Ip pool doesn't works properly
Simone Giovanardi
s.giovanardi at satcom.it
Tue Jun 7 12:44:58 CEST 2005
> Hi,
>
> How can I configure FreeRADIUS to assign IP address dinamically with Ip
> Pool when there is a successful authentication from Cisco 7200 access
> server with FreeRADIUS 1.0.0?
>
> Like this it works sending out only 2 ip address...always the same...
Is your Cisco sending a unique nasport/nasip for each client? Ip pool
uses the nasip/nasport to identify the user.
YES
FROM LOGS SHOWED BELOW, IT SENDS OUT THE SAME TWO ADDRESS AND
DOESN'T KEEP ANYONE ENTRY IN YOUR DATABASE .IPPOOL (VIEWED WITH rlm_ippool_tool -a ...)
run radiusd -X and have several users establish a connection. Post the
output here if you can't decifer it.
rad_recv: Access-Request packet from host 83.216.176.254:21661, id=219, length=95
Framed-Protocol = PPP
User-Name = "font0001@"
CHAP-Password = 0x01af73ef6670b0a4a65130cb133a902c2f
NAS-Port-Type = Virtual
NAS-Port = 0
Service-Type = Framed-User
NAS-IP-Address = 83.216.176.254
rad_lowerpair: User-Name now 'font0001@'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 13
modcall[authorize]: module "preprocess" returns ok for request 13
radius_xlat: '/freerad100/var/log/radius/radacct/83.216.176.254/auth-detail-20050607'
rlm_detail: /freerad100/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /freera
d100/var/log/radius/radacct/83.216.176.254/auth-detail-20050607
modcall[authorize]: module "auth_log" returns ok for request 13
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 13
modcall[authorize]: module "mschap" returns noop for request 13
rlm_realm: No '/' in User-Name = "font0001@", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 13
rlm_realm: Looking up realm "@" for User-Name = "font0001@"
rlm_realm: No such realm "@"
modcall[authorize]: module "suffix" returns noop for request 13
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 13
modcall[authorize]: module "files" returns notfound for request 13
radius_xlat: 'font0001@'
rlm_sql (sql): sql_set_user escaped user --> 'font0001@'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'font0001 at whdsl.satco
m.it' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 4
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Valu
e,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'font0001@' AN
D usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'font0001 at whdsl.satco
m.it' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Valu
e,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'font0001@' AN
D usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 4
modcall[authorize]: module "sql" returns ok for request 13
modcall: group authorize returns ok for request 13
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [font0001@/<CHAP-Password>] (from client Telecom-BRAS1-3 port 0)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 13
modcall[post-auth]: module "main_pool" returns noop for request 13
rlm_ippool: Searching for an entry for nas/port: 83.216.176.254/0
rlm_ippool: Found a stale entry for ip/port: 83.216.178.213/0
rlm_ippool: num: 0
rlm_ippool: Searching for an entry for nas/port: 83.216.176.254/0
rlm_ippool: Allocating ip to nas/port: 83.216.176.254/0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 83.216.178.190 to client on nas 83.216.176.254,port 0
modcall[post-auth]: module "whsitt_pool" returns ok for request 13
radius_xlat: '/freerad100/var/log/radius/radacct/83.216.176.254/reply-detail-20050607'
rlm_detail: /freerad100/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /freer
ad100/var/log/radius/radacct/83.216.176.254/reply-detail-20050607
modcall[post-auth]: module "reply_log" returns ok for request 13
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'font0001@'
rlm_sql (sql): sql_set_user escaped user --> 'font0001@'
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'font0001 at whdsl.satcom.i
t', 'Chap-Password', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('',
'font0001@', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
modcall[post-auth]: module "sql" returns ok for request 13
modcall: group post-auth returns ok for request 13
Sending Access-Accept of id 219 to 83.216.176.254:21661
Framed-IP-Netmask = 255.255.255.255
Service-Type = Framed-User
Framed-Protocol = PPP
Ascend-Client-Primary-DNS = 62.94.0.1
Ascend-Client-Secondary-DNS = 83.216.172.1
Framed-IP-Address = 83.216.178.190
Finished request 13
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 13 ID 219 with timestamp 42a5701c
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 83.216.176.254:21661, id=220, length=95
Framed-Protocol = PPP
User-Name = "font0001@"
CHAP-Password = 0x01852ebbe42598a17861fa2b06de488ff7
NAS-Port-Type = Virtual
NAS-Port = 0
Service-Type = Framed-User
NAS-IP-Address = 83.216.176.254
rad_lowerpair: User-Name now 'font0001@'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 15
modcall[authorize]: module "preprocess" returns ok for request 15
radius_xlat: '/freerad100/var/log/radius/radacct/83.216.176.254/auth-detail-20050607'
rlm_detail: /freerad100/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /freera
d100/var/log/radius/radacct/83.216.176.254/auth-detail-20050607
modcall[authorize]: module "auth_log" returns ok for request 15
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 15
modcall[authorize]: module "mschap" returns noop for request 15
rlm_realm: No '/' in User-Name = "font0001@", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 15
rlm_realm: Looking up realm "@" for User-Name = "font0001@"
rlm_realm: No such realm "@"
modcall[authorize]: module "suffix" returns noop for request 15
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 15
modcall[authorize]: module "files" returns notfound for request 15
radius_xlat: 'font0001@'
rlm_sql (sql): sql_set_user escaped user --> 'font0001@'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'font0001 at whdsl.satco
m.it' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Valu
e,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'font0001@' AN
D usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'font0001 at whdsl.satco
m.it' ORDER BY id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Valu
e,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'font0001@' AN
D usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 15
modcall: group authorize returns ok for request 15
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [font0001@/<CHAP-Password>] (from client Telecom-BRAS1-3 port 0)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 15
modcall[post-auth]: module "main_pool" returns noop for request 15
rlm_ippool: Searching for an entry for nas/port: 83.216.176.254/0
rlm_ippool: Found a stale entry for ip/port: 83.216.178.190/0
rlm_ippool: num: 0
rlm_ippool: Searching for an entry for nas/port: 83.216.176.254/0
rlm_ippool: Allocating ip to nas/port: 83.216.176.254/0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 83.216.178.213 to client on nas 83.216.176.254,port 0
modcall[post-auth]: module "whsitt_pool" returns ok for request 15
radius_xlat: '/freerad100/var/log/radius/radacct/83.216.176.254/reply-detail-20050607'
rlm_detail: /freerad100/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /freer
ad100/var/log/radius/radacct/83.216.176.254/reply-detail-20050607
modcall[post-auth]: module "reply_log" returns ok for request 15
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'font0001@'
rlm_sql (sql): sql_set_user escaped user --> 'font0001@'
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'font0001 at whdsl.satcom.i
t', 'Chap-Password', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('',
'font0001@', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
modcall[post-auth]: module "sql" returns ok for request 15
modcall: group post-auth returns ok for request 15
Sending Access-Accept of id 220 to 83.216.176.254:21661
Framed-IP-Netmask = 255.255.255.255
Service-Type = Framed-User
Framed-Protocol = PPP
Ascend-Client-Primary-DNS = 62.94.0.1
Ascend-Client-Secondary-DNS = 83.216.172.1
Framed-IP-Address = 83.216.178.213
Finished request 15
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 15 ID 220 with timestamp 42a5706e
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 83.216.176.254:21661, id=226, length=80
Framed-Protocol = PPP
User-Name = "satc0002@"
CHAP-Password = 0x0193da4f830e1c9dfa12364d6122880c8f
NAS-Port-Type = Virtual
NAS-Port = 0
Service-Type = Framed-User
NAS-IP-Address = 83.216.176.254
rad_lowerpair: User-Name now 'satc0002@'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 24
modcall[authorize]: module "preprocess" returns ok for request 24
radius_xlat: '/freerad100/var/log/radius/radacct/83.216.176.254/auth-detail-20050607'
rlm_detail: /freerad100/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /freera
d100/var/log/radius/radacct/83.216.176.254/auth-detail-20050607
modcall[authorize]: module "auth_log" returns ok for request 24
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 24
modcall[authorize]: module "mschap" returns noop for request 24
rlm_realm: No '/' in User-Name = "satc0002@", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 24
rlm_realm: Looking up realm "" for User-Name = "satc0002@"
rlm_realm: No such realm ""
modcall[authorize]: module "suffix" returns noop for request 24
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 24
modcall[authorize]: module "files" returns notfound for request 24
radius_xlat: 'satc0002@'
rlm_sql (sql): sql_set_user escaped user --> 'satc0002@'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'satc0002@' ORDER BY
id'
rlm_sql (sql): Reserving sql socket id: 1
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Valu
e,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'satc0002@' AND usergroup.Gro
upName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'satc0002@' ORDER BY
id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Valu
e,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'satc0002@' AND usergroup.Gro
upName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 1
modcall[authorize]: module "sql" returns ok for request 24
modcall: group authorize returns ok for request 24
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [satc0002@/<CHAP-Password>] (from client Telecom-BRAS1-3 port 0)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 24
modcall[post-auth]: module "main_pool" returns noop for request 24
rlm_ippool: Searching for an entry for nas/port: 83.216.176.254/0
rlm_ippool: Found a stale entry for ip/port: 83.216.178.213/0
rlm_ippool: num: 0
rlm_ippool: Searching for an entry for nas/port: 83.216.176.254/0
rlm_ippool: Allocating ip to nas/port: 83.216.176.254/0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 83.216.178.190 to client on nas 83.216.176.254,port 0
modcall[post-auth]: module "whsitt_pool" returns ok for request 24
radius_xlat: '/freerad100/var/log/radius/radacct/83.216.176.254/reply-detail-20050607'
rlm_detail: /freerad100/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /freer
ad100/var/log/radius/radacct/83.216.176.254/reply-detail-20050607
modcall[post-auth]: module "reply_log" returns ok for request 24
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'satc0002@'
rlm_sql (sql): sql_set_user escaped user --> 'satc0002@'
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'satc0002@', 'Chap-Passw
ord', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('',
'satc0002@', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
modcall[post-auth]: module "sql" returns ok for request 24
modcall: group post-auth returns ok for request 24
Sending Access-Accept of id 226 to 83.216.176.254:21661
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Ascend-Client-Primary-DNS = 62.94.0.1
Ascend-Client-Secondary-DNS = 83.216.172.1
Framed-IP-Address = 83.216.178.190
Finished request 24
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 24 ID 226 with timestamp 42a5710d
Nothing to do. Sleeping until we see a request.
rad_recv: Access-Request packet from host 83.216.176.254:21661, id=228, length=80
Framed-Protocol = PPP
User-Name = "satc0002@"
CHAP-Password = 0x01645acb50fb384b93e96e5f96ab0056a8
NAS-Port-Type = Virtual
NAS-Port = 0
Service-Type = Framed-User
NAS-IP-Address = 83.216.176.254
rad_lowerpair: User-Name now 'satc0002@'
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 27
modcall[authorize]: module "preprocess" returns ok for request 27
radius_xlat: '/freerad100/var/log/radius/radacct/83.216.176.254/auth-detail-20050607'
rlm_detail: /freerad100/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /freera
d100/var/log/radius/radacct/83.216.176.254/auth-detail-20050607
modcall[authorize]: module "auth_log" returns ok for request 27
rlm_chap: Setting 'Auth-Type := CHAP'
modcall[authorize]: module "chap" returns ok for request 27
modcall[authorize]: module "mschap" returns noop for request 27
rlm_realm: No '/' in User-Name = "satc0002@", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "IPASS" returns noop for request 27
rlm_realm: Looking up realm "" for User-Name = "satc0002@"
rlm_realm: No such realm ""
modcall[authorize]: module "suffix" returns noop for request 27
rlm_eap: No EAP-Message, not doing EAP
modcall[authorize]: module "eap" returns noop for request 27
modcall[authorize]: module "files" returns notfound for request 27
radius_xlat: 'satc0002@'
rlm_sql (sql): sql_set_user escaped user --> 'satc0002@'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'satc0002@' ORDER BY
id'
rlm_sql (sql): Reserving sql socket id: 2
radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Valu
e,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'satc0002@' AND usergroup.Gro
upName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'satc0002@' ORDER BY
id'
radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Valu
e,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'satc0002@' AND usergroup.Gro
upName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql): Released sql socket id: 2
modcall[authorize]: module "sql" returns ok for request 27
modcall: group authorize returns ok for request 27
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied CHAP-Password matches local User-Password
Login OK: [satc0002@/<CHAP-Password>] (from client Telecom-BRAS1-3 port 0)
Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 27
modcall[post-auth]: module "main_pool" returns noop for request 27
rlm_ippool: Searching for an entry for nas/port: 83.216.176.254/0
rlm_ippool: Found a stale entry for ip/port: 83.216.178.190/0
rlm_ippool: num: 0
rlm_ippool: Searching for an entry for nas/port: 83.216.176.254/0
rlm_ippool: Allocating ip to nas/port: 83.216.176.254/0
rlm_ippool: num: 1
rlm_ippool: Allocated ip 83.216.178.213 to client on nas 83.216.176.254,port 0
modcall[post-auth]: module "whsitt_pool" returns ok for request 27
radius_xlat: '/freerad100/var/log/radius/radacct/83.216.176.254/reply-detail-20050607'
rlm_detail: /freerad100/var/log/radius/radacct/%{Client-IP-Address}/reply-detail-%Y%m%d expands to /freer
ad100/var/log/radius/radacct/83.216.176.254/reply-detail-20050607
modcall[post-auth]: module "reply_log" returns ok for request 27
rlm_sql (sql): Processing sql_postauth
radius_xlat: 'satc0002@'
rlm_sql (sql): sql_set_user escaped user --> 'satc0002@'
radius_xlat: 'INSERT into radpostauth (id, user, pass, reply, date) values ('', 'satc0002@', 'Chap-Passw
ord', 'Access-Accept', NOW())'
rlm_sql (sql) in sql_postauth: query is INSERT into radpostauth (id, user, pass, reply, date) values ('',
'satc0002@', 'Chap-Password', 'Access-Accept', NOW())
rlm_sql (sql): Reserving sql socket id: 1
rlm_sql (sql): Released sql socket id: 1
modcall[post-auth]: module "sql" returns ok for request 27
modcall: group post-auth returns ok for request 27
Sending Access-Accept of id 228 to 83.216.176.254:21661
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Ascend-Client-Primary-DNS = 62.94.0.1
Ascend-Client-Secondary-DNS = 83.216.172.1
Framed-IP-Address = 83.216.178.213
Finished request 27
Going to the next request
THAT's ALL
Thanks a lot
More information about the Freeradius-Users
mailing list