<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.18702">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2 face=Arial>
<DIV><FONT size=2 face=Arial>Firstly, let me apologies now for asking what is
most probably a simple question to you long standing veterans of
freeRADIUS.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I've search the INTERNET for 5 days now and late
into the evening, but I'm totally stumped in resolving my problem, so I would
appreciate any guidance from the experts. I've configured as per the many
guides I've found and have a basic understanding of how this all works, but
there is no information anywhere on how to setup the Users / Client details for
freeRADIUS.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I've been using poptop (pptpd) server for several
weeks, with great success, but now I wish to introduce freeRADIUS.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>The problem, I'm facing is the allocation of IP
address / GW / DNS by freeRADIUS for the VPN connections coming onto my
server.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>my service PrivateIP address is
19x.xxx.xxx.190</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I've iptables setup to forward all NAT traffic
through the PRIVATEIP, but allocation of a GW of 10.0.0.1 and a Client IP of
10.0.0.200</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>However, when I connect and freeRADIUS
authenticates me SUCCESSFULLY. I get given a IP of 192.168.2.82 from the
test_pool, but pool range-start = 10.0.0.100 range-stop =
10.0.0.199 which is totally different to the address allocated by the pool.
ANY IDEAS?</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>/var/log/messages</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>May 22 21:49:13 server pppd[765]: MPPE 128-bit
stateless compression enabled<BR>May 22 21:49:15 server pppd[765]: Cannot
determine ethernet address for proxy ARP<BR>May 22 21:49:15 server
pppd[765]: local IP address 10.0.0.1<BR>May 22 21:49:15 server
pppd[765]: remote IP address 192.168.2.82</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>radiusd -X</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>rad_recv: Access-Request packet from host 127.0.0.1
port 34510, id=245, length=133<BR>
Service-Type = Framed-User<BR>
Framed-Protocol = PPP<BR> User-Name =
"test1"<BR> MS-CHAP-Challenge =
0xd4fd1b2f3b03fa424ae2ccc6dcd11029<BR>
MS-CHAP2-Response =
0x87001d6e9a747c3545dd123d19c410c037be00000000000000002b9c7e96783abd1954a72ae8f4bc4733b1470477ba725366<BR>
NAS-IP-Address = 127.0.0.1<BR>
NAS-Port = 0<BR>+- entering group authorize {...}<BR>++[preprocess] returns
ok<BR>[auth_log] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20090522<BR>[auth_log]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d
expands to
/usr/local/var/log/radius/radacct/127.0.0.1/auth-detail-20090522<BR>[auth_log]
expand: %t -> Fri May 22 22:46:15 2009<BR>++[auth_log] returns ok<BR>++[chap]
returns noop<BR>[mschap] Found MS-CHAP attributes. Setting
'Auth-Type = mschap'<BR>++[mschap] returns ok<BR>[suffix] No <A
href="mhtml:{84FE4541-781E-4A18-A585-B239F10E774B}mid://00000206/!x-usc:mailto:'@'">'@'</A>
in User-Name = "test1", looking up realm NULL<BR>[suffix] No such realm
"NULL"<BR>++[suffix] returns noop<BR>[eap] No EAP-Message, not doing
EAP<BR>++[eap] returns noop<BR>[files] users: Matched entry DEFAULT at line
70<BR>[files] users: Matched entry test1 at line 77<BR>++[files] returns
ok<BR>++[expiration] returns noop<BR>++[logintime] returns noop<BR>[pap] Found
existing Auth-Type, not changing it.<BR>++[pap] returns noop<BR>Found Auth-Type
= MSCHAP<BR>+- entering group MS-CHAP {...}<BR>[mschap] Told to do MS-CHAPv2 for
test1 with NT-Password<BR>[mschap] adding MS-CHAPv2 MPPE keys<BR>++[mschap]
returns ok<BR>+- entering group post-auth
{...}<BR>[test_pool] expand: %{NAS-IP-Address}
%{NAS-Port} -> 127.0.0.1 0<BR>[test_pool] MD5 on 'key' directive maps to:
ee0282d57992a30bce29ea43d092ac16<BR>[test_pool] Searching for an entry for key:
'ee0282d57992a30bce29ea43d092ac16'<BR>rlm_ippool: Allocating ip to key:
'ee0282d57992a30bce29ea43d092ac16'<BR>[test_pool] num: 1<BR>[test_pool]
Allocated ip 192.168.2.82 to client key:
ee0282d57992a30bce29ea43d092ac16<BR>++[test_pool] returns ok<BR>++[exec] returns
noop<BR>Sending Access-Accept of id 245 to 127.0.0.1 port
34510<BR> Service-Type =
Framed-User<BR> Session-Timeout =
65000<BR> Framed-Protocol =
PPP<BR> Framed-MTU =
1400<BR> MS-CHAP2-Success =
0x87533d46313037374533443535323430343534463737333338463639364534383642374434433244333842<BR>
MS-MPPE-Recv-Key =
0x5a21400d6e5601f9c7201a94d401eefb<BR>
MS-MPPE-Send-Key =
0x14eadb5ada027ccdd63a6cf372f0defd<BR>
MS-MPPE-Encryption-Policy =
0x00000001<BR>
MS-MPPE-Encryption-Types =
0x00000006<BR> Framed-IP-Address =
192.168.2.82<BR> Framed-IP-Netmask =
255.255.255.0<BR>Finished request 0.<BR>Going to the next request<BR>Waking up
in 4.9 seconds.<BR>rad_recv: Accounting-Request packet from host 127.0.0.1 port
43515, id=246, length=97<BR>
Acct-Session-Id = "4A172B390A9300"<BR>
User-Name = "test1"<BR>
Acct-Status-Type = Start<BR>
Service-Type = Framed-User<BR>
Framed-Protocol = PPP<BR>
Acct-Authentic = RADIUS<BR>
NAS-Port-Type = Async<BR>
Framed-IP-Address = 192.168.2.82<BR>
NAS-IP-Address = 127.0.0.1<BR>
NAS-Port = 0<BR> Acct-Delay-Time =
0<BR>+- entering group preacct {...}<BR>++[preprocess] returns
ok<BR>[acct_unique] Hashing 'NAS-Port = 0,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id =
"4A172B390A9300",User-Name = "test1"'<BR>[acct_unique] Acct-Unique-Session-ID =
"29e101f9a598e8fe".<BR>++[acct_unique] returns ok<BR>[suffix] No <A
href="mhtml:{84FE4541-781E-4A18-A585-B239F10E774B}mid://00000206/!x-usc:mailto:'@'">'@'</A>
in User-Name = "test1", looking up realm NULL<BR>[suffix] No such realm
"NULL"<BR>++[suffix] returns noop<BR>++[files] returns noop<BR>+- entering group
accounting {...}<BR>[detail] expand:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/usr/local/var/log/radius/radacct/127.0.0.1/detail-20090522<BR>[detail]
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to
/usr/local/var/log/radius/radacct/127.0.0.1/detail-20090522<BR>[detail]
expand: %t -> Fri May 22 22:46:17 2009<BR>++[detail] returns ok<BR>++[unix]
returns ok<BR>[radutmp] expand:
/usr/local/var/log/radius/radutmp ->
/usr/local/var/log/radius/radutmp<BR>[radutmp]
expand: %{User-Name} -> test1<BR>++[radutmp] returns ok<BR>[test_pool] This
is not an Accounting-Stop. Return NOOP.<BR>++[test_pool] returns
noop<BR>[attr_filter.accounting_response]
expand: %{User-Name} -> test1<BR> attr_filter: Matched entry DEFAULT at
line 12<BR>++[attr_filter.accounting_response] returns updated<BR>Sending
Accounting-Response of id 246 to 127.0.0.1 port 43515<BR>Finished request
1.<BR>Cleaning up request 1 ID 246 with timestamp +44<BR>Going to the next
request<BR>Waking up in 2.9 seconds.<BR>Cleaning up request 0 ID 245 with
timestamp +42<BR>Ready to process requests.<BR></FONT><FONT size=2
face=Arial></FONT></DIV>
<DIV><FONT size=2 face=Arial>freeRADIUS Configurations</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial><STRONG>users</STRONG></FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>DEFAULT Pool-Name :=
test_pool<BR> Fall-Through =
Yes</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>test1 Cleartext-Password :=
"test1"<BR> Service-Type =
Framed-User,<BR> Session-Timeout =
65000,<BR> Framed-Protocol =
PPP,<BR> Framed-MTU =
1400,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial><STRONG>ippool module</STRONG></FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>ippool test_pool
{<BR> range-start =
10.0.0.100<BR> range-stop =
10.0.0.199<BR> netmask =
255.255.255.0<BR> cache-size =
800<BR> session-db =
${db_dir}/db.ippool<BR> ip-index =
${db_dir}/db.ipindex<BR> override =
no<BR> maximum-timeout =
0<BR> #key = "%{NAS-IP-Address}
%{NAS-Port}"<BR>}</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial><STRONG>POPTOP Configuration
Files</STRONG></FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2
face=Arial><STRONG>/etc/ppp/options.pptpd</STRONG></FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>name
pptpd<BR>#chapms-strip-domain<BR>refuse-pap<BR>refuse-chap<BR>refuse-mschap<BR>require-mschap-v2<BR>require-mppe-128<BR>ms-dns
208.67.222.222<BR>ms-dns
208.67.222.220<BR>proxyarp<BR>debug<BR>dump<BR>lock<BR>nobsdcomp
<BR>novj<BR>novjccomp<BR>noipv6<BR>noipx<BR>nologfd<BR>plugin
radius.so<BR>plugin radattr.so</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial><STRONG>/etc/pptpd.conf</STRONG></FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>ppp /usr/sbin/pppd<BR>option
/etc/ppp/options.pptpd<BR>debug<BR>noipparam<BR>#logwtmp<BR>#bcrelay
eth1<BR>delegate<BR>connections 100<BR>localip
10.0.0.1<BR></DIV></FONT></FONT></DIV></BODY></HTML>