Release of the IP after the Acct-Stop (ippool)

Alan DeKok aland at deployingradius.com
Mon Oct 29 16:30:43 CET 2018


On Oct 29, 2018, at 10:53 AM, Lars Hillebrand <lars.hillebrand at fh-dortmund.de> wrote:
> 
> I have a question regarding the release of IP addresses with the module ippool.
> We are about to replace our old Feeradius 2.2.8 with a new 3.0.16 installation.
> This worked very well, but there is still a problem with the release of the IP pools after the Acct-Stop.
> 
> The corresponding "Acct-Status-Type = Stop" packets arrive correctly at the radius, but the evaluation is exited after the first "ippool area" within which no IP is found.
> (unabridged debug log in appendix —> debug_1)
> 
> 
> (6079) Mon Oct 29 14:40:20 2018: Debug:   User-Name = "user1"

  PLEASE follow the documentation.  It's not hard:  http://wiki.freeradius.org/list-help
> 
> (6079) Mon Oct 29 14:40:20 2018: Debug: FB1-B: EXPAND %{NAS-IP-Address} %{NAS-Port}
> (6079) Mon Oct 29 14:40:20 2018: Debug: FB1-B:    --> 193.25.18.219 202153984
> (6079) Mon Oct 29 14:40:20 2018: Debug: FB1-B: MD5 on 'key' directive maps to: 8c9ebba43c49461c579616773eb1d008
> (6079) Mon Oct 29 14:40:20 2018: Debug: FB1-B: Searching for an entry for key: '193.25.18.219 202153984'
> (6079) Mon Oct 29 14:40:20 2018: Debug: FB1-B: Entry not found
> (6079) Mon Oct 29 14:40:20 2018: Debug:     [FB1-B] = notfound

  What does that module do?  Is it the IP pool module?

  It's best to ask *good* questions and giving *useful* information.  We can't read your mind.

> (6079) Mon Oct 29 14:40:20 2018: Debug:   } # accounting = notfound
> (6079) Mon Oct 29 14:40:20 2018: Debug: Not sending reply to client.
> (6079) Mon Oct 29 14:40:20 2018: Debug: Finished request
> (6079) Mon Oct 29 14:40:21 2018: Debug: Cleaning up request packet ID 132 with timestamp +76
> 
> 
> If we adjust the order of the ippools in the site-availiable configuration so that the used area is in first place,

  What's the "used area"?  Please don't invent your own vocabulary when asking questions.  That makes it harder to help you.

> it will be evaluated correctly at the Acct-Stop and the IP address will be released but the evaluation will jump out again after the first pool without an entry.

  What does that mean?

> Does anyone know a similar behavior and has a tip for us?

  Follow the documentation.  It will work.

  If the IP pool module is returning "not found", then it's because the IP entry was not found.

  You can use the "rlm_ippool_tool" module to query the IP pool database.  See "man rlm_ippool_tool"

> The unabridged debug logs and the corresponding sites-available configuration (vpn) can be found in the appendix.

  The mailing list strips most attachments.  Please just post the relevant debug output inline.

  Alan DeKok.




More information about the Freeradius-Users mailing list