---+-+
| 1 | ip_pool | 10.0.0.1|
| 2 | ip_pool | 10.0.0.2|
++---+-+
mysql select * from radusergroup;
+--+-+-+--+
| username | realm | groupname | priority |
+--+-+-+--+
| user | with_ip | withipgroup |1 |
+--+-+-+--+
That's good for ip-provided users and it works. But I need to understand how
to configure the second user, the without-ip one.
Arrigo
-Messaggio originale-
Da: freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org
[mailto:freeradius-users-bounces+a.savio=bascom...@lists.freeradius.org] Per
conto di t...@kalik.net
Inviato: venerdì 12 dicembre 2008 17.02
A: FreeRadius users mailing list
Oggetto: Re: freeradius and IP pools
For example:
u...@with_ip
has to receive an IP from configured RADIPPOOL table
u...@without_ip
has only to be authenticated (a user who log to a portal, for example).
How can I make it possibile? Where can I setup this behaviuor?
Create those realms as local realms in proxy.conf. Put:
DEFAULT Realm == with_ip, Pool-Name:= your_pool_name
in users file.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: R: freeradius and IP pools
OK. I have in proxy.conf:
realm with_ip {
authhost= LOCAL
accthost= LOCAL
realm without_ip {
authhost= LOCAL
accthost= LOCAL
Next I have mysql tables containing usernames:
mysql select * from radcheck;
++--+-+++---+
| id | username | realm | attribute | op | value |
++--+-+++---+
| 1 | user | with_ip | Cleartext-Password | := | ip|
++--+-+++---+
mysql select * from radgroupcheck;
++-+---++--+
| id | groupname | attribute | op | value|
++-+---++--+
| 1 | withipgroup | Pool-Name | := | ip_pool |
++-+---++--+
mysql select * from radippool;
++---+-+
| id | pool_name | framedipaddress |
++---+-+
| 1 | ip_pool | 10.0.0.1|
| 2 | ip_pool | 10.0.0.2|
++---+-+
mysql select * from radusergroup;
+--+-+-+--+
| username | realm | groupname | priority |
+--+-+-+--+
| user | with_ip | withipgroup |1 |
+--+-+-+--+
That's good for ip-provided users and it works. But I need to understand how
to configure the second user, the without-ip one.
Make just radcheck entry for that one.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
syntax errors on mysql ip pools
Hello,
I've been trying for a few days to configure a new freeradius server with
mysql IP pools support and I noticed there's a few errors with the syntax of
some queries on sqlippool.conf for mysql.
First of all, some queries would never match because the schema provided
with freeradius for the radippools table would set the 'expiry_time' field
as default to NULL and then the queries would try something like expiry_time
NOW(), which would never match if the field as NULL.
So, the correct schema for the database would be:
CREATE TABLE radippool (
id int(11) unsigned NOT NULL auto_increment,
pool_name varchar(30) NOT NULL,
framedipaddress varchar(15) NOT NULL default '',
nasipaddress varchar(15) NOT NULL default '',
calledstationid VARCHAR(30) NOT NULL,
callingstationid VARCHAR(30) NOT NULL,
expiry_time DATETIME NOT NULL,
username varchar(64) NOT NULL default '',
pool_key varchar(30) NOT NULL,
PRIMARY KEY (id)
);
And the, the complete ippool.conf should be:
-- begin ---
# ## This series of queries allocates an IP address
allocate-clear = UPDATE ${ippool_table} \
SET nasipaddress = '', pool_key = 0, \
callingstationid = '', username = '', \
expiry_time = '-00-00' \
WHERE pool_key = '${pool-key}'
## This series of queries allocates an IP address
## (Note: If your pool-key is set to Calling-Station-Id and not NAS-Port
## then you may wish to delete the AND nasipaddress = '%{Nas-IP-Address}'
## from the WHERE clause)
allocate-clear = UPDATE ${ippool_table} \
SET nasipaddress = '', pool_key = 0, \
callingstationid = '', username = '', \
expiry_time = '-00-00' \
WHERE expiry_time = NOW() - INTERVAL 1 SECOND \
AND nasipaddress = '%{Nas-IP-Address}'
## The ORDER BY clause of this query tries to allocate the same IP-address
## which user had last session...
allocate-find = SELECT framedipaddress FROM ${ippool_table} \
WHERE pool_name = '%{control:Pool-Name}' AND expiry_time NOW() \
ORDER BY (username '%{User-Name}'), \
(callingstationid '%{Calling-Station-Id}'), \
expiry_time \
LIMIT 1 \
FOR UPDATE
# ## If you prefer to allocate a random IP address every time, i
# ## use this query instead
# allocate-find = SELECT framedipaddress FROM ${ippool_table} \
# WHERE pool_name = '%{control:Pool-Name}' \
# AND expiry_time IS NULL \
# ORDER BY RAND() \
# LIMIT 1 \
# FOR UPDATE
## If an IP could not be allocated, check to see if the pool exists or not
## This allows the module to differentiate between a full pool and no pool
## Note: If you are not running redundant pool modules this query may be
## commented out to save running this query every time an ip is not
allocated.
pool-check = SELECT id FROM ${ippool_table} \
WHERE pool_name='%{control:Pool-Name}' LIMIT 1
## This is the final IP Allocation query, which saves the allocated ip
details
allocate-update = UPDATE ${ippool_table} \
SET nasipaddress = '%{NAS-IP-Address}', pool_key = '${pool-key}', \
callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', \
expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \
WHERE framedipaddress = '%I'
## This series of queries frees an IP number when an accounting
## START record arrives
start-update = UPDATE ${ippool_table} \
SET expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \
WHERE nasipaddress = '%{NAS-IP-Address}' AND pool_key = '${pool-key}'
## This series of queries frees an IP number when an accounting
## STOP record arrives
stop-clear = UPDATE ${ippool_table} \
SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '',
\
expiry_time = '-00-00' \
WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool-key}' \
AND username = '%{User-Name}' \
AND callingstationid = '%{Calling-Station-Id}' \
AND framedipaddress = '%{Framed-IP-Address}'
## This series of queries frees an IP number when an accounting
## ALIVE record arrives
alive-update = UPDATE ${ippool_table} \
SET expiry_time = NOW() + INTERVAL ${lease-duration} SECOND \
WHERE nasipaddress = '%{Nas-IP-Address}' AND pool_key = '${pool-key}' \
AND username = '%{User-Name}' \
AND callingstationid = '%{Calling-Station-Id}' \
AND framedipaddress = '%{Framed-IP-Address}'
## This series of queries frees the IP numbers allocate to a
## NAS when an accounting ON record arrives
on-clear = UPDATE ${ippool_table} \
SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '',
\
expiry_time = '-00-00' \
WHERE nasipaddress = '%{Nas-IP-Address}'
## This series of queries frees the IP numbers allocate to a
## NAS when an accounting OFF record arrives
off-clear = UPDATE ${ippool_table} \
SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '',
\
expiry_time = '-00-00' \
WHERE nasipaddress = '%{Nas-IP-Address}'
-- end of file --
I might add I'm not any Mysql expert so any opinions about what I said are
really welcome... I've tested it and apparently it works and I couldn't find
any
Re: Help with IP Pools and multiple ranges with same pool name
Dave wrote: I cant seem to find the relative documentation or examples, but I want to have an IP pool pool2 with multiple range-start and range-stop IP ranges in it, but Im not sure how to put together the config for it. You configure multiple instances of the pool module, one for each start/stop range. You will also need to have per-pool session DB's and IP index DB's. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Help with IP Pools and multiple ranges with same pool name
Dave wrote:
I cant seem to find the relative documentation or examples, but I want
to have an IP pool pool2 with multiple range-start and range-stop IP
ranges in it, but Im not sure how to put together the config for it.
Can't be done. You'd need to use sqlippool for that.
Something like this?
*ippool* pool2 {
range-start = 208.64.35.2
range-start = 208.5.60.100
range-stop = 208.64.35.254
range-stop = 208.5.60.200
netmask = 255.255.255.255
cache-size = 253
session-db = ${raddbdir}/db.*ippool*
*ip*-index = ${raddbdir}/db.*ipindex*
override = no
maximum-timeout = 0
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Help with IP Pools and multiple ranges with same pool name
I cant seem to find the relative documentation or examples, but I want
to have an IP pool pool2 with multiple range-start and range-stop IP
ranges in it, but Im not sure how to put together the config for it.
Something like this?
*ippool* pool2 {
range-start = 208.64.35.2
range-start = 208.5.60.100
range-stop = 208.64.35.254
range-stop = 208.5.60.200
netmask = 255.255.255.255
cache-size = 253
session-db = ${raddbdir}/db.*ippool*
*ip*-index = ${raddbdir}/db.*ipindex*
override = no
maximum-timeout = 0
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Multipls IP Pools
Hi, I have different Wireless Access Points across the students campus. Each of them support Radius Authentication for users. My question is: Based on Client (i.e. AP) IP address, can i assign different ip pools to them ?? Plz suggest. Regards -Azher -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Multipls IP Pools
On Sun 01 Apr 2007 20:28, Azher Amin wrote: Hi, I have different Wireless Access Points across the students campus. Each of them support Radius Authentication for users. My question is: Based on Client (i.e. AP) IP address, can i assign different ip pools to them ?? You may easily assign different IP Pools to different NAS. However in your case you are using WiFi which is assigns IPs with the DHCP protocol, NOT with RADIUS. See: http://wiki.freeradius.org/DHCP FreeRADIUS does not at present support IP assignment via DHCP, only via RADIUS.. -- Peter Nixon http://www.peternixon.net/ PGP Key: http://www.peternixon.net/public.asc - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
FREERADIUS USING IP POOLS
HOW CAN I USE IP POOLS WITH FREERADIUS, MY NAS is a cisco Linksys WRT54Gnow im working with freeradius 1.1.3 and mysql 5.02in ubuntu drapper and is working fine, i have my users stored in the radcheck table, but iwant to dividethe users in two groups and assing a different range of ip pools to each group of users dynamically so i want to know how can i create two ippools and assing dinamically this ips to the users of the radcheck table depending if they belong to a group A or a group B. help please! thanks in advance!!! EDUARDOLlamadas grátis de PC a PC Haz clic aquí - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FREERADIUS USING IP POOLS
Read the documentation in radiusd.conf, and experimental.conf. It's all there. You need two rlm_ippool modules instantiated, and placed in the postauth and accounting sections of the config file. You also need to add Pool-Name := pool1name in radgroupcheck under the name of group 1, and the same again for pool 2/group 2. Post what you come up with if you need further help - this configuration is in the documentation. Jan On 15/12/06, Tomas Eduardo Lotina Ramos [EMAIL PROTECTED] wrote: HOW CAN I USE IP POOLS WITH FREERADIUS, MY NAS is a cisco Linksys WRT54G now im working with freeradius 1.1.3 and mysql 5.02 in ubuntu drapper and is working fine, i have my users stored in the radcheck table, but i want to divide the users in two groups and assing a different range of ip pools to each group of users dynamically so i want to know how can i create two ippools and assing dinamically this ips to the users of the radcheck table depending if they belong to a group A or a group B. help please! thanks in advance!!! EDUARDO -- Llamadas grátis de PC a PC Haz clic aquí http://g.msn.com/8HMBESMX/2749??PS=47575 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FREERADIUS USING IP POOLS
Tomas Eduardo Lotina Ramos wrote: HOW CAN I USE IP POOLS WITH FREERADIUS, MY NAS is a cisco Linksys WRT54G Which is doing wireless, right? You will need a DHCP server to assign IP addresses. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP Pools
Hi All, I need some assistance with assigning IP addresses from a pool to certain clients. The way I have it setup is doing AUTH through a mysql database, this all works briliantly. Now currently my NAS Server is actually giving out the IP addresses to the clients, I can overwrite it using Framed-IP-Address and then it gets a different IP. I want my radius server to get an IP out of a pool for each client, If the client is in a group called hardcapped it should give them a ip out of a different IP Pool. Otherwise it should pull A IP from the main_pool. Any suggestions? -- Kind Regards, Michael da Silva Pereira -- Office: 0861 74 73 72 Mobile: +27 84 245 2376 Fax:086 657 5004 Email: [EMAIL PROTECTED] Skype: michael_da_silva_pereira skype:michael_da_silva_pereira?add MSN:[EMAIL PROTECTED] msnim:[EMAIL PROTECTED] -- Tradepage.netBusiness on the Internet SA Business Directoryhttp://www.tradepage.co.za/ Internet Products Services http://www.tradepage.net/ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Configure IP Pools
Hi,
I´ve got freeradius instaled on redhat enterprise 3, configured and working :-)
But now I need to create a diferents IP pools, I tryed to do it but I can't :-(
I´ve created two ippool on radiusd.conf.
#
ippool main_pool {
# range-start,range-stop: The start and end ip
# addresses for the ip pool
range-start = 192.168.1.1
range-stop = 192.168.3.254
# netmask: The network mask used for the ip's
netmask = 255.255.255.0
# cache-size: The gdbm cache size for the db
# files. Should be equal to the number of ip's
# available in the ip pool
cache-size = 800
# session-db: The main db file used to allocate ip's to clients
session-db = ${raddbdir}/db.ippool
# ip-index: Helper db index file used in multilink
ip-index = ${raddbdir}/db.ipindex
# override: Will this ippool override a
Framed-IP-Address already set
override = no
# maximum-timeout: If not zero specifies the maximum
time in seconds an
# entry may be active. Default: 0
maximum-timeout = 0
}
ippool General {
range-start = 192.168.75.1
range-stop = 192.168.75.126
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
If I configure the user to take an static IP it works fine, but when I
try to take from IP pool it doesn´t works.
javi Auth-Type := Local, User-Password == 123456
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.77.35,
Framed-IP-Netmask = 255.255.255.255,
Ascend-Maximum-Time = 28800,
Ascend-Idle-Limit = 1800
ion Auth-Type := Local, User-Password == 123456
Pool-Name := General
Service-Type = Framed-User,
Framed-Protocol = PPP,
Ascend-Assign-IP-Pool = 7,
Ascend-Maximum-Time = 28800,
Ascend-Idle-Limit = 1800
Any idea?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Configure IP Pools
Hi
Try to put the IP-Pool in check items (not reply items)
miguel
-Message d'origine-
De : [EMAIL PROTECTED] [mailto:freeradius-
[EMAIL PROTECTED] De la part de DK
Envoyé : vendredi 24 juin 2005 11:45
À : freeradius-users@lists.freeradius.org
Objet : Configure IP Pools
Hi,
I´ve got freeradius instaled on redhat enterprise 3, configured and
working :-)
But now I need to create a diferents IP pools, I tryed to do it but I
can't :-(
I´ve created two ippool on radiusd.conf.
#
ippool main_pool {
# range-start,range-stop: The start and end ip
# addresses for the ip pool
range-start = 192.168.1.1
range-stop = 192.168.3.254
# netmask: The network mask used for the ip's
netmask = 255.255.255.0
# cache-size: The gdbm cache size for the db
# files. Should be equal to the number of ip's
# available in the ip pool
cache-size = 800
# session-db: The main db file used to allocate ip's to
clients
session-db = ${raddbdir}/db.ippool
# ip-index: Helper db index file used in multilink
ip-index = ${raddbdir}/db.ipindex
# override: Will this ippool override a
Framed-IP-Address already set
override = no
# maximum-timeout: If not zero specifies the maximum
time in seconds an
# entry may be active. Default: 0
maximum-timeout = 0
}
ippool General {
range-start = 192.168.75.1
range-stop = 192.168.75.126
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
maximum-timeout = 0
}
If I configure the user to take an static IP it works fine, but when I
try to take from IP pool it doesn´t works.
javi Auth-Type := Local, User-Password == 123456
Service-Type = Framed,
Framed-Protocol = PPP,
Framed-IP-Address = 192.168.77.35,
Framed-IP-Netmask = 255.255.255.255,
Ascend-Maximum-Time = 28800,
Ascend-Idle-Limit = 1800
ion Auth-Type := Local, User-Password == 123456
Pool-Name := General
Service-Type = Framed-User,
Framed-Protocol = PPP,
Ascend-Assign-IP-Pool = 7,
Ascend-Maximum-Time = 28800,
Ascend-Idle-Limit = 1800
Any idea?
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
dynamic client ip pools
Hi Guys, Im not sure which forum to post this to, freeradius or poptop?. i've been using poptop and freeradius now for a while and it works great, im using dynamic ip addresses for clients via poptop, so trying to keep everything dynamic. My problem is that i want to have diffrent ip pools for diffrent clients to connect to the internet, I want to be able to put a certain ip pool range through a slow connection and another via a fast connection at the moment i route every 30 ips addresses through a specific internet connection and so forth, My service provider does a proxy radius for for our adsl resell service and I can specify diffrent pools with Cisco-AVPair, but i guess that is cisco related? Please advice if this is possible? Thanks Jandre -- Regards Jandre Some people are alive only because it is illegal to kill them. _ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pools distributed on multiple FreeRADIUS Servers
On Sat, 7 May 2005, Nizar Shana'ah wrote: Hello all, I have two freeRADIUS Server, the second one is used for redundancy, how can i distribute the IP pools and have full redundancy, I am afraid of the conflicts that this may cause, I dont want them leasing the same IP to multiple clients when something happens and the other server is down. See bug #46 http://bugs.freeradius.org/show_bug.cgi?id=46 rlm_ippool should also renew ip address leasing informatio on accounting-start packets to achieve full redundancy (as long as accounting relaying works fine). Right now the lease databases are only synchronized on accounting-stop packets which means that a backup server *may* give out an ip already taken. BR - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
IP Pools distributed on multiple FreeRADIUS Servers
Hello all, I have two freeRADIUS Server, the second one is used for redundancy, how can i distribute the IP pools and have full redundancy, I am afraid of the conflicts that this may cause, I dont want them leasing the same IP to multiple clients when something happens and the other server is down. BR - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Give 2 ip pools to the clients
On Fri, 1 Apr 2005, eDoS wrote:
Hi,
i get alocation 2 network of ip,
the range is :
192.168.2.1 - 192.168.2.14
192.168.5.1 - 192.168.5.14
my conf :
ippool pool1 {
range-start = 192.168.2.1
range-stop = 192.168.2.14
netmask = 255.255.255.0
cache-size = 14
session-db = ${raddbdir}/db.ippool1
ip-index = ${raddbdir}/db.ipindex1
}
ippool pool2 {
range-start = 192.168.5.1
range-stop = 192.168.5.14
netmask = 255.255.255.0
cache-size = 14
session-db = ${raddbdir}/db.ippool2
ip-index = ${raddbdir}/db.ipindex2
}
i want to give all ip alocation to all of clients.
i have use just 1 network of ip but sometimes my clients couldn't get any more
ip.
is there any way to give 2 attribute pool-name (pool1 pool2) ?
You can set Pool-Name to DEFAULT to match all ippool modules.
best regards,
eDoS
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Give 2 ip pools to the clients
thank you kostas,
but i have another problem if there is 1 network of public ip,
ippool public {
range-start = 223.xxx.xxx.xxx
range-stop = 223.xxx.xxx.xxx
netmask = 255.255.255.0
cache-size = 62
session-db = ${raddbdir}/db.ippublic
ip-index = ${raddbdir}/db.ippublic_idx
}
and i want to separate my public users and my private users,
if i use DEFAULT value for Pool-Name it will be including public ip.
is there a way that just give pool1 and pool2 to my private users ?
regards
eDoS
- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Monday, April 04, 2005 6:32 PM
Subject: Re: Give 2 ip pools to the clients
On Fri, 1 Apr 2005, eDoS wrote:
Hi,
i get alocation 2 network of ip,
the range is :
192.168.2.1 - 192.168.2.14
192.168.5.1 - 192.168.5.14
my conf :
ippool pool1 {
range-start = 192.168.2.1
range-stop = 192.168.2.14
netmask = 255.255.255.0
cache-size = 14
session-db = ${raddbdir}/db.ippool1
ip-index = ${raddbdir}/db.ipindex1
}
ippool pool2 {
range-start = 192.168.5.1
range-stop = 192.168.5.14
netmask = 255.255.255.0
cache-size = 14
session-db = ${raddbdir}/db.ippool2
ip-index = ${raddbdir}/db.ipindex2
}
i want to give all ip alocation to all of clients.
i have use just 1 network of ip but sometimes my clients couldn't get
any more ip.
is there any way to give 2 attribute pool-name (pool1 pool2) ?
You can set Pool-Name to DEFAULT to match all ippool modules.
best regards,
eDoS
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Give 2 ip pools to the clients
On Mon, 4 Apr 2005, eDoS wrote:
thank you kostas,
but i have another problem if there is 1 network of public ip,
ippool public {
range-start = 223.xxx.xxx.xxx
range-stop = 223.xxx.xxx.xxx
netmask = 255.255.255.0
cache-size = 62
session-db = ${raddbdir}/db.ippublic
ip-index = ${raddbdir}/db.ippublic_idx
}
and i want to separate my public users and my private users,
if i use DEFAULT value for Pool-Name it will be including public ip.
is there a way that just give pool1 and pool2 to my private users ?
You can also use the Post-Auth attribute. Use the public ippool module for
public users and put pool1 and pool2 in a Post-Auth section available only to
private users:
users (example!!):
#private
DEFAULT Group == private, Pool-Name := DEFAULT, Post-Auth := private
#public
DEFAULT Pool-Name := public
postauth {
public
Post-Auth private {
pool1
pool2
}
}
Hope you get the picture.
regards
eDoS
- Original Message -
From: Kostas Kalevras [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Sent: Monday, April 04, 2005 6:32 PM
Subject: Re: Give 2 ip pools to the clients
On Fri, 1 Apr 2005, eDoS wrote:
Hi,
i get alocation 2 network of ip,
the range is :
192.168.2.1 - 192.168.2.14
192.168.5.1 - 192.168.5.14
my conf :
ippool pool1 {
range-start = 192.168.2.1
range-stop = 192.168.2.14
netmask = 255.255.255.0
cache-size = 14
session-db = ${raddbdir}/db.ippool1
ip-index = ${raddbdir}/db.ipindex1
}
ippool pool2 {
range-start = 192.168.5.1
range-stop = 192.168.5.14
netmask = 255.255.255.0
cache-size = 14
session-db = ${raddbdir}/db.ippool2
ip-index = ${raddbdir}/db.ipindex2
}
i want to give all ip alocation to all of clients.
i have use just 1 network of ip but sometimes my clients couldn't get
any more ip.
is there any way to give 2 attribute pool-name (pool1 pool2) ?
You can set Pool-Name to DEFAULT to match all ippool modules.
best regards,
eDoS
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Problem with ip pools
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start = 192.168.52.2
range-stop = 192.168.52.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
Everything is working well for some days then my clients could not get
anymore ips from the radius. I've found a way to correct this by deletinf
the db.ip* files and restarting the radius but this is not *clean*.
Is there a way to dump the content of the ippool database ?
I want to understand how ips are freed from the pool because I think that
there's a problem when a client disconnects. It seems that ips stay in the
pool as used even if the client has disconnected.
Thanks in advance for your help.
Regargs,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ip pools
On Thu, 31 Mar 2005, Sbastien Cantos wrote:
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start = 192.168.52.2
range-stop = 192.168.52.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
Everything is working well for some days then my clients could not get
anymore ips from the radius. I've found a way to correct this by deletinf
the db.ip* files and restarting the radius but this is not *clean*.
Is there a way to dump the content of the ippool database ?
I want to understand how ips are freed from the pool because I think that
there's a problem when a client disconnects. It seems that ips stay in the
pool as used even if the client has disconnected.
Thanks in advance for your help.
There's rlm_ippool_tool which might help you in src/modules/rlm_ippool.
rlm_ippool depends on accounting working ok. If it is not working then you might
get into problems. The module *does* have a few more methods of finding out
stale records and deleting them:
1. maximum-timeout directive. You can set that to the maximum session time
expected in your network (if that can be calculated) in order to make sure no ip
remains active for more time than maximum-timeout.
2. Each time an authentication request is performed from a nas ip/port pair
which has already an ip allocated that ip is cleaned up. That means that as long
as your ip pool is as large as your nas ports number it will be difficult to run
out of available ip's.
My suggestion is to make sure you don't run an old version of the module (older
version did have problems) and to take a closer look at how well your accounting
works.
Regargs,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
RE: Problem with ip pools
Hi,
The main_pool line in the accounting section of the radiusd.conf file was
commented ... Maybe that was my mistake.
Ok for the rlm_ippool_tool I'm gonna use it to see if my modification of
radiusd.conf is working or not. I was not using accounting at all so I forgot
about it but it seems that I will have to configure it well to get the ip_pool
working.
Thank for answering.
Best regards,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
part de Kostas Kalevras
Envoy : jeudi 31 mars 2005 13:47
: freeradius-users@lists.freeradius.org
Objet : Re: Problem with ip pools
On Thu, 31 Mar 2005, Sbastien Cantos wrote:
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start = 192.168.52.2
range-stop = 192.168.52.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
Everything is working well for some days then my clients
could not get
anymore ips from the radius. I've found a way to correct
this by deletinf
the db.ip* files and restarting the radius but this is not *clean*.
Is there a way to dump the content of the ippool database ?
I want to understand how ips are freed from the pool
because I think that
there's a problem when a client disconnects. It seems that
ips stay in the
pool as used even if the client has disconnected.
Thanks in advance for your help.
There's rlm_ippool_tool which might help you in
src/modules/rlm_ippool.
rlm_ippool depends on accounting working ok. If it is not
working then you might
get into problems. The module *does* have a few more methods
of finding out
stale records and deleting them:
1. maximum-timeout directive. You can set that to the maximum
session time
expected in your network (if that can be calculated) in order
to make sure no ip
remains active for more time than maximum-timeout.
2. Each time an authentication request is performed from a
nas ip/port pair
which has already an ip allocated that ip is cleaned up. That
means that as long
as your ip pool is as large as your nas ports number it will
be difficult to run
out of available ip's.
My suggestion is to make sure you don't run an old version of
the module (older
version did have problems) and to take a closer look at how
well your accounting
works.
Regargs,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Problem with ip pools
Still no luck. I made a connection, the disconnect but the IP it is always
in the databases. I would like to understand if accounting is working well.
Only thing I know is that files in
[EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8 are being
fullfiled. (192.168.10.8 is a cisco router which acts as a NAS forwarding
NAS requests).
[EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat
auth-detail-20050331
Packet-Type = Access-Request
Thu Mar 31 14:31:55 2005
Framed-Protocol = PPP
User-Name = masqued
CHAP-Password = masqued
NAS-Port-Type = Virtual
NAS-Port = 135
Calling-Station-Id = masqued
Called-Station-Id = masqued
Service-Type = Framed-User
NAS-IP-Address = 192.168.10.8
Client-IP-Address = 192.168.10.8
CHAP-Challenge = masqued
[EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat
reply-detail-20050331
Packet-Type = Access-Accept
Thu Mar 31 14:31:55 2005
Framed-Protocol = PPP
Framed-MTU = 576
Framed-IP-Address = 192.168.52.79
Framed-IP-Netmask = 255.255.255.0
Does this means that accounting is working ?
Regards,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
part de Sébastien Cantos
Envoyé : jeudi 31 mars 2005 14:26
À : freeradius-users@lists.freeradius.org
Objet : RE: Problem with ip pools
Hi,
The main_pool line in the accounting section of the
radiusd.conf file was commented ... Maybe that was my mistake.
Ok for the rlm_ippool_tool I'm gonna use it to see if my
modification of radiusd.conf is working or not. I was not
using accounting at all so I forgot about it but it seems
that I will have to configure it well to get the ip_pool working.
Thank for answering.
Best regards,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-Message d'origine-
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la
part de Kostas Kalevras
Envoyé : jeudi 31 mars 2005 13:47
À : freeradius-users@lists.freeradius.org
Objet : Re: Problem with ip pools
On Thu, 31 Mar 2005, S?bastien Cantos wrote:
Hi,
I'm using ip pools to manage my client ips from the radius side.
Here's my conf:
* users file :
DEFAULT Service-Type == Framed-User, Pool-Name := main_pool
Framed-Protocol = PPP,
Framed-MTU = 576
* radiusd.conf file:
ippool main_pool {
range-start = 192.168.52.2
range-stop = 192.168.52.254
netmask = 255.255.255.0
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
}
Everything is working well for some days then my clients
could not get
anymore ips from the radius. I've found a way to correct
this by deletinf
the db.ip* files and restarting the radius but this is
not *clean*.
Is there a way to dump the content of the ippool database ?
I want to understand how ips are freed from the pool
because I think that
there's a problem when a client disconnects. It seems that
ips stay in the
pool as used even if the client has disconnected.
Thanks in advance for your help.
There's rlm_ippool_tool which might help you in
src/modules/rlm_ippool.
rlm_ippool depends on accounting working ok. If it is not
working then you might
get into problems. The module *does* have a few more methods
of finding out
stale records and deleting them:
1. maximum-timeout directive. You can set that to the maximum
session time
expected in your network (if that can be calculated) in order
to make sure no ip
remains active for more time than maximum-timeout.
2. Each time an authentication request is performed from a
nas ip/port pair
which has already an ip allocated that ip is cleaned up. That
means that as long
as your ip pool is as large as your nas ports number it will
be difficult to run
out of available ip's.
My suggestion is to make sure you don't run an old version of
the module (older
version did have problems) and to take a closer look at how
well your accounting
works.
Regargs,
--
Sebastien Cantos [EMAIL PROTECTED]
Network / System Manager
Neopost DIVA
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Problem with ip pools
Sébastien Cantos [EMAIL PROTECTED] wrote: [EMAIL PROTECTED]:/usr/local/var/log/radius/radacct/192.168.10.8# cat reply-detail-20050331 Packet-Type = Access-Accept Does this means that accounting is working ? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Give 2 ip pools to the clients
Hi,
i get alocation 2network of ip,
the range is :
192.168.2.1 - 192.168.2.14
192.168.5.1 - 192.168.5.14
my conf :
ippool pool1
{
range-start =
192.168.2.1
range-stop =
192.168.2.14
netmask =
255.255.255.0
cache-size
=14
session-db =
${raddbdir}/db.ippool1
ip-index = ${raddbdir}/db.ipindex1
}
ippool pool2
{
range-start =
192.168.5.1
range-stop =
192.168.5.14
netmask =
255.255.255.0
cache-size
=14
session-db =
${raddbdir}/db.ippool2
ip-index = ${raddbdir}/db.ipindex2
}
i want to give all ip alocation to all of clients.
i haveuse just 1 network of ip but sometimes my clients couldn't get
any more ip.
is there any way to give 2 attribute pool-name (pool1 pool2) ?
best regards,
eDoS
Re: Using IP Pools
On Sat, 12 Mar 2005 15:15:58 +0200 (EET), Kostas Kalevras [EMAIL PROTECTED] wrote: --users-- DEFAULT NAS-IP-Address == $RAS-IP Framed-IP-Address = 255.255.255.254 DEFAULT NAS-IP-Address == $OTHER-NAS-IP, Pool-Name := pool1 DEFAULT NAS-IP-Address == $OTHER-NAS-IP2, Pool-Name := pool2 I haven't found a way to represent this in the mysql database. Am I correct in that these must be in the users file and cannot be placed in the database? If not, how do I represent this in the database? -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf Thanks! -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Using IP Pools
On Fri, 11 Mar 2005, Jason Frisvold wrote:
Hi all
I want to set up freeradius to use IP pools. I see the section in the
radius.conf file where I can set this up, but I'm a bit unsure of how
to proceed.
Currently we're using freeradius to authenticate dial-up users. The
RAS only needs to receive a Framed-IP-Address of 255.255.255.254 to
trigger the internal pools. Moving forward, we want to continue with
this, and also use freeradius for some other devices that don't have
internal IP Pools.
Is there a document somewhere that describes how to handle all of
this?
No there isn't. There is documentation for how the server works though. It's
your job to use them all together.
I believe I'm going to need multiple pools for this, depending
on the device that the user is authenticating on...
--users--
DEFAULT NAS-IP-Address == $RAS-IP
Framed-IP-Address = 255.255.255.254
DEFAULT NAS-IP-Address == $OTHER-NAS-IP, Pool-Name := pool1
DEFAULT NAS-IP-Address == $OTHER-NAS-IP2, Pool-Name := pool2
--radiusd.conf--
ippool pool1 {
[...]
}
ippool pool2 {
[...]
}
postauth{
pool1
pool2
[...]
}
Any help would be appreciated...
Thanks!
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED] National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Dynamic IP Pools on Freeradius
Hi all,
sorry to bother you, I searched all on google but didn`t find a solution,
either it is not designed as I think or I misunderstand something
So here the story :
I have to assign IP addresses via dynamic pools on Freeradius and via some
local pool on NAS. (requirement)
So I added in radiusd.conf
ippool my_pool {
some stuff , mostly copied form main_pool
}
in the usersfile I added a testuser
test Password == test, Pool-Name := my_pool
after restarting the server and some trying, I never got a IP returned from
Freeradius. I expected to see Framed-IP-Address attribute added to the user
with some IP of the specified pool. Is this how it should work or is my
assumption wrong.
When running radius in Debug mode (radiusd -X ) I just can see log messages
module my_pool returns NOOP
Did I miss something to configure ? I haven`t found much documentation about
radius based IP pools.
Sorry that I can`t post the whole debugging log currently, it`s located on a
PC in a non-internet connected area.
Any could help with this issue.
Thanks and regards
Michael
--
Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic IP Pools on Freeradius
rlm_ippool requires that the packet contain NAS-IP-Address and NAS-Port.
Are you sending those attributes?
If not, you may need to modify rlm_ippool to uniquely identify a user by
something else.
On Wed, 2 Feb 2005, Michael Kopp wrote:
Hi all,
sorry to bother you, I searched all on google but didn`t find a solution,
either it is not designed as I think or I misunderstand something
So here the story :
I have to assign IP addresses via dynamic pools on Freeradius and via some
local pool on NAS. (requirement)
So I added in radiusd.conf
ippool my_pool {
some stuff , mostly copied form main_pool
}
in the usersfile I added a testuser
test Password == test, Pool-Name := my_pool
after restarting the server and some trying, I never got a IP returned from
Freeradius. I expected to see Framed-IP-Address attribute added to the user
with some IP of the specified pool. Is this how it should work or is my
assumption wrong.
When running radius in Debug mode (radiusd -X ) I just can see log messages
module my_pool returns NOOP
Did I miss something to configure ? I haven`t found much documentation about
radius based IP pools.
Sorry that I can`t post the whole debugging log currently, it`s located on a
PC in a non-internet connected area.
Any could help with this issue.
Thanks and regards
Michael
--
Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Dynamic IP Pools on Freeradius
Hi Dustin,
thanks , that worked for me !
(didn`t know that the NAS-Port is necessary)
Regards
Michael
--__--__--
Message: 3
Date: Wed, 2 Feb 2005 10:39:32 -0500 (EST)
From: Dustin Doris [EMAIL PROTECTED]
To: freeradius-users@lists.freeradius.org
Subject: Re: Dynamic IP Pools on Freeradius
Reply-To: freeradius-users@lists.freeradius.org
rlm_ippool requires that the packet contain NAS-IP-Address and NAS-Port.
Are you sending those attributes?
If not, you may need to modify rlm_ippool to uniquely identify a user by
something else.
On Wed, 2 Feb 2005, Michael Kopp wrote:
Hi all,
sorry to bother you, I searched all on google but didn`t find a
solution,
either it is not designed as I think or I misunderstand something
So here the story :
I have to assign IP addresses via dynamic pools on Freeradius and via
some
local pool on NAS. (requirement)
So I added in radiusd.conf
ippool my_pool {
some stuff , mostly copied form main_pool
}
in the usersfile I added a testuser
test Password == test, Pool-Name := my_pool
after restarting the server and some trying, I never got a IP returned
from
Freeradius. I expected to see Framed-IP-Address attribute added to the
user
with some IP of the specified pool. Is this how it should work or is my
assumption wrong.
When running radius in Debug mode (radiusd -X ) I just can see log
messages
module my_pool returns NOOP
Did I miss something to configure ? I haven`t found much documentation
about
radius based IP pools.
Sorry that I can`t post the whole debugging log currently, it`s located
on a
PC in a non-internet connected area.
Any could help with this issue.
Thanks and regards
Michael
--
Sparen beginnt mit GMX DSL: http://www.gmx.net/de/go/dsl
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
GMX im TV ... Die Gedanken sind frei ... Schon gesehen?
Jetzt Spot online ansehen: http://www.gmx.net/de/go/tv-spot
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Regarding ip pools
You can return VSA with poolname. It depends on your NAS vendor. For example we use: USR-Framed_IP_Address_Pool_Name = poolname for our HiperArc. Hope this helps. Best Regards, athif abdul aziz wrote: Hi , Can anyone please give me idea as to how i can configure freeradius to assign addressess to dial-in users from an ip-pool ? Regards Athif -- George Chelidze - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pools question
Paul Hampson wrote: On Wed, Sep 22, 2004 at 04:20:23AM -0700, Evren Yurtesen wrote: Hello, I want to use the freeradius ip pools. I just wonder something though ever ip pool name I define should be included in the accounting and post-auth sections? Its kind of confusing, whats the point of defining the Pool-Name attribute in users file and then define the same name in accounting and post-auth sections? The Pool-Name attribute is attached to a RADIUS request, and is checked by the rlm_ippool module before any action is taken. Its existance does not depend on the rlm_ippool module, but nothing else (to my knowledge) uses it. Putting the pool name into the sections of the config file triggers the instance of the rlm_ipool module to act upon the current request, as it passes through that stage of processing. rlm_ippool allocates IP addresses when called from post-auth, and marks IP addresses as free again when called from accounting. I hope that clarifies things. So if I put the pool name to accounting and post-auth, then I dont have to have Pool-Name in users file? All the users would use the pool which is defined in accounting and post-auth? If I have to define every pool name in those sections. I mean what if I have 100 different pools? wouldnt it be just extra work to edit conf file every time in 2 different sections? But then why just above the main_pool says that it is REQUIRED to have Pool-Name? # The module also requires the existance of the Pool-Name # attribute. That way the administrator can add the Pool-Name # attribute in the user profiles and use different pools # for different users. The Pool-Name attribute is a *check* item not # a reply item. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pools question
On Wed, 22 Sep 2004, Evren Yurtesen wrote: So if I put the pool name to accounting and post-auth, then I dont have to have Pool-Name in users file? All the users would use the pool which is defined in accounting and post-auth? No, you HAVE to define the Pool-Name If I have to define every pool name in those sections. I mean what if I have 100 different pools? wouldnt it be just extra work to edit conf file every time in 2 different sections? 100 different pools are 100 different ippool module instances. So you need to add them in the accounting,post-auth sections. Though if you use 100 pools the ippool module won't be the best choise. But then why just above the main_pool says that it is REQUIRED to have Pool-Name? # The module also requires the existance of the Pool-Name # attribute. That way the administrator can add the Pool-Name # attribute in the user profiles and use different pools # for different users. The Pool-Name attribute is a *check* item not # a reply item. You need to set the Pool-Name. That's how the ippool module works, it needs the Pool-Name to make sure it is the one that should handle the corresponding request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
ip pools question
Hello, I want to use the freeradius ip pools. I just wonder something though ever ip pool name I define should be included in the accounting and post-auth sections? Its kind of confusing, whats the point of defining the Pool-Name attribute in users file and then define the same name in accounting and post-auth sections? Thanks, Evren - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: ip pools question
On Wed, Sep 22, 2004 at 04:20:23AM -0700, Evren Yurtesen wrote: Hello, I want to use the freeradius ip pools. I just wonder something though ever ip pool name I define should be included in the accounting and post-auth sections? Its kind of confusing, whats the point of defining the Pool-Name attribute in users file and then define the same name in accounting and post-auth sections? The Pool-Name attribute is attached to a RADIUS request, and is checked by the rlm_ippool module before any action is taken. Its existance does not depend on the rlm_ippool module, but nothing else (to my knowledge) uses it. Putting the pool name into the sections of the config file triggers the instance of the rlm_ipool module to act upon the current request, as it passes through that stage of processing. rlm_ippool allocates IP addresses when called from post-auth, and marks IP addresses as free again when called from accounting. I hope that clarifies things. -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
manage more ip pools with mysql tables
Thanks to doris. How can i modify sql tables to enable ippools function with only connection to mysql db and radiusd.conf file?? Thanks a lot -Messaggio originale- Da: Simone Giovanardi Inviato: venerdì 20 agosto 2004 16.21 A:'[EMAIL PROTECTED]' Oggetto: manage more ip pools Is it possible manage more thn one ippool in radiusd.conf?? I' ve tried to make this but doesn't work properly Is there an example of radiusd.conf and users file to consulting? Thanks a lot - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
Nah still not working, works fine if i use radping or what ever that program is and I specify a nas port. But the nas port only seems to come through from the nas on a start request maybe. The port range starts from 0 and increments by 1 per user. Any ideas? Barry - Original Message - From: Paul Hampson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 02, 2004 2:17 PM Subject: Re: Group ip pools On Sun, Aug 01, 2004 at 02:17:41PM +1200, Barry Murphy wrote: Going forward I have looked at the scripts and it shows that TTY is being used and clients are getting a Nas-Port begining with 0, then 1 for the second user as shown below. Sun Aug 1 12:00:49 2004 Acct-Session-Id = 410C2FFA01F0 User-Name = icepick Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 219.88.249.85 NAS-IP-Address = 10.23.19.2 NAS-Port = 0 Acct-Delay-Time = 0 Client-IP-Address = 10.22.19.2 Acct-Unique-Session-Id = 819283b999345e7d Timestamp = 1091318449 Sun Aug 1 13:26:04 2004 Acct-Session-Id = 410C43DA0201 User-Name = neil Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 219.88.249.89 NAS-IP-Address = 10.23.19.2 NAS-Port = 1 Acct-Delay-Time = 0 Client-IP-Address = 10.22.19.2 Acct-Unique-Session-Id = f27a28a784f81cba Timestamp = 1091323564 Those are Accounting-Start packets... To assign an address from an ippool, the port needs to be present in the Access-Request packet. By the time the RADIUS server sees the Accounting-Start packet, the IP address needs to've been already transmitted in the Access-Accept packet. On the other hand, it looks like a Framed-IP-Address _is_ being assigned... Is this still not working? -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
On Sun, Aug 01, 2004 at 02:17:41PM +1200, Barry Murphy wrote: Going forward I have looked at the scripts and it shows that TTY is being used and clients are getting a Nas-Port begining with 0, then 1 for the second user as shown below. Sun Aug 1 12:00:49 2004 Acct-Session-Id = 410C2FFA01F0 User-Name = icepick Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 219.88.249.85 NAS-IP-Address = 10.23.19.2 NAS-Port = 0 Acct-Delay-Time = 0 Client-IP-Address = 10.22.19.2 Acct-Unique-Session-Id = 819283b999345e7d Timestamp = 1091318449 Sun Aug 1 13:26:04 2004 Acct-Session-Id = 410C43DA0201 User-Name = neil Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 219.88.249.89 NAS-IP-Address = 10.23.19.2 NAS-Port = 1 Acct-Delay-Time = 0 Client-IP-Address = 10.22.19.2 Acct-Unique-Session-Id = f27a28a784f81cba Timestamp = 1091323564 Those are Accounting-Start packets... To assign an address from an ippool, the port needs to be present in the Access-Request packet. By the time the RADIUS server sees the Accounting-Start packet, the IP address needs to've been already transmitted in the Access-Accept packet. On the other hand, it looks like a Framed-IP-Address _is_ being assigned... Is this still not working? -- Paul TBBle Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Group ip pools
Hi, I'm trying to setup ippools on a per group basis, I tried examples from the below and couldn't get it to work. Any ideas? http://lists.cistron.nl/pipermail/freeradius-users/2001-August/001482.html DEFAULTGroup == dialupnf, Auth-Type := System Service-Type == Framed-User, Framed-IP-Address = 10.10.10.1+, Fall-Through = No http://listserver.uk.freebsd.org/pipermail/freebsd-users/2003-May/007864.html robing Auth-Type := Local, User-Password == password Service-Type = Framed-User, Framed-Protocol = PPP, Framed-IP-Address = 195.8.182.0, Framed-IP-Netmask = 255.255.255.0, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th. Bruce Friend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
I'm guessing I can just use ip pools from the radius.conf which I have tried
to do but it isn't working...
ippool mainpool {
range-start = 219.88.249.73
range-stop = 219.88.249.80
netmask = 255.255.255.255
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
}
under accounting{} I have added mainpool
under post-auth {} I have also added mainpool
I've added the following to sql on radgroupcheck
testing Pool-Name := mainpool
radius -X (
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module sql returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type MS-CHAP
auth: type MS-CHAP
modcall: entering group Auth-Type for request 0
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module mschap returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [testing] (from client 192.168.4.1 port 0)
modcall: entering group post-auth for request 0
rlm_ippool: Could not find nas port information. Return NOOP.
modcall[post-auth]: module mainpool returns noop for request 0
radius_xlat: '/var/log/radacct/192.168.4.1/reply-detail-20040731'
Thanks
Barry
- Original Message -
From: Barry Murphy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, July 31, 2004 6:14 PM
Subject: Group ip pools
Hi,
I'm trying to setup ippools on a per group basis, I tried examples from
the
below and couldn't get it to work. Any ideas?
http://lists.cistron.nl/pipermail/freeradius-users/2001-August/001482.html
DEFAULTGroup == dialupnf, Auth-Type := System
Service-Type == Framed-User,
Framed-IP-Address = 10.10.10.1+,
Fall-Through = No
http://listserver.uk.freebsd.org/pipermail/freebsd-users/2003-May/007864.html
robing Auth-Type := Local, User-Password == password
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 195.8.182.0,
Framed-IP-Netmask = 255.255.255.0,
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
Could hte problem be because the user is connecting with a Virtual
NAS-Port...
rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74,
length=113
User-Name = testing
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 192.168.44.59
Framed-IP-Netmask = 255.255.255.255
NAS-Identifier = ns.unix.co.nz
NAS-Port-Type = Virtual
Acct-Status-Type = Start
Acct-Session-Id = 31558-testing1091264221
Acct-Multi-Session-Id =
Acct-Delay-Time = 0
modcall: group Auth-Type returns ok for request 12
Login OK: [testing] (from client 192.168.4.1 port 0)
modcall: entering group post-auth for request 12
rlm_ippool: Could not find nas port information. Return NOOP.
modcall[post-auth]: module mainpool returns noop for request 12
radius_xlat: '/var/log/radacct/192.168.4.1/reply-detail-20040731'
Barry
- Original Message -
From: Barry Murphy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, July 31, 2004 7:26 PM
Subject: Re: Group ip pools
I'm guessing I can just use ip pools from the radius.conf which I have
tried
to do but it isn't working...
ippool mainpool {
range-start = 219.88.249.73
range-stop = 219.88.249.80
netmask = 255.255.255.255
cache-size = 800
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = no
}
under accounting{} I have added mainpool
under post-auth {} I have also added mainpool
I've added the following to sql on radgroupcheck
testing Pool-Name := mainpool
radius -X (
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module sql returns ok for request 0
modcall: group authorize returns ok for request 0
rad_check_password: Found Auth-Type MS-CHAP
auth: type MS-CHAP
modcall: entering group Auth-Type for request 0
rlm_mschap: doing MS-CHAPv2 with NT-Password
rlm_mschap: adding MS-CHAPv2 MPPE keys
modcall[authenticate]: module mschap returns ok for request 0
modcall: group Auth-Type returns ok for request 0
Login OK: [testing] (from client 192.168.4.1 port 0)
modcall: entering group post-auth for request 0
rlm_ippool: Could not find nas port information. Return NOOP.
modcall[post-auth]: module mainpool returns noop for request 0
radius_xlat: '/var/log/radacct/192.168.4.1/reply-detail-20040731'
Thanks
Barry
- Original Message -
From: Barry Murphy [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, July 31, 2004 6:14 PM
Subject: Group ip pools
Hi,
I'm trying to setup ippools on a per group basis, I tried examples from
the
below and couldn't get it to work. Any ideas?
http://lists.cistron.nl/pipermail/freeradius-users/2001-August/001482.html
DEFAULTGroup == dialupnf, Auth-Type := System
Service-Type == Framed-User,
Framed-IP-Address = 10.10.10.1+,
Fall-Through = No
http://listserver.uk.freebsd.org/pipermail/freebsd-users/2003-May/007864.html
robing Auth-Type := Local, User-Password == password
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 195.8.182.0,
Framed-IP-Netmask = 255.255.255.0,
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th. Bruce Friend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th. Bruce Friend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
On Sat, 31 Jul 2004, Barry Murphy wrote: Could hte problem be because the user is connecting with a Virtual NAS-Port... rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74, length=113 User-Name = testing Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.44.59 Framed-IP-Netmask = 255.255.255.255 NAS-Identifier = ns.unix.co.nz NAS-Port-Type = Virtual Acct-Status-Type = Start Acct-Session-Id = 31558-testing1091264221 Acct-Multi-Session-Id = Acct-Delay-Time = 0 The accounting packet does not contain a nas-port attribute. You need to fix that, or rlm_ippool won't work modcall: group Auth-Type returns ok for request 12 Login OK: [testing] (from client 192.168.4.1 port 0) modcall: entering group post-auth for request 12 rlm_ippool: Could not find nas port information. Return NOOP. modcall[post-auth]: module mainpool returns noop for request 12 radius_xlat: '/var/log/radacct/192.168.4.1/reply-detail-20040731' Barry -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th. Bruce Friend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
On Sat, 31 Jul 2004 10:44 -0400, Bruce A. Friend wrote: I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th. Bruce Friend Bruce, I assume you'll see this when you return from vacation. Will you please learn how to configure your vacation autoresponder to ignore mailing list messages? Every time a freeradius-users message hits your system, your autoresponder responds to the list address. Surely if you're savvy enough to use radius, you're savvy enough to learn to use your autoresponder correctly. -- Chip Old (Francis E. Old) E-Mail: [EMAIL PROTECTED] Manager, BCPL Network ServicesPhone: 410-887-6180 Manager, BCPL.NET Internet Services FAX: 410-887-2091 320 York Road Towson, MD 21204 USA - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
I'm on vacation Aug 2 - 6 and will return to the office on Monday the 9th. Bruce Friend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
Barry Murphy [EMAIL PROTECTED] wrote: Could hte problem be because the user is connecting with a Virtual NAS-Port... Yes. There's nothing in the Access-Request packet which lets the server tell one virtual port from another. The server therefore cannot assign IP addresses, as it has no way of tracking who was assigned what. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
It's a pptp connection using debian poptop and ppp. Any ideas? Thanks Barry - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 01, 2004 2:42 AM Subject: Re: Group ip pools On Sat, 31 Jul 2004, Barry Murphy wrote: Could hte problem be because the user is connecting with a Virtual NAS-Port... rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74, length=113 User-Name = testing Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.44.59 Framed-IP-Netmask = 255.255.255.255 NAS-Identifier = ns.unix.co.nz NAS-Port-Type = Virtual Acct-Status-Type = Start Acct-Session-Id = 31558-testing1091264221 Acct-Multi-Session-Id = Acct-Delay-Time = 0 The accounting packet does not contain a nas-port attribute. You need to fix that, or rlm_ippool won't work modcall: group Auth-Type returns ok for request 12 Login OK: [testing] (from client 192.168.4.1 port 0) modcall: entering group post-auth for request 12 rlm_ippool: Could not find nas port information. Return NOOP. modcall[post-auth]: module mainpool returns noop for request 12 radius_xlat: '/var/log/radacct/192.168.4.1/reply-detail-20040731' Barry -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
NTRadPing confirmed what you mentioned, i'm wondering if anyone has managed to get debian ppp to send the interface number as the NAS-Port? i.e. ppp0 would be port 0, ppp1 would be Nas-Port=1 etc. Been googling for hours for this and days on this topic and come up with nothing. A link off http://www.chelcom.ru/~anton/projects/pppd-tacacs+radius/ shows: RADIUS plugin now uses ppp interface number instead of terminal device number as NAS-Port value because interface number is guaranteed to be unique. Barry - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 01, 2004 2:42 AM Subject: Re: Group ip pools On Sat, 31 Jul 2004, Barry Murphy wrote: Could hte problem be because the user is connecting with a Virtual NAS-Port... rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74, length=113 User-Name = testing Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.44.59 Framed-IP-Netmask = 255.255.255.255 NAS-Identifier = ns.unix.co.nz NAS-Port-Type = Virtual Acct-Status-Type = Start Acct-Session-Id = 31558-testing1091264221 Acct-Multi-Session-Id = Acct-Delay-Time = 0 The accounting packet does not contain a nas-port attribute. You need to fix that, or rlm_ippool won't work modcall: group Auth-Type returns ok for request 12 Login OK: [testing] (from client 192.168.4.1 port 0) modcall: entering group post-auth for request 12 rlm_ippool: Could not find nas port information. Return NOOP. modcall[post-auth]: module mainpool returns noop for request 12 radius_xlat: '/var/log/radacct/192.168.4.1/reply-detail-20040731' Barry -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Group ip pools
Going forward I have looked at the scripts and it shows that TTY is being used and clients are getting a Nas-Port begining with 0, then 1 for the second user as shown below. Sun Aug 1 12:00:49 2004 Acct-Session-Id = 410C2FFA01F0 User-Name = icepick Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 219.88.249.85 NAS-IP-Address = 10.23.19.2 NAS-Port = 0 Acct-Delay-Time = 0 Client-IP-Address = 10.22.19.2 Acct-Unique-Session-Id = 819283b999345e7d Timestamp = 1091318449 Sun Aug 1 13:26:04 2004 Acct-Session-Id = 410C43DA0201 User-Name = neil Acct-Status-Type = Start Service-Type = Framed-User Framed-Protocol = PPP Acct-Authentic = RADIUS NAS-Port-Type = Async Framed-IP-Address = 219.88.249.89 NAS-IP-Address = 10.23.19.2 NAS-Port = 1 Acct-Delay-Time = 0 Client-IP-Address = 10.22.19.2 Acct-Unique-Session-Id = f27a28a784f81cba Timestamp = 1091323564 Barry - Original Message - From: Barry Murphy [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 01, 2004 1:39 PM Subject: Re: Group ip pools NTRadPing confirmed what you mentioned, i'm wondering if anyone has managed to get debian ppp to send the interface number as the NAS-Port? i.e. ppp0 would be port 0, ppp1 would be Nas-Port=1 etc. Been googling for hours for this and days on this topic and come up with nothing. A link off http://www.chelcom.ru/~anton/projects/pppd-tacacs+radius/ shows: RADIUS plugin now uses ppp interface number instead of terminal device number as NAS-Port value because interface number is guaranteed to be unique. Barry - Original Message - From: Kostas Kalevras [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, August 01, 2004 2:42 AM Subject: Re: Group ip pools On Sat, 31 Jul 2004, Barry Murphy wrote: Could hte problem be because the user is connecting with a Virtual NAS-Port... rad_recv: Accounting-Request packet from host 192.168.4.1:1084, id=74, length=113 User-Name = testing Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 192.168.44.59 Framed-IP-Netmask = 255.255.255.255 NAS-Identifier = ns.unix.co.nz NAS-Port-Type = Virtual Acct-Status-Type = Start Acct-Session-Id = 31558-testing1091264221 Acct-Multi-Session-Id = Acct-Delay-Time = 0 The accounting packet does not contain a nas-port attribute. You need to fix that, or rlm_ippool won't work modcall: group Auth-Type returns ok for request 12 Login OK: [testing] (from client 192.168.4.1 port 0) modcall: entering group post-auth for request 12 rlm_ippool: Could not find nas port information. Return NOOP. modcall[post-auth]: module mainpool returns noop for request 12 radius_xlat: '/var/log/radacct/192.168.4.1/reply-detail-20040731' Barry -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pools Error?
Hello m0bius, Friday, November 7, 2003, 4:56:58 PM, you wrote: m I seem to be having a strange error occurring during the past few days m that I think has something to do with the IP Pools Management. We use m two Ascend Lucent MAX 3000 NAS (the one with one PRI while the second m carries two). The problem occurs while there are more than 50 dialup m users in which case the users can't connect and get an error type 738: m Server did not assign an IP address... m I've enabled ippools in radius.conf with the correct start and stop m values and added the main_pool in the accounting and post-auth section m as mentioned. However the weird thing is that I don't seem to have any m logs via the radius of the unsuccessful attempts (either via the m detail/reply logs or the dialup admin) and I can't trace the problem by m debugging mode since the error doesn't happen all the times. It would m look like the nases are blocking the connections. m I believe that it has something to do with the NASes but the strange m thing is that while using the Cistron radius server no such issue had m been observed. I have pretty the same problem here. When i'm testing connection - all working fine. But when there's some users connected - rlm_ippool seems to be not working. In debug mode i've seen that processing of such 'bad' requests are finished right after entering 'post-auth' block, and in these cases ippool is not invoked - radiusd says 'Finished request blah-blah' and then it comes to another request. Maybe, some server tuning should be done? I mean, number of threads, timeouts and such. Tomorrow i will try it. -- Best regards, Alexandermailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: IP Pools Error?
Alexander Lunyov [EMAIL PROTECTED] wrote: m I believe that it has something to do with the NASes but the strange m thing is that while using the Cistron radius server no such issue had m been observed. Cistron doesn't have IP pools. I have pretty the same problem here. When i'm testing connection - all working fine. But when there's some users connected - rlm_ippool seems to be not working. In debug mode i've seen that processing of such 'bad' requests are finished right after entering 'post-auth' block, and in these cases ippool is not invoked - radiusd says 'Finished request blah-blah' and then it comes to another request. Maybe, some server tuning should be done? I mean, number of threads, timeouts and such. Tomorrow i will try it. I would suggest adding more debug statements to the rlm_ippool module, so you can see WHY it isn't assigning an IP. Odds are that the request doesn't contain enough information for it to assign an IP. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[2]: IP Pools Error?
Hello Alan, Thursday, May 13, 2004, 5:36:18 PM, you wrote: I have pretty the same problem here. When i'm testing connection - all working fine. But when there's some users connected - rlm_ippool seems to be not working. In debug mode i've seen that processing of such 'bad' requests are finished right after entering 'post-auth' block, and in these cases ippool is not invoked - radiusd says 'Finished request blah-blah' and then it comes to another request. Maybe, some server tuning should be done? I mean, number of threads, timeouts and such. Tomorrow i will try it. AD I would suggest adding more debug statements to the rlm_ippool AD module, so you can see WHY it isn't assigning an IP. Odds are that AD the request doesn't contain enough information for it to assign an IP. Yes, it seems that sometimes NAS-Port-Id is missing. For example: Request is: Service-Type = Framed-User User-Name = bpv89 Framed-Protocol = PPP CHAP-Password = xx CHAP-Challenge = xx NAS-Identifier = zeus.domain.ru NAS-Port-Type = Async And this client is not receiving address, because rlm_ippool return NOOP after NAS port id check. I'm using exppp on freebsd-4.8R-p13 and multiport cards as a NAS, and i found that such requests comes only from some ports/modems (i.e. /dev/cuaa10), and other is doing fine. Why NAS-Port-Id so critical for rlm_ippool? Can i do some workaround for this problem, maybe with some hack of rlm_ippool.c? I mean, do rlm_ippool really need NAS-Port-Id? -- Best regards, Alexandermailto:[EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Multiple IP Pools with Ascend APX's
Anson, You need to look at how pool chaining works with the APX. You might also look into the virtual routers. -- Troy Settle Pulaski Networks http://www.psknet.com 540.994.4254 ~ 866.477.5638 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Anson RinesmithSent: Wednesday, March 17, 2004 6:04 PMTo: [EMAIL PROTECTED]Subject: Multiple IP Pools with Ascend APX's Im using freeRadius with MySQL In radgroupreply, GroupName, Attribute, op, Value, prio I have multiple ISPs logging into one RAS. First ISP needs to class Cs, pools 1 and 2. Second ISP needs 3 Class Cs, pools 3, 4 5. etc.. Therefore I cannot use isp1, X-Ascend-Assign-IP-Pool, :=, 0 Would I have isp1, X-Ascend-Assign-IP-Pool, :=, 1 isp1, X-Ascend-Assign-IP-Pool, +=, 2 isp2, X-Ascend-Assign-IP-Pool, :=, 3 isp2, X-Ascend-Assign-IP-Pool, +=, 4 isp2, X-Ascend-Assign-IP-Pool, +=, 5 etc.
Multiple IP Pools with Ascend APX's
Im using freeRadius with MySQL In radgroupreply, GroupName, Attribute, op, Value, prio I have multiple ISPs logging into one RAS. First ISP needs to class Cs, pools 1 and 2. Second ISP needs 3 Class Cs, pools 3, 4 5. etc.. Therefore I cannot use isp1, X-Ascend-Assign-IP-Pool, :=, 0 Would I have isp1, X-Ascend-Assign-IP-Pool, :=, 1 isp1, X-Ascend-Assign-IP-Pool, +=, 2 isp2, X-Ascend-Assign-IP-Pool, :=, 3 isp2, X-Ascend-Assign-IP-Pool, +=, 4 isp2, X-Ascend-Assign-IP-Pool, +=, 5 etc.
FreeRADIUS, MySQL, IP Pools
Hi All, My first post so please be gentle :) We've been having a few problems with pupils joining our LAN using their own kit. Although we'd like to allow this at some stage (under our rules obviously) we'd like this to be done in a sensible, secure way. Now I have set up a FreeRADIUS box on OS X, it has MySQL support and so far, so good it works fine. If I setup a wireless AP to use it, it works like a charm. Fine. I'd like to now setup a scheme for the RADIUS box to match MAC Addresses to a range of IP addresses (particularly a scope our DHCP server will send out). I am therefore hoping any pupil laptop in the future will be allowed access as long as the MAC address is known and they are using a particular IP range. Is this doable with FreeRADIUS??? I presently am using dialup_admin to admin the system and it has a IP Address field in the new user and new group setup. Can I add a range in the usual 192.168.1.0/24 notation to say the group and make all Pupil users a member of that group??? Would this work or am I completely barking up the wrong tree. TIA Dan -- Dan Hawker Systems Admin Canford School -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: FreeRADIUS, MySQL, IP Pools
The answer depends on your dhcp server (and not) ;) I think. Did you check in your DHCP server manuals if it supports this type of attribute? What is your DHCP server? By the way, it is usually possible that your pupils might give an IP manually, it is not so secure to trust only to the DHCP server. So your pupils use wireless cards to connect to the network? Can you give more details about the hardware and software? Freeradius has IP pools, you can define a pool and make certain MAC addresses use the IPs from the pool. See Framed-IP-Address attribute(if I am not mistaken, it was something like that) But does your wireless ap/dhcp server etc. support this? that is the question... Evren Dan Hawker wrote: Hi All, My first post so please be gentle :) We've been having a few problems with pupils joining our LAN using their own kit. Although we'd like to allow this at some stage (under our rules obviously) we'd like this to be done in a sensible, secure way. Now I have set up a FreeRADIUS box on OS X, it has MySQL support and so far, so good it works fine. If I setup a wireless AP to use it, it works like a charm. Fine. I'd like to now setup a scheme for the RADIUS box to match MAC Addresses to a range of IP addresses (particularly a scope our DHCP server will send out). I am therefore hoping any pupil laptop in the future will be allowed access as long as the MAC address is known and they are using a particular IP range. Is this doable with FreeRADIUS??? I presently am using dialup_admin to admin the system and it has a IP Address field in the new user and new group setup. Can I add a range in the usual 192.168.1.0/24 notation to say the group and make all Pupil users a member of that group??? Would this work or am I completely barking up the wrong tree. TIA Dan -- Dan Hawker Systems Admin Canford School -- [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
