Radius Proxying and IP injection

[John Williams]

Hi all

 

We are proxying a realm for a customer that takes ADSL connections from us.

Our ADSL connections terminate on a Cisco 7204 over an L2TP tunnel.

 

The proxying seems to be working fine as all requests for the realm are sent
to the customers radius server.

And our log files show that the authentication was "OK".

However the users that are authenticating are being dropped offline as soon
as they authenticate.

The account logs show the reason as being "User-Request" although the user
hasn't requested a disconnect, in fact they aren't connected long enough to
do so.

 

The customer is also sending a framed IP address for each user that connects
via the users radius users file entry.

I'm wondering if this has something to do with the problem, although I can't
really see why.

The customer is issuing IP addresses from our own RIPE allocation that the
Cisco knows about and we announce via BGP to upstreams.

 

I'm trying to get some radius and cisco debugging for these users, but
unfortunately everyone has buggered off home and most of the users are
offices.

So I guess I'm just wondering if there are any gotchas with radius proxying
and injecting IP addresses that anyone may have come across.

Or does anyone have any ideas what I should be looking for to help fix the
problem?

 

Thanks In Advance

John

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060612/16807c4f/attachment.html>