two or more ippool

Jan Mulders lastchancehotel at gmail.com
Fri Oct 6 20:17:12 CEST 2006


You're using the wrong syntax for including the pools in each section.

Here's an example from my own config...

modules {
        ippool 512k_high {

                #  range-start,range-stop: The start and end ip
                #  addresses for the ip pool
                range-start =x.x.x.6
                range-stop =x.x.x.66

                #  netmask: The network mask used for the ip's
                netmask = 255.255.255.0

                #  cache-size: The gdbm cache size for the db
                #  files. Should be equal to the number of ip's
                #  available in the ip pool
                cache-size = 60

                # session-db: The main db file used to allocate ip's to clients
                session-db = ${raddbdir}/ippool.512k_high

                # ip-index: Helper db index file used in multilink
                ip-index = ${raddbdir}/ipindex.512k_high

                # override: Will this ippool override a
Framed-IP-Address already set
                override = no

                # maximum-timeout: If not zero specifies the maximum
time in seconds an
                # entry may be active. Default: 0
                maximum-timeout = 0
        }
 ippool 512k_low {
...................


instantiate {
}

authorize {
                preprocess
                sql
}

authenticate {
                pap
}

preacct {
                preprocess
}

accounting {l
                radutmp
                512k_high
                512k_low
                10m_high
                10m_low
                sql
}


session {
                radutmp
                sql

}
post-auth {
                sql
                512k_high
                512k_low
                10m_high
                10m_low
}


Also, I notice that 'mygroup' has IP assignments from 2 pools. This
can't work, because RADIUS will just select the first one it gets from
MySQL. May I suggest either subdividing your users into two groups, or
merging the two groups?

Hope this helps,

Jan

On 06/10/06, Roberto Gonzalez Azevedo <rgonzalez at censanet.com.br> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I'm having some trouble with ippool.
> I have some ip pools who need to be distributed
> for my clients.
>
> There is a example, my radiusd.conf:
> ...
> ippool p0 {
>   range-start = xx.xx.xx.1
>   range-stop = xx.xx.xx.20
>   netmask = 255.255.255.0
>
>   cache-size = 32
>   session-db = ${raddbdir}/ippool/db.ippool.p0
>   ip-index = ${raddbdir}/ippool/db.ipindex.p0
>
>   override = yes
>   maximum-timeout = 0
> }
>
> ippool p1 {
>   range-start = xx.xx.xx.21
>   range-stop = xx.xx.xx.40
>   netmask = 255.255.255.0
>
>   cache-size = 32
>   session-db = ${raddbdir}/ippool/db.ippool.p1
>   ip-index = ${raddbdir}/ippool/db.ipindex.p1
>
>   override = yes
>   maximum-timeout = 0
> }
> ...
>
> In accounting:
> accounting {
>         ...
>         group mypools {
>                 p0
>                 p1
>         }
>         ...
> }
>
> In post-auth:
> post-auth {
>         ...
>         group mypools {
>                 p0
>                 p1
>         }
>         ...
> }
>
>
> In (mysql) radgroupcheck :
>
> +-----+-------------------+------------------+----+-------------+------+
> | id  | GroupName         | Attribute        | op | Value       | prio |
> +-----+-------------------+------------------+----+-------------+------+
> |  30 | mygroup           | Pool-Name        | := | p0          |    1 |
>
> |  31 | mygroup           | Pool-Name        | := | p1          |    1 |
>
> ...
>
>
> It's working, but my clients only catch IP from the first pool (p0).
> They never catch from others pools (p1, p2 ...).
>
> Somebody already had a problem like this?
>
> Thanks !!!
> - --
> - ----------------------------
> Roberto Gonzalez Azevedo
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (GNU/Linux)
>
> iD8DBQFFJmaWF+EMwkXLsEwRAt+jAJ45YW7n1JkYxje54bNCtsRs5rmwXgCfUnf/
> NFDvR7t4usmdljxm/xB26XQ=
> =xMzx
> -----END PGP SIGNATURE-----
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list