sqlippool and exhausted pool

Alberio Mirko mirko.alberio at telemar.it
Mon Jul 19 15:30:33 CEST 2021 

Ok, thanks: investigating in the NAS: i tried debugging that user with 
IP 185.138.36.176

that has expiry_time on 2021-01-15 20:12:31

I tried disconnecting his PPPOE session, shortly afterward I get this 
request in the freeradius/radacct/NASIPADDRESS/ log files

Mon Jul 19 15:25:35 2021
         Packet-Type = Access-Request
         Service-Type = Framed-User
         Framed-Protocol = PPP
         NAS-Port = 15923828
         NAS-Port-Type = Ethernet
         User-Name = "xxxxxxxxx"
         Calling-Station-Id = "50:0F:F5:D9:86:80"
         Called-Station-Id = "vlan101"
         NAS-Port-Id = "vlan101-zzzzzz"
         NAS-Identifier = "yyyy"
         NAS-IP-Address = 10.255.255.85
         Timestamp = 1626701135

And the authentication is fine. But still the expiry_time isn't updated. 
I should se another Accounting request below that right?


Mirko Alberio
Amministratore di Sistemi


Via Enrico Fermi, 235 - 36100 Vicenza - Italia
Tel 0444 291302 - Fax 0444 566310 - www.telemar.it <http://www.telemar.it>
Reg. Imp. Di Vicenza /C.F./P.I. 02508710247
Cap. Soc. € 120.000,00 I.V.
R.E.A. VI-236292

<https://it-it.facebook.com/TelemarIt/> 
<https://www.instagram.com/telemar_it/> 
<https://it.linkedin.com/company/telemar-s-p-a->

Il presente messaggio non costituisce offerta e/o accettazione 
contrattuale.

Ai sensi del Regolamento europeo per la protezione dei dati personali n. 
679/2016 (GDPR) si precisa che le informazioni contenute in questo 
messaggio e/o nel/i file/s allegato/i sono riservate ed a uso esclusivo 
del destinatario. Qualora il messaggio in parola Le fosse pervenuto per 
errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a 
terzi, dandocene gentilmente comunicazione. Grazie.
Pursuant to General Data Protection Regulation (GDPR), you are hereby 
informed that this message contains confidential information intended 
only for the use of the addressee. If you are not the addressee, and 
have received this message by mistake, please delete it and immediately 
notify us. You may not copy or disseminate this message to anyone. Thank 
you.


Il 19/07/2021 15:04, Alan DeKok ha scritto:
> On Jul 19, 2021, at 8:55 AM, Alberio Mirko <mirko.alberio at telemar.it> wrote:
>> Hi Alan, thanks for the answer, I have some doubts:
>>
>>    The module returns FAIL if it can't assign an IP address.
>>
>>    What happens after that depends on your local configuration
>>
>> What do you mean with "depends on your local configuration"?
>    The module just returns "fail".  Then, the virtual server gets processed as normal.  This means any additional unlang rules, or modules, or...
>
>    i.e. whatever is in the virtual server.  Which is your local configuration.
>
>>    Which comes from where?
>> That is the point: the customer takes an IP from the pool without allocating the pool. Maybe is something related to the above question? Meaning is there something I miss to "block" a user on sqlippool module FAIL?
>    No.  If the module returns "fail", then it hasn't assigned an IP.
>
>    Something else is going on.  Either the NAS is assigning an IP, or something else is assigning an IP.  You need to track down what's going on.  Perhaps by checking debug output...
>
>> And another thing I noticed:
>>
>> <pgdabjemfidclimd.png>
>>
>> we have some expiry_time way back in the past, but the ip is correctly assigned in NAS:
>    The IP is in use by the NAS.  It is not CORRECTLY assigned in the NAS.
>
>> <djjikgpmfhkndkah.png>
>>
>> What could it be?
>    Your NAS is broken.
>
>    If the DB says that the IP is expired, then FreeRADIUS thinks that the IP has expired.  And can therefore assign it again.
>
>    However, if the IP is still in use by the NAS, then assigning the IP to another system will cause problems.  The NAS SHOULD be sending accounting packets which indicate that the session is still in use, and that the IP is still allocated.  If those packets are sent, then FreeRADIUS will update the DB to say that the IP is still in use.
>
>    So what's happening here one of two things:
>
> 1) your NAS isn't sending accounting update messages
>
> 2) you've configured FreeRADIUS to not run the sqlippool module when it receives accounting update messages.
>
>    (1) is much more likely than (2).
>
>    Fix the NAS, and the problem will go away.
>
>    Alan DeKok.
>

More information about the Freeradius-Users mailing list