Re: FreeRADIUS SQl Ippool problem -

[Taz Manian]

Will do guys , thanks again for the assistance and advice with this.

-Original Message- 
From: John Dennis

Sent: Friday, June 29, 2012 8:24 PM
To: FreeRadius users mailing list
Cc: dj...@iol.ie ; Alan DeKok
Subject: Re: FreeRADIUS SQl Ippool problem -

On 06/29/2012 02:54 PM, Alan DeKok wrote:

Taz Manian wrote:

but one silly
mistake caused me to try so many different things that i got myself
mixed up with it all.


   THAT is really the problem.  Trying "many different things" is always
a disaster.  Follow the instructions *exactly*.  Step by step.

   Trying "many things" means you don't understand the problem.  You're
just randomly editing files "until it works".  Well, it won't.


And do yourself a favor and put your configuration files under source
control, make only minor incremental changes, if works commit it to the
source repository. That way if things don't work it's trivial 2 second
process to reset everything back to a known working state. You also will
have a history of everything you changed and why as well as the ability
to go back to any configuration at any point in time.

If you don't know how to use source control, stop and learn it.


--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/


-
List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html 


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[John Dennis]

On 06/29/2012 02:54 PM, Alan DeKok wrote:

Taz Manian wrote:

but one silly
mistake caused me to try so many different things that i got myself
mixed up with it all.


   THAT is really the problem.  Trying "many different things" is always
a disaster.  Follow the instructions *exactly*.  Step by step.

   Trying "many things" means you don't understand the problem.  You're
just randomly editing files "until it works".  Well, it won't.


And do yourself a favor and put your configuration files under source 
control, make only minor incremental changes, if works commit it to the 
source repository. That way if things don't work it's trivial 2 second 
process to reset everything back to a known working state. You also will 
have a history of everything you changed and why as well as the ability 
to go back to any configuration at any point in time.


If you don't know how to use source control, stop and learn it.


--
John Dennis 

Looking to carve out IT costs?
www.redhat.com/carveoutcosts/


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Alan DeKok]

Taz Manian wrote:
> but one silly
> mistake caused me to try so many different things that i got myself
> mixed up with it all.

  THAT is really the problem.  Trying "many different things" is always
a disaster.  Follow the instructions *exactly*.  Step by step.

  Trying "many things" means you don't understand the problem.  You're
just randomly editing files "until it works".  Well, it won't.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: FreeRADIUS SQl Ippool problem -

[Taz Manian]

> Did you put a call to sqlippool instance inside post-auth, like the
> wiki tells you to?
> 
> -- 
> Fajar That was the problem - i had it in there but had commented it out at 
> some stage because or an error that popped up and forgot to enable it 
> again.Thanks for the help on this and i do apologise for annoying you, i know 
> your sick of people like me but i did read up on it but one silly mistake 
> caused me to try so many different things that i got myself mixed up with it 
> all.Anyway , thanks again , its all working now and ill know to look out for 
> that in the future :D  Taz   -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Fajar A. Nugraha]

On Fri, Jun 29, 2012 at 9:19 PM, Taz Manian  wrote:
> [sql]   expand: SELECT id, groupname, attribute,   Value,
> op   FROM radgroupcheck   WHERE groupname =
> '%{Sql-Group}'   ORDER BY id -> SELECT id, groupname,
> attribute,   Value, op   FROM radgroupcheck   WHERE
> groupname = 'MyGroup'   ORDER BY id

so it reads radgroupcheck ...

> # Executing section post-auth from file /etc/raddb/sites-enabled/default
> +- entering group post-auth {...}
> [sql]   expand: %{User-Name} -> username@realm
>
> [sql] sql_set_user escaped user --> 'username@realm'
> [sql]   expand: %{User-Password} -> 1234567
> [sql]   expand: INSERT INTO radpostauth   (username,
> pass, reply, authdate)   VALUES
> (   '%{User-Name}',
> '%{%{User-Password}:-%{Chap-Password}}',
> '%{reply:Packet-Type}', '%S') -> INSERT INTO
> radpostauth   (username, pass, reply,
> authdate)   VALUES (
> 'username@realm',
> '1234567',   'Access-Accept', '2012-06-29 15:13:08')
> rlm_sql (sql) in sql_postauth: query is INSERT INTO
> radpostauth   (username, pass, reply,
> authdate)   VALUES (
> 'username@realm',
> '1234567',   'Access-Accept', '2012-06-29 15:13:08')
>
> rlm_sql (sql): Reserving sql socket id: 0
> rlm_sql (sql): Released sql socket id: 0
> ++[sql] returns ok
> ++[exec] returns noop
> Sending Access-Accept of id 97 to 192.168.1.150 port 56916


... but no mention of sqlippool call on post-auth. I have to ask
again, did you REALLY read the wiki? Thoroughly? Did you follow the
instructions there?
Did you put a call to sqlippool instance inside post-auth, like the
wiki tells you to?

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: FreeRADIUS SQl Ippool problem -

[Taz Manian]

Sorry , i thought i had attached the radiusd -X report.rad_recv: 
Access-Request packet from host 192.168.1.150 port 56916, id=97, length=123
User-Name = "username@realm"
Acct-Session-Id = "1340979220W15beb"
NAS-Port = 0
Calling-Station-Id = "1115551212"
NAS-Identifier = "192.168.1.150"
User-Password = "1234567"
Message-Authenticator = 0x5b68c4b10cdd7a5dc3cf1d01361e6d24
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "realm" for User-Name = "username@realm"
[suffix] No such realm "realm"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
[sql]   expand: %{User-Name} -> username@realm
[sql] sql_set_user escaped user --> 'username@realm'
rlm_sql (sql): Reserving sql socket id: 1
[sql]   expand: SELECT id, username, attribute, value, op   FROM 
radcheck   WHERE username = '%{SQL-User-Name}'   ORDER BY id -> 
SELECT id, username, attribute, value, op   FROM radcheck   
WHERE username = 'username@realm'   ORDER BY id
[sql] User found in radcheck table
[sql]   expand: SELECT id, username, attribute, value, op   FROM 
radreply   WHERE username = '%{SQL-User-Name}'   ORDER BY id -> 
SELECT id, username, attribute, value, op   FROM radreply   
WHERE username = 'username@realm'   ORDER BY id
[sql]   expand: SELECT groupname   FROM usergroup   WHERE 
username = '%{SQL-User-Name}'   ORDER BY priority -> SELECT groupname   
FROM usergroup   WHERE username = 'username@realm'   
ORDER BY priority
[sql]   expand: SELECT id, groupname, attribute,   Value, op   
FROM radgroupcheck   WHERE groupname = '%{Sql-Group}'   ORDER 
BY id -> SELECT id, groupname, attribute,   Value, op   FROM 
radgroupcheck   WHERE groupname = 'MyGroup'   ORDER BY id
[sql] User found in group MyGroup
[sql]   expand: SELECT id, groupname, attribute,   value, op   
FROM radgroupreply   WHERE groupname = '%{Sql-Group}'   ORDER 
BY id -> SELECT id, groupname, attribute,   value, op   FROM 
radgroupreply   WHERE groupname = 'MyGroup'   ORDER BY id
rlm_sql (sql): Released sql socket id: 1
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "1234567"
[pap] Using clear text password "1234567"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> username@realm
[sql] sql_set_user escaped user --> 'username@realm'
[sql]   expand: %{User-Password} -> 1234567
[sql]   expand: INSERT INTO radpostauth   (username, 
pass, reply, authdate)   VALUES (   
'%{User-Name}',   
'%{%{User-Password}:-%{Chap-Password}}',   
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
   (username, pass, reply, authdate)   VALUES ( 
  'username@realm',   '1234567',
   'Access-Accept', '2012-06-29 15:13:08')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth 
  (username, pass, reply, authdate)   VALUES (  
 'username@realm',   '1234567', 
  'Access-Accept', '2012-06-29 15:13:08')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 97 to 192.168.1.150 port 56916
Finished request 1.
Going to the next request
Waking up in 4.9 seconds.   > Date: Fri, 29 Jun 2012 20:57:50 +0700
> Subject: Re: FreeRADIUS SQl Ippool problem -
> From: l...@fajar.net
> To: dj...@iol.ie; freeradius-users@lists.freeradius.org
> 
> On Fri, Jun 29, 2012 at 8:46 PM, Taz Manian  wrote:
> > But the username isnt the problem, that authenticates properly and if i put
> > in
> 
> You should fix tha

Re: FreeRADIUS SQl Ippool problem -

[Fajar A. Nugraha]

On Fri, Jun 29, 2012 at 8:46 PM, Taz Manian  wrote:
> But the username isnt the problem, that authenticates properly and if i put
> in

You should fix that. There might be a compatibility code that allows
it to work today, but the next versions might not have it.

> I get no info back for the pools at all when i do a radiusd -X

And the debug log says ... what?

If you think you can solve it by yourself so that you don't need to
send the output to this list, then don't bother asking here. Seriusly.

In any case, the debug log SHOULD tell you whether it runs
sqlipool-related queries. If so, then try running those queries
manually, see if the result is indeed what you expect them to be.

If it DOESN'T run sqlipool-related queries, then your problem is
elsewhere. Probably because your setup DOESN'T read radgroupcheck by
default (yes, it can be that way, if you configure it to do so). In
that case moving Pool-Name to radcheck should be an easy way to test.

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: FreeRADIUS SQl Ippool problem -

[Taz Manian]

Thanks Alan, But the username isnt the problem, that authenticates properly and 
if i put inmysql> select * from radreply;
 
  
++-++---+--+
  | id | UserName| Attribute| Value 
 | Op   |
  
++-++---+--+
  |  1 | username@realm  | Framed-IP-Address | 1.2.3.4| :=   |
Then i get the framed IP address back no problems, the problem is that the pool 
isnt working at all, and i know its something stupid im doing but i cant see to 
see it.Ive built 3 radius boxes - one proxy , one for  l2pt tunnels that gets a 
hand off from the proxy if thats the correct realm and one sql based one (also 
passed from the proxy) which works fine for userthat have the framed IP's but 
not for users that have pools. I also have hand offs from a Cisco ACS devices 
and all of that works perfectly.Im just stumped on the ip pools and its the 
last thing i want to get working so its frustrating. I get no info back for the 
pools at all when i do a radiusd -X  Taz   > Date: Fri, 29 Jun 2012 07:46:36 
-0400
> From: al...@deployingradius.com
> To: dj...@iol.ie; freeradius-users@lists.freeradius.org
> Subject: Re: FreeRADIUS SQl Ippool problem -
> 
> Taz Manian wrote:
> > Can you guys confirm that this is the correct format for the SQl side of
> > things please ?
> >
> > Im still having problems and just want to confirm that this is correct.
> 
>   It's not.
> 
> > mysql> select * from radcheck;
> > ++++++
> > | id | username| attribute  | op | value  |
> > ++++++
> >   1  username@realm <mailto:username@realm> Password   :=1234567
> 
>   Fix that.  Honestly, it's been wrong for 6 years.  Why do people still
> do this?
> 
>   See the FAQ for a *correct* example.
> 
> > If theres anything im missing it would help
> 
>   a) did you follow the directions?
> 
>   b) does it work?
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Alan DeKok]

Taz Manian wrote:
> Can you guys confirm that this is the correct format for the SQl side of
> things please ?
>
> Im still having problems and just want to confirm that this is correct.

  It's not.

> mysql> select * from radcheck;
> ++++++
> | id | username| attribute  | op | value  |
> ++++++
>   1  username@realm  Password   :=1234567

  Fix that.  Honestly, it's been wrong for 6 years.  Why do people still
do this?

  See the FAQ for a *correct* example.

> If theres anything im missing it would help

  a) did you follow the directions?

  b) does it work?

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: FreeRADIUS SQl Ippool problem -

[Taz Manian]

Thanks for the input so far everyone.Can you guys confirm that this is the 
correct format for the SQl side of things please ?Im still having problems and 
just want to confirm that this is correct.  mysql> select * from radcheck; 
++++++ 
| id | username| attribute  | op | value  | 
++++++ 
  1  username@realm Password   :=1234567
mysql> select * from usergroup; 
+---++--+ 
|username  | GroupName  | priority |
+---++--+ 
username@realm  MyGroup  1 mysql> select * from radgroupcheck; 
++-+---++---+ 
| id | groupname   | attribute | op | value | 
++-+---++---+ 
  1  MyGroup   Pool-Name  :=EZ_POOL_NAME
mysql> select * from radippool; 
++---+-+--+-+--+-+--+--+
| id | pool_name | framedipaddress | nasipaddress | calledstationid | 
callingstationid | expiry_time | username | pool_key |
++---+-+--+-+--+-+--+--+
 
   1  EZ_POOL_NAME  192.168.1.2 -00-00 00:00:00
   2  EZ_POOL_NAME  192.168.1.3 -00-00 00:00:00
   
   
mysql> select * from radgroupreply; 
++-+---+---+-+ 
| id | GroupName   | Attribute | Op| Value   | 
++-+---+---+-+ 
  1  EZ_POOL_NAME  Framed-MTU  :=1500
  2  EZ_POOL_NAME  Service-Type  :=Framed-User
  3  EZ_POOL_NAME  Framed-Protocol :=PPP
 If theres anything im missing it would help Thanks   
 > Date: Thu, 28 Jun 2012 20:38:52 +0700
> Subject: Re: FreeRADIUS SQl Ippool problem -
> From: l...@fajar.net
> To: dj...@iol.ie; freeradius-users@lists.freeradius.org
> 
> On Thu, Jun 28, 2012 at 8:22 PM, Taz Manian  wrote:
> > I did check the wiki , i have been on it for the last 3 days trying to
> > figure this out
> >
> > I did a search for Pool-Name and i got 4 different results as below
> >
> > http://wiki.freeradius.org/search?q=Pool-Name
> >
> > http://wiki.freeradius.org/Rlm_sqlippool
> 
> Did you notice I specifically mentioned that page?
> 
> > http://wiki.freeradius.org/Rlm_ippool
> > http://wiki.freeradius.org/Users
> > http://wiki.freeradius.org/Ippool%20and%20radius%20clients
> >
> > I checked each one of them and not one said anything about radcheck or
> > radreply.
> 
> Did you read this paragraph?
> 
> "
> To assign a user an IP from a pool you simply need to have a Pool-Name
> Attribute (Keep in mind that it is a CONTROL attribute, not a reply
> attribute) in the required configuration file, which is either in
> files(users), sql or any other type of configuration schema.
> "
> 
> It should be clear enough that Pool-Name should not be in
> rad(group)reply (since that table holds reply attributes).
> 
> If you don't know where to put CONTROL attribute (which is in
> rad(group)check, btw), then we might need to add an entry for that.
> 
> > I checked on Google and found some pages that said TO USE Framed-Pool , and
> > i could see that when i ran radiusd -X
> 
> Your primary source of information should be the included
> documentation (comments on the config file, man pages, etc).
> 
> After that, the wiki.
> 
> After that, this list.
> 
> If you decide to follow some random page, then no wonder you get random 
> result.
> 
> -- 
> Fajar
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Fajar A. Nugraha]

On Thu, Jun 28, 2012 at 8:22 PM, Taz Manian  wrote:
> I did check the wiki , i have been on it for the last 3 days trying to
> figure this out
>
> I did a search for Pool-Name and i got 4 different results as below
>
> http://wiki.freeradius.org/search?q=Pool-Name
>
> http://wiki.freeradius.org/Rlm_sqlippool

Did you notice I specifically mentioned that page?

> http://wiki.freeradius.org/Rlm_ippool
> http://wiki.freeradius.org/Users
> http://wiki.freeradius.org/Ippool%20and%20radius%20clients
>
> I checked each one of them and not one said anything about radcheck or
> radreply.

Did you read this paragraph?

"
To assign a user an IP from a pool you simply need to have a Pool-Name
Attribute (Keep in mind that it is a CONTROL attribute, not a reply
attribute) in the required configuration file, which is either in
files(users), sql or any other type of configuration schema.
"

It should be clear enough that Pool-Name should not be in
rad(group)reply (since that table holds reply attributes).

If you don't know where to put CONTROL attribute (which is in
rad(group)check, btw), then we might need to add an entry for that.

> I checked on Google and found some pages that said TO USE Framed-Pool , and
> i could see that when i ran radiusd -X

Your primary source of information should be the included
documentation (comments on the config file, man pages, etc).

After that, the wiki.

After that, this list.

If you decide to follow some random page, then no wonder you get random result.

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Alan DeKok]

Taz Manian wrote:
> I checked each one of them and not one said anything about radcheck or
> radreply.

  Because they give examples for the "users" file.  They don't give
examples for SQL, LDAP, external programs, Perl, Python, etc.

  The "users" file example has the Pool-Name on the first line.  The
documentation for the "users" file says that this makes it a check item.
 The documentation for the SQL module describes how to map "users" file
entries to SQL.

  It *is* documented.

  We expect that *some* independent understanding is necessary.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: FreeRADIUS SQl Ippool problem -

[Taz Manian]

I did check the wiki , i have been on it for the last 3 days trying to figure 
this out  I did a search for Pool-Name and i got 4 different results as below  
http://wiki.freeradius.org/search?q=Pool-Name
http://wiki.freeradius.org/Rlm_sqlippool
http://wiki.freeradius.org/Rlm_ippool
http://wiki.freeradius.org/Users
http://wiki.freeradius.org/Ippool%20and%20radius%20clients
I checked each one of them and not one said anything about radcheck or 
radreply. I checked on Google and found some pages that said TO USE Framed-Pool 
, and i could see that when i ran radiusd -XI just tried using Pool-Name and it 
doesnt work nor does it show when i try it with radiusd -X.  I appreciate your 
input , im really stuck on this one. Im also not sure how to use rlm_sqlipool ? 
Taz 
   > Date: Thu, 28 Jun 2012 19:08:25 +0700
> Subject: Re: FreeRADIUS SQl Ippool problem -
> From: l...@fajar.net
> To: dj...@iol.ie; freeradius-users@lists.freeradius.org
> 
> On Thu, Jun 28, 2012 at 7:03 PM, Taz Manian  wrote:
> > Hi Guys,
> >
> >
> >
> > Im having a problem with Ippools with freeradius2 and i cant seem to get any
> > username to get an address from the pool.
> >
> > 90% of the usernames will have static IP's but i want a few to be in a pool
> > but i really am stumped - i tried putting
> >
> >
> >
> > username@realm Framed-Pool := EZPOOL
> >
> >
> >
> > into the radreply section and it gives me a reply when i test it #
> 
> 
> Please check the wiki, IIRC you should put it in radcheck, not
> radreply. And the attribute is Pool-Name, not Framed-Pool.
> 
> > so i know is readying that - i then have a pool set up in radippool
> 
> Also, IMHO you should just use rlm_sqlipool. It's easier to setup and debug.
> 
> -- 
> Fajar
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
  -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Fajar A. Nugraha]

On Thu, Jun 28, 2012 at 7:26 PM, Michell  wrote:
> Hello,
>
> to some time ago informed me that the ippool not work properly with mysql.

It works just fine

> As it is now?
> I'm not sure what the problems were occurring, but informed me that it
> worked better and smoothly only in postgres.

IIRC from the discussion, postgres should perform better compared to
mysql on the DEFAULT setup due to locking (or lack of it).
Function-wise, both work fine.

If your load is pretty light, OR you know how to adjust your mysql
setup to avoid the locking issue, it should be irrelevant.

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Alan DeKok]

Michell wrote:
> to some time ago informed me that the ippool not work properly with
> mysql. As it is now?

  "someone somewhere said something".  That's not helpful.

  Read the documentation and examples distributed with FreeRADIUS.  They
give you the CORRECT answers.

  In this case, raddb/sql/mysql/ippool.*

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Michell]

Hello,

to some time ago informed me that the ippool not work properly with mysql.
As it is now?
I'm not sure what the problems were occurring, but informed me that it
worked better and smoothly only in postgres.

They try to succeed in this scenario freeradius / mysql?

Thanks for listening,

Michell

2012/6/28 Fajar A. Nugraha 

> On Thu, Jun 28, 2012 at 7:03 PM, Taz Manian  wrote:
> > Hi Guys,
> >
> >
> >
> > Im having a problem with Ippools with freeradius2 and i cant seem to get
> any
> > username to get an address from the pool.
> >
> > 90% of the usernames will have static IP's but i want a few to be in a
> pool
> > but i really am stumped - i tried putting
> >
> >
> >
> > username@realm Framed-Pool := EZPOOL
> >
> >
> >
> > into the radreply section and it gives me a reply when i test it #
>
>
> Please check the wiki, IIRC you should put it in radcheck, not
> radreply. And the attribute is Pool-Name, not Framed-Pool.
>
> > so i know is readying that - i then have a pool set up in radippool
>
> Also, IMHO you should just use rlm_sqlipool. It's easier to setup and
> debug.
>
> --
> Fajar
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Fajar A. Nugraha]

On Thu, Jun 28, 2012 at 7:08 PM, Fajar A. Nugraha  wrote:
> On Thu, Jun 28, 2012 at 7:03 PM, Taz Manian  wrote:

>> so i know is readying that - i then have a pool set up in radippool
>
> Also, IMHO you should just use rlm_sqlipool. It's easier to setup and debug.

Sorry, I somehow read "radippool" as "rlm_ippool". If you use that
table then you should use (or at least try to use) rlm_sqlippool
already.

You probably just need to read the wiki:
http://wiki.freeradius.org/Rlm_sqlippool

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: FreeRADIUS SQl Ippool problem -

[Fajar A. Nugraha]

On Thu, Jun 28, 2012 at 7:03 PM, Taz Manian  wrote:
> Hi Guys,
>
>
>
> Im having a problem with Ippools with freeradius2 and i cant seem to get any
> username to get an address from the pool.
>
> 90% of the usernames will have static IP's but i want a few to be in a pool
> but i really am stumped - i tried putting
>
>
>
> username@realm Framed-Pool := EZPOOL
>
>
>
> into the radreply section and it gives me a reply when i test it #


Please check the wiki, IIRC you should put it in radcheck, not
radreply. And the attribute is Pool-Name, not Framed-Pool.

> so i know is readying that - i then have a pool set up in radippool

Also, IMHO you should just use rlm_sqlipool. It's easier to setup and debug.

-- 
Fajar
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

FreeRADIUS SQl Ippool problem -

[Taz Manian]

Hi Guys, Im having a problem with Ippools with freeradius2 and i cant seem to 
get any username to get an address from the pool.90% of the usernames will have 
static IP's but i want a few to be in a pool but i really am stumped - i tried 
putting  username@realm
Framed-Pool
:=
EZPOOL   into the radreply section and it gives me a reply when i test it # 
Standard  Framed-Pool"EZPOOL" so i know is readying that - i then have 
a pool set up in 
radippool   pool_name=EZPOOLFramedIPAddress=192.168.1.200  (i have more)  and 
my radiusd -X reply is  :  # Executing group from file 
/etc/raddb/sites-enabled/default
+- entering group PAP {...}
[pap] login attempt with password "111"
[pap] Using clear text password "111"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[sql]   expand: %{User-Name} -> user@realm
[sql] sql_set_user escaped user --> 'username@realm'
[sql]   expand: %{User-Password} -> 111
[sql]   expand: INSERT INTO radpostauth   (username, 
pass, reply, authdate)   VALUES (   
'%{User-Name}',   
'%{%{User-Password}:-%{Chap-Password}}',   
'%{reply:Packet-Type}', '%S') -> INSERT INTO radpostauth
   (username, pass, reply, authdate)   VALUES ( 
  'username@realm',   '111',
   'Access-Accept', '2012-06-28 10:59:37')
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth 
  (username, pass, reply, authdate)   VALUES (  
 'username@realm',   '111', 
  'Access-Accept', '2012-06-28 10:59:37')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
++[exec] returns noop
Sending Access-Accept of id 51 to 192.168.1.100 port 52433
Framed-Pool := "EZPOOL"
Cisco-AVPair := "lcp:interface-config=ip vrf forwarding BLAH"
Cisco-AVPair += "lcp:interface-config=ip unnumbered Loopback1"
Cisco-AVPair += "lcp:interface-config=mtu 1492"
Service-Type := Framed-User
Framed-Protocol := PPP
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 51 with timestamp +5
Ready to process requests.
  
  

  -
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

duplicate ip address ippool problem

[as3ad jamous]

 freeradius assign duplicate ip address , i using ippool module and file, for 
example user1 get the IP1 and some times (not always ) user2 get the same IP1 
so LNS see duplicate ip address and drop the new user (no high load at radius 
but some times on database may be some load ),i dont know why freeradius retrun 
the used ip ,may it not sotre it  at the ippool files :
session-db and ip-index
? but whyfrom the side of the LNS i can see the authentication and accounting 
is okand acknowledged about authentication and accountingif there problem from 
side of database , the ippool store  the datat at local files at radius server 
and there is no problem of high cpu load or system load on it , I would be 
grateful if you can assist me in identifying why this happens, and how I can 
rectify this problemthank you in advance. i look forward to your reply. 
 
_
Helping your favorite cause is as easy as instant messaging. You IM, we give.
http://im.live.com/Messenger/IM/Home/?source=text_hotmail_join-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: IPPOOL PROBLEM

[Rafael Roldán]

Hy,

Thanks Nicolas. Sorry, its the first time I work in a UNIX environment.
In the configure output I obtained:

configure: warning: silently not building rlm_ippool.
configure: warning: FAILURE: rlm_ippool requires:  libgdbm.

After installing the package gdbm-1.8.3, which are the steps I have to
follow in order to get rlm_ippool compiled? May I have to repeat all the
steps of the installation ( $./configure -> $ make -> $ make install)?

Or  is there another way?

Thank you very much,
Rafa

- Original Message - 
From: "Nicolas Baradakis" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list" 
Sent: Tuesday, January 24, 2006 2:01 PM
Subject: Re: IPPOOL PROBLE


> Rafael Roldán wrote:
>
> > But when I tried to test the ippool module I obtained a segmentation
> > fault when I run radiusd.
>
> Please no HTML to the list.
>
> If you found a bug in FreeRADIUS, follow the instructions here:
> http://freeradius.org/radiusd/doc/bugs
>
> > In my rlm_ippool directory I have:
> >
> > # pwd
> > .../freeradius-1.0.5/src/modules/rlm_ippool
> > # ls
> > acconfig.h   config.log   configure.in
Makefile.in  rlm_ippool_tool.c
> > config.h config.statusCVS
rlm_ippool.c rlm_ippool_tool.pod
> > config.h.in  configureMakefile
rlm_ippool_tool.8
> > #
> >
> > Has the rlm_ippool module compiled well?
> > How can I resolve the problem?
>
> It looks like the rlm_ippool module was skipped, read the configure
> output to find out why.
>
> -- 
> Nicolas Baradakis
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: ippool problem

[Jamal Taweel]

I believe that he should use different file
names of session-db, and ip-index for the two pools. May be he used the same file
names for the two pools. Also he should delete them from ${raddbdir}/ before he
start with creating the pools.

 

 

 

-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of milver nisay
Sent: Friday, July 15, 2005 10:44
AM
To: 'FreeRadius users mailing
list'
Subject: RE: ippool problem

 

What
does radiusd –X tells you?

Can you
post more info from your accounting and post-auth section?

 









From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, July 15, 2005 7:42
AM
To:
freeradius-users@lists.freeradius.org
Subject: ippool problem



 


Hello, 

I´m
trying to configure a FreeRadius 1.0.4 in Red Hat 8.0. Everything works OK
until I add the ippool in the "post-auth" and "accounting"
section. 

When I
start the server I get always the error "Segmentation Fault" after
loading radutmp, just when it tries to load the ippool in the
"accounting" section 

I have
the following configuration in the ippool module: 

 
      ippool 2 { 
 
              range-start = 172.20.1.1

 
              range-stop = 172.20.1.254

 
              netmask = 255.255.255.0

 
              cache-size = 254

 
              session-db =
${raddbdir}/db.ippool 
 
              ip-index =
${raddbdir}/db.ipindex 
 
              override = yes 
 
              maximum-timeout = 0

 
      } 

Do you
know if I´m doing something wrong? 

Thanks









*
The contents of this email and any attachments are confidential. It is 
intended for the named recipient(s) only. If you have received this email 
in error please notify the system manager or  the sender immediately and 
do not disclose the contents to any one or make copies.
*
PALTEL E-Safety System scanned this email and found NO viruses, 
vandals or malicious content.
*
Should you need any information or clarifications regarding this system, 
please do not hesitate to contact our team at the IP Dep. 
<[EMAIL PROTECTED]>.
*



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[Alan DeKok]

[EMAIL PROTECTED] wrote:
> When I start the server I get always the error "Segmentation Fault" after
> loading radutmp, just when it tries to load the ippool in the "accounting"

  See doc/bugs

  Alan DeKok.
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: ippool problem

[milver nisay]

Check user access and access permissions from
radiusd.conf and from

the files and folders

 









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
Sent: Friday, July 15, 2005 11:05
AM
To: [EMAIL PROTECTED]; FreeRadius users mailing list
Subject: RE: ippool problem



 


radius -X  doesn´t show any error or warning
until the end (Segmentation fault). You can see the result of my last
execution: 

Starting
- reading configuration files ... 
reread_config:
 reading radiusd.conf 
Config:
  including file: /usr/local/etc/raddb/proxy.conf 
Config:
  including file: /usr/local/etc/raddb/clients.conf 
Config:
  including file: /usr/local/etc/raddb/snmp.conf 
Config:
  including file: /usr/local/etc/raddb/eap.conf 
Config:
  including file: /usr/local/etc/raddb/sql.conf 
 main:
prefix = "/usr/local" 
 main:
localstatedir = "/usr/local/var" 
 main:
logdir = "/usr/local/var/log/radius" 
 main:
libdir = "/usr/local/lib" 
 main:
radacctdir = "/usr/local/var/log/radius/radacct" 
 main:
hostname_lookups = no 
 main:
max_request_time = 30 
 main:
cleanup_delay = 5 
 main:
max_requests = 1024 
 main:
delete_blocked_requests = 0 
 main:
port = 1645 
 main:
allow_core_dumps = no 
 main:
log_stripped_names = no 
 main:
log_file = "/usr/local/var/log/radius/radius.log" 
 main:
log_auth = no 
 main:
log_auth_badpass = no 
 main:
log_auth_goodpass = no 
 main:
pidfile = "/usr/local/var/run/radiusd/radiusd.pid" 
 main:
user = "(null)" 
 main:
group = "(null)" 
 main:
usercollide = no 
 main:
lower_user = "no" 
 main:
lower_pass = "no" 
 main:
nospace_user = "no" 
 main:
nospace_pass = "no" 
 main:
checkrad = "/usr/local/sbin/checkrad" 
 main:
proxy_requests = yes 
 proxy:
retry_delay = 5 
 proxy:
retry_count = 3 
 proxy:
synchronous = no 
 proxy:
default_fallback = yes 
 proxy:
dead_time = 120 
 proxy:
post_proxy_authorize = yes 
 proxy:
wake_all_if_all_dead = no 
 security:
max_attributes = 200 
 security:
reject_delay = 1 
 security:
status_server = no 
 main:
debug_level = 0 
read_config_files:
 reading dictionary 
read_config_files:
 reading naslist 
Using
deprecated naslist file.  Support for this will go away soon.

read_config_files:
 reading clients 
read_config_files:
 reading realms 
radiusd:
 entering modules setup 
Module:
Library search path is /usr/local/lib 
Module:
Loaded exec 
 exec:
wait = yes 
 exec:
program = "(null)" 
 exec:
input_pairs = "request" 
 exec:
output_pairs = "(null)" 
 exec:
packet_type = "(null)" 
rlm_exec:
Wait=yes but no output defined. Did you mean output=none? 
Module:
Instantiated exec (exec) 
Module:
Loaded expr 
Module:
Instantiated expr (expr) 
Module:
Loaded PAP 
 pap:
encryption_scheme = "crypt" 
Module:
Instantiated pap (pap) 
Module:
Loaded CHAP 
Module:
Instantiated chap (chap) 
Module:
Loaded MS-CHAP 
 mschap:
use_mppe = yes 
 mschap:
require_encryption = no 
 mschap:
require_strong = no 
 mschap:
with_ntdomain_hack = no 
 mschap:
passwd = "(null)" 
 mschap:
authtype = "MS-CHAP" 
 mschap:
ntlm_auth = "(null)" 
Module:
Instantiated mschap (mschap) 
Module:
Loaded System 
 unix:
cache = no 
 unix:
passwd = "(null)" 
 unix:
shadow = "(null)" 
 unix:
group = "(null)" 
 unix:
radwtmp = "/usr/local/var/log/radius/radwtmp" 
 unix:
usegroup = no 
 unix:
cache_reload = 600 
Module:
Instantiated unix (unix) 
Module:
Loaded eap 
 eap:
default_eap_type = "md5" 
 eap:
timer_expire = 60 
 eap:
ignore_unknown_eap_types = no 
 eap:
cisco_accounting_username_bug = no 
rlm_eap:
Loaded and initialized type md5 
rlm_eap:
Loaded and initialized type leap 
 gtc:
challenge = "Password: " 
 gtc:
auth_type = "PAP" 
rlm_eap:
Loaded and initialized type gtc 
 mschapv2:
with_ntdomain_hack = no 
rlm_eap:
Loaded and initialized type mschapv2 
Module:
Instantiated eap (eap) 
Module:
Loaded preprocess 
 preprocess:
huntgroups = "/usr/local/etc/raddb/huntgroups" 
 preprocess:
hints = "/usr/local/etc/raddb/hints" 
 preprocess:
with_ascend_hack = no 
 preprocess:
ascend_channels_per_line = 23 
 preprocess:
with_ntdomain_hack = no 
 preprocess:
with_specialix_jetstream_hack = no 
 preprocess:
with_cisco_vsa_hack = no 
Module:
Instantiated preprocess (preprocess) 
Module:
Loaded realm 
 realm:
format = "suffix" 
 realm:
delimiter = "@" 
 realm:
ignore_default = no 
 realm:
ignore_null = no 
Module:
Instantiated realm (suffix) 
Module:
Loaded files 
 files:
usersfile = "/usr/local/etc/raddb/users" 
 files:
acctusersfile = "/usr/local/etc/raddb/acct_users" 
 files:
preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"

 files:
compat = "no" 
Module:
Instantiated files (files) 
Module:
Loaded Acct-Unique-Session-Id 
 acct_unique:
ke

Re: ippool problem

[Marcin Jessa]

files
>  files: usersfile = "/usr/local/etc/raddb/users"
>  files: acctusersfile = "/usr/local/etc/raddb/acct_users"
>  files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"
>  files: compat = "no"
> Module: Instantiated files (files)
> Module: Loaded Acct-Unique-Session-Id
>  acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, 
> Client-IP-Address, NAS-Port"
> Module: Instantiated acct_unique (acct_unique)
> Module: Loaded detail
>  detail: detailfile = 
> "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d"
>  detail: detailperm = 384
>  detail: dirperm = 493
>  detail: locking = no
> Module: Instantiated detail (detail)
> Module: Loaded radutmp
>  radutmp: filename = "/usr/local/var/log/radius/radutmp"
>  radutmp: username = "%{User-Name}"
>  radutmp: case_sensitive = yes
>  radutmp: check_with_nas = yes
>  radutmp: perm = 384
>  radutmp: callerid = yes
> Module: Instantiated radutmp (radutmp)
> Segmentation fault
> 
> And the config for the post-auth and accounting:
> 
> #
> #  Accounting.  Log the accounting data.
> #
> accounting {
> #
> #  Create a 'detail'ed log of the packets.
> #  Note that accounting requests which are proxied
> #  are also logged in the detail file.
> detail
> #   daily
> 
> #  Update the wtmp file
> #
> #  If you don't use "radlast", you can delete this line.
> unix
> 
> #
> #  For Simultaneous-Use tracking.
> #
> #  Due to packet losses in the network, the data here
> #  may be incorrect.  There is little we can do about it.
> radutmp
> #   sradutmp
> 
> #  Return an address to the IP Pool when we see a stop record.
> #   main_pool
> # My two ippools
> 1
> 2
> #
> #  Log traffic to an SQL database.
> #
> #  See "Accounting queries" in sql.conf
> #   sql
> 
> 
> #  Cisco VoIP specific bulk accounting
> #   pgsql-voip
> 
> }
> 
> 
> #  Post-Authentication
> #  Once we KNOW that the user has been authenticated, there are
> #  additional steps we can take.
> post-auth {
> #  Get an address from the IP Pool.
> #   main_pool
> ## My two ippools
> 1
> 2
> #
> #  If you want to have a log of authentication replies,
> #  un-comment the following line, and the 'detail reply_log'
> #  section, above.
> #   reply_log
> 
> #
> #  After authenticating the user, do another SQL qeury.
> #
> #  See "Authentication Logging Queries" in sql.conf
> #   sql
> 
> #
> #  Un-comment the following if you have set
> #  'edir_account_policy_check = yes' in the ldap module 
> sub-section of
> #  the 'modules' section.
> #
> #   ldap
> #
> #  Access-Reject packets are sent through the REJECT sub-section 
> of the
> #  post-auth section.
> #  Uncomment the following and set the module name to the ldap 
> instance
> #  name if you have set 'edir_account_policy_check = yes' in the 
> ldap
> #  module sub-section of the 'modules' section.
> #
> #   Post-Auth-Type REJECT {
> #   insert-module-name-here
> #   }
> 
> }
> 
> 
> 
> [EMAIL PROTECTED] escribió el 15/07/2005 
> 10:44:20:
> 
> > What does radiusd ?X tells you?
> > Can you post more info from your accounting and post-auth section?
> > 
> > 
> > From: [EMAIL PROTECTED] [mailto:
> > [EMAIL PROTECTED] On Behalf Of 
> > [EMAIL PROTECTED]
> > Sent: Friday, July 15, 2005 7:42 AM
> > To: freeradius-users@lists.freeradius.org
> > Subject: ippool problem
> > 
> > 
> > Hello, 
> > 
> > I´m trying to configure a FreeRadius 1.0.4 in Red Hat 8.0. 
> > Everything works OK until I add the ippool in the "post-auth" and 
> > "accounting" section. 
> > 
> > When I start the server I get always the error "Segmentation Fault" 
> > after loading radutmp, just when it tries to load the ippool in the 
> > "accounting" section 
> > 
> > I have the following configuration in the ippool module: 
> > 
> > ippool 2 { 
> > range-start = 172.20.1.1 
> > range-stop = 172.20.1.254 
> > netmask = 255.255.255.0 
> > cache-size = 254 
> > session-db = ${raddbdir}/db.ippool 
> > ip-index = ${raddbdir}/db.ipindex 
> > override = yes 
> > maximum-timeout = 0 
> > } 
> > 
> > Do you know if I´m doing something wrong? 
> > 
> > Thanks - 
> > List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: ippool problem

[abernabe]

%d"
 detail: detailperm = 384
 detail: dirperm = 493
 detail: locking = no
Module: Instantiated detail (detail)
Module: Loaded radutmp
 radutmp: filename = "/usr/local/var/log/radius/radutmp"
 radutmp: username = "%{User-Name}"
 radutmp: case_sensitive = yes
 radutmp: check_with_nas = yes
 radutmp: perm = 384
 radutmp: callerid = yes
Module: Instantiated radutmp (radutmp)
Segmentation fault

And the config for the post-auth and
accounting:

#
#  Accounting.  Log the accounting
data.
#
accounting {
        #
        #  Create
a 'detail'ed log of the packets.
        #  Note
that accounting requests which are proxied
        #  are
also logged in the detail file.
        detail
#       daily

        #  Update
the wtmp file
        #
        #  If
you don't use "radlast", you can delete this line.
        unix

        #
        #  For
Simultaneous-Use tracking.
        #
        #  Due
to packet losses in the network, the data here
        #  may
be incorrect.  There is little we can do about it.
        radutmp
#       sradutmp

        #  Return
an address to the IP Pool when we see a stop record.
#       main_pool
# My two ippools
        1
        2
        #
        #  Log
traffic to an SQL database.
        #
        #  See
"Accounting queries" in sql.conf
#       sql


        #  Cisco
VoIP specific bulk accounting
#       pgsql-voip

}


#  Post-Authentication
#  Once we KNOW that the user has
been authenticated, there are
#  additional steps we can take.
post-auth {
        #  Get
an address from the IP Pool.
#       main_pool
## My two ippools
        1
        2
        #
        #  If
you want to have a log of authentication replies,
        #  un-comment
the following line, and the 'detail reply_log'
        #  section,
above.
#       reply_log

        #
        #  After
authenticating the user, do another SQL qeury.
        #
        #  See
"Authentication Logging Queries" in sql.conf
#       sql

        #
        #  Un-comment
the following if you have set
        #  'edir_account_policy_check
= yes' in the ldap module sub-section of
        #  the
'modules' section.
        #
#       ldap
        #
        #  Access-Reject
packets are sent through the REJECT sub-section of the
        #  post-auth
section.
        #  Uncomment
the following and set the module name to the ldap instance
        #  name
if you have set 'edir_account_policy_check = yes' in the ldap
        #  module
sub-section of the 'modules' section.
        #
#       Post-Auth-Type
REJECT {
#          
    insert-module-name-here
#       }

}



[EMAIL PROTECTED] escribió
el 15/07/2005 10:44:20:

> What does radiusd –X tells you?
> Can you post more info from your accounting and
post-auth section?
>  
> 
> From: [EMAIL PROTECTED] [mailto:
> [EMAIL PROTECTED] On Behalf Of 
> [EMAIL PROTECTED]
> Sent: Friday, July 15, 2005 7:42 AM
> To: freeradius-users@lists.freeradius.org
> Subject: ippool problem
>  
> 
> Hello, 
> 
> I´m trying to configure a FreeRadius 1.0.4 in Red Hat 8.0. 
> Everything works OK until I add the ippool in the "post-auth"
and 
> "accounting" section. 
> 
> When I start the server I get always the error "Segmentation
Fault" 
> after loading radutmp, just when it tries to load the ippool in the

> "accounting" section 
> 
> I have the following configuration in the ippool module: 
> 
>         ippool 2 { 
>                 range-start
= 172.20.1.1 
>                 range-stop
= 172.20.1.254 
>                 netmask =
255.255.255.0 
>                 cache-size
= 254 
>                 session-db
= ${raddbdir}/db.ippool 
>                 ip-index =
${raddbdir}/db.ipindex 
>                 override =
yes 
>                 maximum-timeout
= 0 
>         } 
> 
> Do you know if I´m doing something wrong? 
> 
> Thanks - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: ippool problem

[milver nisay]

What does radiusd –X tells you?

Can you post more info from your
accounting and post-auth section?

 









From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Friday, July 15, 2005 7:42
AM
To: freeradius-users@lists.freeradius.org
Subject: ippool problem



 


Hello, 

I´m
trying to configure a FreeRadius 1.0.4 in Red Hat 8.0. Everything works OK
until I add the ippool in the "post-auth" and "accounting"
section. 

When
I start the server I get always the error "Segmentation Fault" after
loading radutmp, just when it tries to load the ippool in the
"accounting" section 

I
have the following configuration in the ippool module: 

 
      ippool 2 { 
 
              range-start = 172.20.1.1

 
              range-stop = 172.20.1.254

 
              netmask = 255.255.255.0

 
              cache-size = 254

 
              session-db =
${raddbdir}/db.ippool 
 
              ip-index =
${raddbdir}/db.ipindex 
 
              override = yes 
 
              maximum-timeout = 0

 
      } 

Do
you know if I´m doing something wrong? 

Thanks







- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ippool problem

[abernabe]

Hello,

I´m trying to configure a FreeRadius
1.0.4 in Red Hat 8.0. Everything works OK until I add the ippool in the
"post-auth" and "accounting" section. 

When I start the server I get always
the error "Segmentation Fault" after loading radutmp, just when
it tries to load the ippool in the "accounting" section

I have the following configuration in
the ippool module:

        ippool 2
{
           
    range-start = 172.20.1.1
           
    range-stop = 172.20.1.254
           
    netmask = 255.255.255.0
           
    cache-size = 254
           
    session-db = ${raddbdir}/db.ippool
           
    ip-index = ${raddbdir}/db.ipindex
           
    override = yes
           
    maximum-timeout = 0
        }

Do you know if I´m doing something wrong?

Thanks

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[Milver S. Nisay]

the answers are scattered from the freeradius list
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, June 08, 2004 2:52 PM
Subject: Re: ippool problem


>
>
> Hi this is the debug with the error
>
>
>  ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
>  ippool: range-start = 192.168.1.1 IP address [192.168.1.1]
>  ippool: range-stop = 192.168.3.254 IP address [192.168.3.254]
>  ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
>  ippool: cache-size = 800
>  ippool: override = no
> Module: Instantiated ippool (main_pool)
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
> 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1:1029, id=126,
length=57
> User-Name = "steve"
> User-Password = "testing"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "eap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "steve", looking up realm NULL
> rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
> users: Matched steve at 80
>   modcall[authorize]: module "files" returns ok for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
> modcall: group authorize returns ok for request 0
>   rad_check_password:  Found Auth-Type Local
> auth: type Local
> auth: user supplied User-Password matches local User-Password
> modcall: entering group post-auth for request 0
> rlm_ippool: Could not find Pool-Name attribute.
>   modcall[post-auth]: module "main_pool" returns noop for request 0
> modcall: group post-auth returns noop for request 0
> Sending Access-Accept of id 126 to 127.0.0.1:1029
> Framed-Protocol = PPP
> Framed-Routing = Broadcast-Listen
> Framed-Filter-Id = "std.ppp"
> Framed-MTU = 1500
> Finished request 0
> Going to the next request
>
>
> > On Mon, 7 Jun 2004 [EMAIL PROTECTED] wrote:
> >
> >> Hi
> >>
> >> when i run the server in debug mode i have this line that says that :
> >>
> >> modcall[post-auth]: module "main_pool" returns noop for request 0
> >>
> >> how can i change the congif file in order for this to work?
> >>
> >> Best regards
> >
> > I think you will find the answer just one line before the line you
posted
> > (posting the complete session debug can help).
> >
>
>
> -
> List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
>
>



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[Kostas Kalevras]

On Tue, 8 Jun 2004 [EMAIL PROTECTED] wrote:

>
>
> Hi this is the debug with the error
>
>
>  ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
>  ippool: range-start = 192.168.1.1 IP address [192.168.1.1]
>  ippool: range-stop = 192.168.3.254 IP address [192.168.3.254]
>  ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
>  ippool: cache-size = 800
>  ippool: override = no
> Module: Instantiated ippool (main_pool)
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
> 1814/udp.
> Ready to process requests.
> rad_recv: Access-Request packet from host 127.0.0.1:1029, id=126, length=57
> User-Name = "steve"
> User-Password = "testing"
> NAS-IP-Address = 255.255.255.255
> NAS-Port = 0
> modcall: entering group authorize for request 0
>   modcall[authorize]: module "preprocess" returns ok for request 0
>   modcall[authorize]: module "chap" returns noop for request 0
>   modcall[authorize]: module "eap" returns noop for request 0
> rlm_realm: No '@' in User-Name = "steve", looking up realm NULL
> rlm_realm: No such realm "NULL"
>   modcall[authorize]: module "suffix" returns noop for request 0
> users: Matched steve at 80

OK and *do* you set Pool-Name in line 80?

>   modcall[authorize]: module "files" returns ok for request 0
>   modcall[authorize]: module "mschap" returns noop for request 0
> modcall: group authorize returns ok for request 0
>   rad_check_password:  Found Auth-Type Local
> auth: type Local
> auth: user supplied User-Password matches local User-Password
> modcall: entering group post-auth for request 0
> rlm_ippool: Could not find Pool-Name attribute.
>   modcall[post-auth]: module "main_pool" returns noop for request 0
> modcall: group post-auth returns noop for request 0
> Sending Access-Accept of id 126 to 127.0.0.1:1029
> Framed-Protocol = PPP
> Framed-Routing = Broadcast-Listen
> Framed-Filter-Id = "std.ppp"
> Framed-MTU = 1500
> Finished request 0
> Going to the next request
>
>
> > On Mon, 7 Jun 2004 [EMAIL PROTECTED] wrote:
> >
> >> Hi
> >>
> >> when i run the server in debug mode i have this line that says that :
> >>
> >> modcall[post-auth]: module "main_pool" returns noop for request 0
> >>
> >> how can i change the congif file in order for this to work?
> >>
> >> Best regards
> >
> > I think you will find the answer just one line before the line you posted
> > (posting the complete session debug can help).
> >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[Paul Hampson]

On Tue, Jun 08, 2004 at 03:52:15PM +0200, [EMAIL PROTECTED] wrote:
> rlm_ippool: Could not find Pool-Name attribute.
This is your problem
>   modcall[post-auth]: module "main_pool" returns noop for request 0
and this is the result.

You need a Pool-Name check-item, as describe in the docs right above
where the ippool module is configured.

-- 
Paul "TBBle" Hampson, on an alternate email client.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[marco]

Hi this is the debug with the error


 ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
 ippool: range-start = 192.168.1.1 IP address [192.168.1.1]
 ippool: range-stop = 192.168.3.254 IP address [192.168.3.254]
 ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
 ippool: cache-size = 800
 ippool: override = no
Module: Instantiated ippool (main_pool)
Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on
1814/udp.
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1:1029, id=126, length=57
User-Name = "steve"
User-Password = "testing"
NAS-IP-Address = 255.255.255.255
NAS-Port = 0
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "eap" returns noop for request 0
rlm_realm: No '@' in User-Name = "steve", looking up realm NULL
rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
users: Matched steve at 80
  modcall[authorize]: module "files" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns ok for request 0
  rad_check_password:  Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
modcall: entering group post-auth for request 0
rlm_ippool: Could not find Pool-Name attribute.
  modcall[post-auth]: module "main_pool" returns noop for request 0
modcall: group post-auth returns noop for request 0
Sending Access-Accept of id 126 to 127.0.0.1:1029
Framed-Protocol = PPP
Framed-Routing = Broadcast-Listen
Framed-Filter-Id = "std.ppp"
Framed-MTU = 1500
Finished request 0
Going to the next request


> On Mon, 7 Jun 2004 [EMAIL PROTECTED] wrote:
>
>> Hi
>>
>> when i run the server in debug mode i have this line that says that :
>>
>> modcall[post-auth]: module "main_pool" returns noop for request 0
>>
>> how can i change the congif file in order for this to work?
>>
>> Best regards
>
> I think you will find the answer just one line before the line you posted
> (posting the complete session debug can help).
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[Kostas Kalevras]

On Mon, 7 Jun 2004 [EMAIL PROTECTED] wrote:

> Hi
>
> when i run the server in debug mode i have this line that says that :
>
> modcall[post-auth]: module "main_pool" returns noop for request 0
>
> how can i change the congif file in order for this to work?
>
> Best regards

I think you will find the answer just one line before the line you posted
(posting the complete session debug can help).

>
> Marco
>
> > On Fri, 4 Jun 2004, Zdenek Pizl wrote:
> >
> >> On Fri, 2004-06-04 at 15:29, Kostas Kalevras wrote:
> >> > > the error comes when i try to authenticate gives me this error :
> >> > >
> >> > > auth: user supplied User-Password matches local User-Password
> >> > > modcall: entering group post-auth for request 0
> >> > > rlm_ippool: Could not find Pool-Name attribute.
> >> >  
> >> >
> >> > Fix the above. The comments in radiusd.conf should be more than
> >> enough.
> >> >
> >>
> >> I am in similar troubles, and the comment (do you mean:
> >> # Example:
> >> # radiusd.conf: ippool students { [...] }
> >> # users file  : DEFAULT Group == students, Pool-Name :=
> >> "students" ?) does not help/work ...
> >
> > As *explained* in the comments, you need to set the Pool-Name attribute to
> > the
> > name of the ippool module instance. You can do that in the users file.
> > So if your ippool module is named pool1:
> >
> > ippool pool1{
> > [...]
> > }
> >
> > In the users you can do:
> >
> > DEFAULT Pool-Name := "pool1"
> >
> >>
> >> What else should I do?
> >>
> >> z.p.
> >>
> >>
> >> > >   modcall[post-auth]: module "main_pool" returns noop for request 0
> >> > > modcall: group post-auth returns noop for request 0
> >> > >
> >> > > how can i solve this problem??
> >> > >
> >> > > other question that i have is how to setup the users file to use a
> >> speciic pool?
> >> > >
> >> > > Best regards
> >> > >
> >> > > Marco
> >> >
> >> > --
> >> > Kostas Kalevras  Network Operations Center
> >> > [EMAIL PROTECTED]National Technical University of Athens, Greece
> >> > Work Phone:  +30 210 7721861
> >> > 'Go back to the shadow'  Gandalf
> >> >
> >> > -
> >> > List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >> --
> >> Zdenek Pizl
> >> Systinet Corporation
> >> Vinohradska 190
> >> 130 00 Praha 3
> >>
> >>
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED]   National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[marco]

Hi

when i run the server in debug mode i have this line that says that :

modcall[post-auth]: module "main_pool" returns noop for request 0

how can i change the congif file in order for this to work?

Best regards

Marco

> On Fri, 4 Jun 2004, Zdenek Pizl wrote:
>
>> On Fri, 2004-06-04 at 15:29, Kostas Kalevras wrote:
>> > > the error comes when i try to authenticate gives me this error :
>> > >
>> > > auth: user supplied User-Password matches local User-Password
>> > > modcall: entering group post-auth for request 0
>> > > rlm_ippool: Could not find Pool-Name attribute.
>> >
>> >
>> > Fix the above. The comments in radiusd.conf should be more than
>> enough.
>> >
>>
>> I am in similar troubles, and the comment (do you mean:
>> # Example:
>> # radiusd.conf: ippool students { [...] }
>> # users file  : DEFAULT Group == students, Pool-Name :=
>> "students" ?) does not help/work ...
>
> As *explained* in the comments, you need to set the Pool-Name attribute to
> the
> name of the ippool module instance. You can do that in the users file.
> So if your ippool module is named pool1:
>
> ippool pool1{
>   [...]
> }
>
> In the users you can do:
>
> DEFAULT   Pool-Name := "pool1"
>
>>
>> What else should I do?
>>
>> z.p.
>>
>>
>> > >   modcall[post-auth]: module "main_pool" returns noop for request 0
>> > > modcall: group post-auth returns noop for request 0
>> > >
>> > > how can i solve this problem??
>> > >
>> > > other question that i have is how to setup the users file to use a
>> speciic pool?
>> > >
>> > > Best regards
>> > >
>> > > Marco
>> >
>> > --
>> > Kostas KalevrasNetwork Operations Center
>> > [EMAIL PROTECTED]  National Technical University of Athens, Greece
>> > Work Phone:+30 210 7721861
>> > 'Go back to the shadow'Gandalf
>> >
>> > -
>> > List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>> --
>> Zdenek Pizl
>> Systinet Corporation
>> Vinohradska 190
>> 130 00 Praha 3
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
> --
> Kostas Kalevras   Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone:   +30 210 7721861
> 'Go back to the shadow'   Gandalf
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[Kostas Kalevras]

On Fri, 4 Jun 2004, Zdenek Pizl wrote:

> On Fri, 2004-06-04 at 15:29, Kostas Kalevras wrote:
> > > the error comes when i try to authenticate gives me this error :
> > >
> > > auth: user supplied User-Password matches local User-Password
> > > modcall: entering group post-auth for request 0
> > > rlm_ippool: Could not find Pool-Name attribute.
> > 
> >
> > Fix the above. The comments in radiusd.conf should be more than enough.
> >
>
> I am in similar troubles, and the comment (do you mean:
> # Example:
> # radiusd.conf: ippool students { [...] }
> # users file  : DEFAULT Group == students, Pool-Name :=
> "students" ?) does not help/work ...

As *explained* in the comments, you need to set the Pool-Name attribute to the
name of the ippool module instance. You can do that in the users file.
So if your ippool module is named pool1:

ippool pool1{
[...]
}

In the users you can do:

DEFAULT Pool-Name := "pool1"

>
> What else should I do?
>
> z.p.
>
>
> > >   modcall[post-auth]: module "main_pool" returns noop for request 0
> > > modcall: group post-auth returns noop for request 0
> > >
> > > how can i solve this problem??
> > >
> > > other question that i have is how to setup the users file to use a speciic pool?
> > >
> > > Best regards
> > >
> > > Marco
> >
> > --
> > Kostas Kalevras Network Operations Center
> > [EMAIL PROTECTED]   National Technical University of Athens, Greece
> > Work Phone: +30 210 7721861
> > 'Go back to the shadow' Gandalf
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> --
> Zdenek Pizl
> Systinet Corporation
> Vinohradska 190
> 130 00 Praha 3
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[Zdenek Pizl]

On Fri, 2004-06-04 at 15:29, Kostas Kalevras wrote:
> > the error comes when i try to authenticate gives me this error :
> >
> > auth: user supplied User-Password matches local User-Password
> > modcall: entering group post-auth for request 0
> > rlm_ippool: Could not find Pool-Name attribute.
>   
> 
> Fix the above. The comments in radiusd.conf should be more than enough.
> 

I am in similar troubles, and the comment (do you mean: 
# Example:
# radiusd.conf: ippool students { [...] }
# users file  : DEFAULT Group == students, Pool-Name :=
"students" ?) does not help/work ...

What else should I do?

z.p.


> >   modcall[post-auth]: module "main_pool" returns noop for request 0
> > modcall: group post-auth returns noop for request 0
> >
> > how can i solve this problem??
> >
> > other question that i have is how to setup the users file to use a speciic pool?
> >
> > Best regards
> >
> > Marco
> 
> --
> Kostas Kalevras   Network Operations Center
> [EMAIL PROTECTED] National Technical University of Athens, Greece
> Work Phone:   +30 210 7721861
> 'Go back to the shadow'   Gandalf
> 
> - 
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- 
Zdenek Pizl
Systinet Corporation
Vinohradska 190
130 00 Praha 3



- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: ippool problem

[Kostas Kalevras]

On Thu, 3 Jun 2004, Marco Marques wrote:

> Hi All ,
>
> i am trying to setup radius to work with ip pools , when i start radius in debug 
> mode i dont see any error.
>
> Output :
> Module: Loaded IPPOOL
>  ippool: session-db = "/usr/local/etc/raddb/db.ippool"
>  ippool: ip-index = "/usr/local/etc/raddb/db.ipindex"
>  ippool: range-start = 192.168.1.1 IP address [192.168.1.1]
>  ippool: range-stop = 192.168.3.254 IP address [192.168.3.254]
>  ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
>  ippool: cache-size = 800
>  ippool: override = no
> Module: Instantiated ippool (main_pool)
> Listening on IP address *, ports 1812/udp and 1813/udp, with proxy on 1814/udp.
> Ready to process requests.
>
> the error comes when i try to authenticate gives me this error :
>
> auth: user supplied User-Password matches local User-Password
> modcall: entering group post-auth for request 0
> rlm_ippool: Could not find Pool-Name attribute.


Fix the above. The comments in radiusd.conf should be more than enough.

>   modcall[post-auth]: module "main_pool" returns noop for request 0
> modcall: group post-auth returns noop for request 0
>
> how can i solve this problem??
>
> other question that i have is how to setup the users file to use a speciic pool?
>
> Best regards
>
> Marco

--
Kostas Kalevras Network Operations Center
[EMAIL PROTECTED]   National Technical University of Athens, Greece
Work Phone: +30 210 7721861
'Go back to the shadow' Gandalf

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

ippool problem

[Marco Marques]

Hi All , 
 
i am trying to setup radius to work with ip pools , 
when i start radius in debug mode i dont see any error.
 
Output :
Module: Loaded IPPOOL ippool: session-db = 
"/usr/local/etc/raddb/db.ippool" ippool: ip-index = 
"/usr/local/etc/raddb/db.ipindex" ippool: range-start = 192.168.1.1 IP 
address [192.168.1.1] ippool: range-stop = 192.168.3.254 IP address 
[192.168.3.254] ippool: netmask = 255.255.255.0 IP address 
[255.255.255.0] ippool: cache-size = 800 ippool: override = 
noModule: Instantiated ippool (main_pool)Listening on IP address *, 
ports 1812/udp and 1813/udp, with proxy on 1814/udp.Ready to process 
requests.
the error comes when i try to authenticate gives me 
this error :
 
auth: user supplied User-Password matches local 
User-Passwordmodcall: entering group post-auth for request 0rlm_ippool: 
Could not find Pool-Name attribute.  modcall[post-auth]: module 
"main_pool" returns noop for request 0modcall: group post-auth returns noop 
for request 0
how can i solve this problem??
 
other question that i have is how to setup the 
users file to use a speciic pool?
 
Best regards
 
Marco