sqlippool --> ip's expiring and being allocated again

Petre Bandac petre at kgb.ro
Thu Oct 17 11:35:04 CEST 2013


On Wed, 16 Oct 2013 23:10:34 -0400
Alan DeKok <aland at deployingradius.com> wrote:

> Petre Bandac wrote:
> > pool ip's are allocated correctly, but after the lease-duration is
> > reached, they are deleted from the radippool table.
> 
>   That's how IP pools work.
> 
> > This causes the ip to be once again assigned to another user, who in
> > turn requires a new login, since this ip won't work
> 
>   Umm... *why* won't it work?  You should really figure that out.

I believe this is because the same ip is allocated to two different
users (I can see this with radwho); freeradius sees the ip as "free" in
radippool table (since it exceeded lease-time, it has now all fields
empty and is eligible for a new allocation) and hands it over to the
new request

> > I have tried to enforce a "keep-alive" with acct-interim, but it
> > doesn't work, the ip's are deleted from radippool when the lease
> > time is up ?
> > 
> > how can I prevent this ?
> 
>   You can't.  IP's are no longer valid when the lease time is up.
> 
> > root at core-router:/etc/freeradius# radtest -x petreb petreb localhost
> > 1980 radiuspass
> > Sending Access-Request of id 7 to 127.0.0.1 port 1812
> > 	User-Name = "petreb"
> > 	User-Password = "petreb"
> > 	NAS-IP-Address = 1.1.1.1
> > 	NAS-Port = 1980
> > rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=7,
> > length=38
> > Acct-Interim-Interval = 120 Session-Timeout = 1195235
> > 	Framed-IP-Address = 1.1.1.2
> 
>   You'll note the Session-Timeout.  When IP's are assigned through
> RADIUS, they get sent to the NAS.  The NAS is then responsible for
> enforcing session expiry.
> 
>   And when the session expires, so does the IP.
> 
>   If the NAS allows the IP to still be used after session expiry, then
> the NAS is wrong and broken.  It needs to be thrown in the garbage,
> and replaced with a NAS that works.
> 
>   No amount of poking FreeRADIUS will fix a broken NAS.

Freeradius sits behind a pppoe server

Rephrasing my question: I want to detect the lost ppp connections (I
suppose there is a timeout set somewhere) and delete the ip from
radippool without waiting the lease-time set in radius (something like
the check dhcp does with the handled ip addresses)

an excerpt of the freeradius -X is @ http://pastebin.ca/2467690

as my radius knowledge is very chaotic/hands-on approach, I appreciate
any hint.

Thank you for your time,

petre


















>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list