Framed-IP-Address Problem

Tawanda Kavayi tawanda at earth.co.zw
Wed Jan 11 08:51:43 CET 2012


Hi,

I am using Freeradius 2.1.12 with mysql and Daloradius GUI. My setup is 
a Wimax network with AAA for the ASN gateway being handled by 
Freeradius. My problem is that I have configured FR to assign framed ip 
addresses  to authenticated clients, but instead the IP's are being 
assigned from the IP pool on the ASN gateway, ignoring the configured 
framed IP's.

After authentication, mysql returns the correct framed-ip-address 
192.168.15.230 as seen below:

[chap] login attempt by "test at domain.com" with CHAP password
[chap] Using clear text password "test123" for user test at domain.com 
authentication.
[chap] chap user test at domain.com authenticated succesfully
++[chap] returns ok
Login OK: [test at domain.com] (from client domain-asn port 0 via TLS tunnel)
# Executing section post-auth from file 
/usr/local/etc/raddb/sites-enabled/inner-tunnel
+- entering group post-auth {...}
[sql]  expand: %{User-Name} -> test at domain.com
[sql] sql_set_user escaped user --> 'test at domain.com'
[sql]  expand: %{User-Password} ->
[sql]  ... expanding second conditional
[sql]  expand: %{Chap-Password} -> 0xc5b5adb448177f060c8a0ce8e2f5d9825b
[sql]  expand: INSERT INTO radpostauth                           
(username, pass, reply, authdate)                           VALUES 
(                           '%{User-Name}',                           
'%{%{User-Password}:-%{Chap-Password}}',                           
'%{reply:Packet-Type}', '%S') -> INSERT INTO 
radpostauth                           (username, pass, reply, 
authdate)                           VALUES (                           
'test at domain.com',                           
'0xc5b5adb448177f060c8a0ce8e2f5d9825b',                           
'Access-Accept', '2012-01-10 16:36:04')
rlm_sql (sql) in sql_postauth: query is INSERT INTO 
radpostauth                           (username, pass, reply, 
authdate)                           VALUES (                           
'test at domain.com',                           
'0xc5b5adb448177f060c8a0ce8e2f5d9825b',                           
'Access-Accept', '2012-01-10 16:36:04')
rlm_sql (sql): Reserving sql socket id: 0
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
} # server inner-tunnel
[ttls] Got tunneled reply code 2
  Framed-IP-Address == 192.168.15.230
[ttls] Got tunneled Access-Accept
[eap] Freeing handler
++[eap] returns ok
Login OK: [test at domain.com] (from client domain-asn port 0 cli 
00-1f-fb-20-77-36)
# Executing section post-auth from file 
/usr/local/etc/raddb/sites-enabled/default
+- entering group post-auth {...}
[main_pool] Could not find Pool-Name attribute.
++[main_pool] returns noop
[sql]  expand: %{User-Name} -> test at domain.com
[sql] sql_set_user escaped user --> 'test at domain.com'
[sql]  expand: %{User-Password} ->
[sql]  ... expanding second conditional
[sql]  expand: %{Chap-Password} ->
[sql]  expand: INSERT INTO radpostauth                           
(username, pass, reply, authdate)                           VALUES 
(                           '%{User-Name}',                           
'%{%{User-Password}:-%{Chap-Password}}',                           
'%{reply:Packet-Type}', '%S') -> INSERT INTO 
radpostauth                           (username, pass, reply, 
authdate)                           VALUES (                           
'test at domain.com',                           
'',                           'Access-Accept', '2012-01-10 16:36:04')
rlm_sql (sql) in sql_postauth: query is INSERT INTO 
radpostauth                           (username, pass, reply, 
authdate)                           VALUES (                           
'test at domain.com',                           
'',                           'Access-Accept', '2012-01-10 16:36:04')
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
++[sql] returns ok
++[exec] returns noop
[wimax] MIP-RK = 
0x47f3a3de8d92cc0321d93ba416a996bca3a05be28ce5f7fafe1bb8e5e808502314441d13c050e63812309136c0ec1146892dcea4d50314eb4b72a465bdcf7bb9
[wimax] MIP-SPI = 8cac90f1
[wimax] WARNING: WiMAX-MN-NAI was not found in the request or in the reply.
[wimax] WARNING: We cannot calculate MN-HA keys.
[wimax] WARNING: WiMAX-IP-Technology not found in reply.
[wimax] WARNING: Not calculating MN-HA keys
++[wimax] returns updated

However, a different IP address, 192.168.15.229,  is seen when the 
Accounting-Request packet is sent by the NAS:

rad_recv: Accounting-Request packet from host 192.168.12.214 port 24048, 
id=90, length=256
  User-Name = "test at domain.com"
  Calling-Station-Id = "\000\037\373 w6"
  NAS-IP-Address = 192.168.12.214
  Acct-Status-Type = Start
  Acct-Session-Id = "01B43771"
  NAS-Identifier = "domain-asn"
  Service-Type = Framed-User
  NAS-Port-Type = Wireless-802.16
  WiMAX-BS-Id = 0x000010000001
  Chargeable-User-Identity = "NUL"
  Acct-Authentic = RADIUS
  Vendor-Specific = 0x00001fe4340600000000
  Vendor-Specific = 0x00001fe40506294f0c02
  Vendor-Specific = 0x00001fe40606294f0c03
  Vendor-Specific = 0x00001fe4020c41505449435354455354
  Vendor-Specific = 0x00001fe4010600000007
  WiMAX-PDFID = 1
  WiMAX-Beginning-Of-Session = 1
  WiMAX-IP-Technology = Reserved-1
  Event-Timestamp = "Jan 10 2012 16:34:36 CAT"
  Framed-IP-Address = 192.168.15.229
  Framed-IP-Netmask = 255.255.255.255
  Vendor-Specific = 0x00001fe4180600000008

What should I be looking at to resolve this?

Regards,

Tawanda



More information about the Freeradius-Users mailing list