<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
</head>
<body bgcolor="#ffffff" text="#000000">
Sorry should have given this email a title...<br>
Simon Earthrowl wrote:
<blockquote id="mid_499BE6AC_5020709_eseye_com"
cite="mid:499BE6AC.5020709@eseye.com" type="cite">
<p style="margin-bottom: 0cm;">Hi,<br>
I am trying to configure free radius to
work with our 28 NASs.<br>
These NASs are split into two groups,
at different locations (equal split 14-14).<br>
ll NASs report NAS-IP-Address
correctly (ie uniquely)<br>
Any device requesting authentication
randomly connects to any one of the 28 NASs.<br>
All devices are unique, and
Calling-Station-ID is used to uniquely identify every device. There
is no possible chance of multiple instances connecting<br>
Some devices <b>may</b> require require
PAP/CHAP – the default being ignore User-Name etc. This is
configured on a device by device basis.<br>
Devices may require an alternative
configuration using Called-Station-ID<br>
Furthermore, I wish to use MySQL, so
that I can add new provisioned devices auto-magically, without
needing to tell the radius server.<br>
I've a freshly compiled version 2.1.3,
running on CentOS 5.3 – That was by far the easiest bit! Many
thanks for that.</p>
<p style="margin-bottom: 0cm;"><b>Now the problem....</b></p>
<p style="margin-bottom: 0cm;">Each set of NASs requires a different
Framed-IP-Address pool eg 10.0.0.0/24 for site1, and 10.8.0.0/24 for
site2 with Called-Station-Id = domain.com, and 192.168.110.0/26 for
site1, and 192.168.110.128/26 for site2 with Called-Station-Id =
domain.co.uk<br>
I'm using sqlippool to supply the IP.</p>
<p style="margin-bottom: 0cm;"><b>What I've tried.....</b></p>
<p style="margin-bottom: 0cm;">Pool-name : I've set this in
huntgroups, hints, clients.conf with no success whatsoever.<br>
Pool-Name: In netgroups – performace
was too slow, as I need 28 groups per device!<br>
Virtual-Servers: I just don't get
these. The README suggests I don't need a listen clause, the debug
output suggests I do. I'm concerned that if I go down this route,
I'll end up with slow responses again</p>
<p style="margin-bottom: 0cm;"><b>Where I've got to:</b></p>
<p style="margin-bottom: 0cm;">I'm using radcheck table with the
Sql-Name set to Calling-Station-ID, with Auth-Type := Accept (for the
default case), and adding User-Name & password checking for
specific PAP/CHAP authentication.</p>
<p style="margin-bottom: 0cm;"><b>What I need please</b></p>
<p style="margin-bottom: 0cm;">Easiest: A fix, so I can set Pool-Name
in clients.conf, or hints, that works in sqlippool.<br>
Intermediate: Another strategy that
will scale (not 28 groups per device)<br>
Or<br>
Advanced: A far better understanding of
where, and how, I can use unlang, and be able to calculate Pool-Name
within a context such that sqlippool will corectly allocate an IP
address.</p>
<p style="margin-bottom: 0cm;">Many thanks in anticipation for
help/suggestions being offered</p>
<p style="margin-bottom: 0cm;">kind regards</p>
<p style="margin-bottom: 0cm;">Simon</p>
<pre wrap="">
<hr size="4" width="90%">
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</blockquote>
<br>
</body>
</html>