<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<a class="moz-txt-link-abbreviated" href="mailto:tnt@kalik.net">tnt@kalik.net</a> a écrit :
<blockquote cite="mid:j7GOCZSZ.1233060216.6466930.tnt@kalik.net"
type="cite">
<blockquote type="cite">
<pre wrap="">thanks for your return. I have added:
$RAD_REPLY{'Framed-IP-Address'} = "10.218.6.1";
return RLM_MODULE_OK;
but no change, he use the pool included into the cisco ASA (10.218.4.5)
a error of me ?
</pre>
</blockquote>
<pre wrap=""><!---->
Do a debug (radiusd -X) and see did the attribute make it into the
Access-Accept packet. If it is sent to Cisco - the problem is on ASA. Do
debug aaa there and see why is it ignoring static IP address.
Ivan Kalik
Kalik Informatika ISP
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
Ok, first this is the debug of Freeradius:<br>
<br>
<br>
rad_recv: Access-Request packet from host 10.218.7.243:1025, id=50,
length=165<br>
User-Name = "usertest"<br>
User-Password = "XXX"<br>
NAS-Port = 1011712<br>
Service-Type = Framed-User<br>
Framed-Protocol = PPP<br>
Called-Station-Id = "62.XX.XX.XX"<br>
Calling-Station-Id = "88.XX.XX.XX"<br>
NAS-Port-Type = Virtual<br>
Tunnel-Client-Endpoint:0 = "88.XX.XX.XX"<br>
NAS-IP-Address = 10.218.7.243<br>
Cisco-AVPair = "ip:source-ip=88.166.47.158y\223"<br>
Processing the authorize section of radiusd.conf<br>
modcall: entering group authorize for request 1<br>
modcall[authorize]: module "preprocess" returns ok for request 1<br>
modcall[authorize]: module "chap" returns noop for request 1<br>
modcall[authorize]: module "mschap" returns noop for request 1<br>
rlm_realm: No '@' in User-Name = "usertest", looking up realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "suffix" returns noop for request 1<br>
rlm_eap: No EAP-Message, not doing EAP<br>
modcall[authorize]: module "eap" returns noop for request 1<br>
users: Matched entry DEFAULT at line 154<br>
users: Matched entry DEFAULT at line 173<br>
users: Matched entry DEFAULT at line 185<br>
modcall[authorize]: module "files" returns ok for request 1<br>
Using perl at 0x8146460<br>
rlm_perl: Added pair Framed-Protocol = PPP<br>
rlm_perl: Added pair Service-Type = Framed-User<br>
rlm_perl: Added pair Framed-IP-Address = 10.218.4.120<br>
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.0<br>
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP<br>
rlm_perl: Added pair Framed-MTU = 576<br>
rlm_perl: Added pair Framed-Protocol = PPP<br>
rlm_perl: Added pair Service-Type = Framed-User<br>
rlm_perl: Added pair Auth-Type = Perl<br>
modcall[authorize]: module "perl" returns ok for request 1<br>
modcall: leaving group authorize (returns ok) for request 1<br>
rad_check_password: Found Auth-Type Perl<br>
auth: type "Perl"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group Perl for request 1<br>
Using perl at 0x8146460<br>
rlm_perl: Added pair Framed-Protocol = PPP<br>
rlm_perl: Added pair h323-credit-amount = 100<br>
rlm_perl: Added pair Service-Type = Framed-User<br>
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254<br>
rlm_perl: Added pair Framed-IP-Netmask = 255.255.255.0<br>
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP<br>
rlm_perl: Added pair Framed-MTU = 576<br>
rlm_perl: Added pair Framed-Protocol = PPP<br>
rlm_perl: Added pair Service-Type = Framed-User<br>
rlm_perl: Added pair Auth-Type = Perl<br>
modcall[authenticate]: module "perl" returns ok for request 1<br>
modcall: leaving group Perl (returns ok) for request 1<br>
Login OK: [usertest/XX] (from client 10.218.7.243 port 1011712 cli
88.xx.xx.xx)<br>
Sending Access-Accept of id 50 to 10.218.7.243 port 1025<br>
Framed-IP-Address = 255.255.255.254<br>
Framed-MTU = 576<br>
Service-Type = Framed-User<br>
Framed-Protocol = PPP<br>
Framed-Compression = Van-Jacobson-TCP-IP<br>
Framed-IP-Netmask = 255.255.255.0<br>
h323-credit-amount = "100"<br>
Finished request 1<br>
Going to the next request<br>
--- Walking the entire request list ---<br>
Waking up in 6 seconds...<br>
--- Walking the entire request list ---<br>
Cleaning up request 1 ID 50 with timestamp 497f20c3<br>
Nothing to do. Sleeping until we see a request.<br>
<br>
<br>
<br>
<br>
</body>
</html>