Is there any layer 3 device between client and dhcp server? Then you need dhcp relay agent,<span></span> if that is not the case chk firewall. <div>Thanks<br><br>On Tuesday, February 12, 2013, Michele Pinassi wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi all,<br>
<br>
i've just installed a FreeRadius server 2.2.0 with DHCP support because<br>
i need a dhcp server that use MySQL ad a backend.<br>
<br>
My network topology is:<br>
<br>
eth0 inet addr:193.205.4.xxx [PUBLIC]<br>
eth1 inet addr:172.20.1.2 [PRIVATE]<br>
<br>
all dhcp requests and reply should come from eth1. Here is freeradius -X<br>
dump:<br>
<br>
FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20<br>
2012 at 13:37:59<br>
Copyright (C) 1999-2012 The FreeRADIUS server project and contributors.<br>
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A<br>
PARTICULAR PURPOSE.<br>
You may redistribute copies of FreeRADIUS under the terms of the<br>
GNU General Public License v2.<br>
Starting - reading configuration files ...<br>
including configuration file /etc/freeradius/radiusd.conf<br>
including configuration file /etc/freeradius/clients.conf<br>
including files in directory /etc/freeradius/mods-enabled/<br>
including configuration file /etc/freeradius/mods-enabled/replicate<br>
including configuration file /etc/freeradius/mods-enabled/smsotp<br>
including configuration file /etc/freeradius/mods-enabled/preprocess<br>
including configuration file /etc/freeradius/mods-enabled/ldap<br>
including configuration file /etc/freeradius/mods-enabled/counter<br>
including configuration file /etc/freeradius/mods-enabled/detail.log<br>
including configuration file /etc/freeradius/mods-enabled/otp<br>
including configuration file /etc/freeradius/mods-enabled/inner-eap<br>
including configuration file /etc/freeradius/mods-enabled/acct_unique<br>
including configuration file /etc/freeradius/mods-enabled/wimax<br>
including configuration file /etc/freeradius/mods-enabled/dynamic_clients<br>
including configuration file /etc/freeradius/mods-enabled/etc_group<br>
including configuration file /etc/freeradius/mods-enabled/redis<br>
including configuration file /etc/freeradius/mods-enabled/cui<br>
including configuration file /etc/freeradius/mods-enabled/ntlm_auth<br>
including configuration file /etc/freeradius/mods-enabled/cache<br>
including configuration file /etc/freeradius/mods-enabled/mac2ip<br>
including configuration file /etc/freeradius/mods-enabled/dhcp_sqlippool<br>
including configuration file /etc/freeradius/sql/mysql/ippool-dhcp.conf<br>
including configuration file /etc/freeradius/mods-enabled/policy<br>
including configuration file /etc/freeradius/mods-enabled/expiration<br>
including configuration file /etc/freeradius/mods-enabled/logintime<br>
including configuration file /etc/freeradius/mods-enabled/radutmp<br>
including configuration file /etc/freeradius/mods-enabled/smbpasswd<br>
including configuration file /etc/freeradius/mods-enabled/ippool<br>
including configuration file /etc/freeradius/mods-enabled/rediswho<br>
including configuration file /etc/freeradius/mods-enabled/pam<br>
including configuration file /etc/freeradius/mods-enabled/soh<br>
including configuration file /etc/freeradius/mods-enabled/<a href="http://detail.example.com" target="_blank">detail.example.com</a><br>
including configuration file /etc/freeradius/mods-enabled/realm<br>
including configuration file /etc/freeradius/mods-enabled/mac2vlan<br>
including configuration file /etc/freeradius/mods-enabled/attr_filter<br>
including configuration file /etc/freeradius/mods-enabled/exec<br>
including configuration file /etc/freeradius/mods-enabled/pap<br>
including configuration file /etc/freeradius/mods-enabled/unix<br>
including configuration file /etc/freeradius/mods-enabled/passwd<br>
including configuration file /etc/freeradius/mods-enabled/echo<br>
including configuration file /etc/freeradius/mods-enabled/sradutmp<br>
including configuration file /etc/freeradius/mods-enabled/always<br>
including configuration file /etc/freeradius/mods-enabled/checkval<br>
including configuration file /etc/freeradius/mods-enabled/chap<br>
including configuration file /etc/freeradius/mods-enabled/mschap<br>
including configuration file /etc/freeradius/mods-enabled/krb5<br>
including configuration file /etc/freeradius/mods-enabled/sql_log<br>
including configuration file /etc/freeradius/mods-enabled/attr_rewrite<br>
including configuration file /etc/freeradius/mods-enabled/files<br>
including configuration file /etc/freeradius/mods-enabled/perl<br>
including configuration file /etc/freeradius/mods-enabled/radrelay<br>
including configuration file<br>
/etc/freeradius/mods-enabled/sqlcounter_expire_on_login<br>
including configuration file /etc/freeradius/mods-enabled/expr<br>
including configuration file /etc/freeradius/mods-enabled/linelog<br>
including configuration file /etc/freeradius/mods-enabled/opendirectory<br>
including configuration file /etc/freeradius/mods-enabled/detail<br>
including configuration file /etc/freeradius/mods-enabled/digest<br>
including configuration file /etc/freeradius/eap.conf<br>
including configuration file /etc/freeradius/sql.conf<br>
including configuration file /etc/freeradius/sqlippool.conf<br>
including configuration file /etc/freeradius/sql/mysql/ippool.conf<br>
including configuration file /etc/freeradius/policy.conf<br>
including files in directory /etc/freeradius/sites-enabled/<br>
including configuration file /etc/freeradius/sites-enabled/dhcp<br>
including configuration file /etc/freeradius/sites-enabled/default<br>
main {<br>
user = "root"<br>
group = "freerad"<br>
allow_core_dumps = no<br>
}<br>
including dictionary file /etc/freeradius/dictionary<br>
main {<br>
name = "freeradius"<br>
prefix = "/usr"<br>
localstatedir = "/var"<br>
sbindir = "/usr/sbin"<br>
logdir = "/var/log/freeradius"<br>
run_dir = "/var/run/freeradius"<br>
libdir = "/usr/lib/freeradius"<br>
radacctdir = "/var/log/freeradius/radacct"<br>
hostname_lookups = no<br>
max_request_time = 30<br>
cleanup_delay = 5<br>
max_requests = 1024<br>
pidfile = "/var/run/freeradius/freeradius.pid"<br>
checkrad = "/usr/sbin/checkrad"<br>
debug_level = 0<br>
proxy_requests = no<br>
log {<br>
stripped_names = no<br>
auth = no<br>
auth_badpass = no<br>
auth_goodpass = no<br>
}<br>
security {<br>
max_attributes = 200<br>
reject_delay = 1<br>
status_server = yes<br>
}<br>
}<br>
radiusd: #### Loading Realms and Home Servers ####<br>
radiusd: #### Loading Clients ####<br>
client localhost {<br>
ipaddr = 127.0.0.1<br>
require_message_authenticator = no<br>
secret = "testing123"<br>
nastype = "other"<br>
}<br>
radiusd: #### Instantiating modules ####<br>
instantiate {<br>
Module: Linked to module rlm_exec<br>
Module: Instantiating module "exec" from file<br>
/etc/freeradius/mods-enabled/exec<br>
exec {<br>
wait = no<br>
input_pairs = "request"<br>
shell_escape = yes<br>
}<br>
Module: Linked to module rlm_expr<br>
Module: Instantiating module "expr" from file<br>
/etc/freeradius/mods-enabled/expr<br>
Module: Linked to module rlm_expiration<br>
Module: Instantiating module "expiration" from file<br>
/etc/freeradius/mods-enabled/expiration<br>
expiration {<br>
reply-message = "Password Has Expired "<br>
}<br>
Module: Linked to module rlm_logintime<br>
Module: Instantiating module "logintime" from file<br>
/etc/freeradius/mods-enabled/logintime<br>
logintime {<br>
reply-message = "You are calling outside your allowed timespan "<br>
minimum-timeout = 60<br>
}<br>
}<br>
radiusd: #### Loading Virtual Servers ####<br>
server { # from file /etc/freeradius/radiusd.conf<br>
modules {<br>
Module: Creating Auth-Type = digest<br>
Module: Creating Post-Auth-Type = REJECT<br>
Module: Checking authenticate {...} for more modules to load<br>
Module: Linked to module rlm_pap<br>
Module: Instantiating module "pap" from file<br>
/etc/freeradius/mods-enabled/pap<br>
pap {<br>
encryption_scheme = "auto"<br>
auto_header = no<br>
}<br>
Module: Linked to module rlm_chap<br>
Module: Instantiating module "chap" from file<br>
/etc/freeradius/mods-enabled/chap<br>
Module: Linked to module rlm_mschap<br>
Module: Instantiating module "mschap" from file<br>
/etc/freeradius/mods-enabled/mschap<br>
mschap {<br>
use_mppe = yes<br>
require_encryption = no<br>
require_strong = no<br>
with_ntdomain_hack = no<br>
allow_retry = yes<br>
}<br>
Module: Linked to module rlm_digest<br>
Module: Instantiating module "digest" from file<br>
/etc/freeradius/mods-enabled/digest<br>
Module: Linked to module rlm_unix<br>
Module: Instantiating module "unix" from file<br>
/etc/freeradius/mods-enabled/unix<br>
unix {<br>
radwtmp = "/var/log/freeradius/radwtmp"<br>
}<br>
Module: Linked to module rlm_eap<br>
Module: Instantiating module "eap" from file /etc/freeradius/eap.conf<br>
eap {<br>
default_eap_type = "md5"<br>
timer_expire = 60<br>
ignore_unknown_eap_types = no<br>
cisco_accounting_username_bug = no<br>
max_sessions = 4096<br>
}<br>
Module: Linked to sub-module rlm_eap_md5<br>
Module: Instantiating eap-md5<br>
Module: Linked to sub-module rlm_eap_leap<br>
Module: Instantiating eap-leap<br>
Module: Linked to sub-module rlm_eap_gtc<br>
Module: Instantiating eap-gtc<br>
gtc {<br>
challenge = "Password: "<br>
auth_type = "PAP"<br>
}<br>
Module: Linked to sub-module rlm_eap_tls<br>
Module: Instantiating eap-tls<br>
tls {<br>
rsa_key_exchange = no<br>
dh_key_exchange = yes<br>
rsa_key_length = 512<br>
dh_key_length = 512<br>
verify_depth = 0<br>
CA_path = "/etc/freeradius/certs"<br>
pem_file_type = yes<br>
private_key_file = "/etc/freeradius/certs/server.key"<br>
certificate_file = "/etc/freeradius/certs/server.pem"<br>
CA_file = "/etc/freeradius/certs/ca.pem"<br>
private_key_password = "whatever"<br>
dh_file = "/etc/freeradius/certs/dh"<br>
random_file = "/dev/urandom"<br>
fragment_size = 1024<br>
include_length = yes<br>
check_crl = no<br>
cipher_list = "DEFAULT"<br>
make_cert_command = "/etc/freeradius/certs/bootstrap"<br>
ecdh_curve = "prime256v1"<br>
cache {<br>
enable = no<br>
lifetime = 24<br>
max_entries = 255<br>
}<br>
verify {<br>
}<br>
ocsp {<br>
enable = no<br>
override_cert_url = yes<br>
url = "<a href="http://127.0.0.1/ocsp/" target="_blank">http://127.0.0.1/ocsp/</a>"<br>
use_nonce = yes<br>
timeout = 0<br>
softfail = no<br>
}<br>
}<br>
Module: Linked to sub-module rlm_eap_ttls<br>
Module: Instantiating eap-ttls<br>
ttls {<br>
default_eap_type = "md5"<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
virtual_server = "inner-tunnel"<br>
include_length = yes<br>
}<br>
Module: Linked to sub-module rlm_eap_peap<br>
Module: Instantiating eap-peap<br>
peap {<br>
default_eap_type = "mschapv2"<br>
copy_request_to_tunnel = no<br>
use_tunneled_reply = no<br>
proxy_tunneled_request_as_eap = yes<br>
virtual_server = "inner-tunnel"<br>
soh = no<br>
}<br>
Module: Linked to sub-module rlm_eap_mschapv2<br>
Module: Instantiating eap-mschapv2<br>
mschapv2 {<br>
with_ntdomain_hack = no<br>
send_error = no<br>
}<br>
Module: Checking authorize {...} for more modules to load<br>
Module: Linked to module rlm_preprocess<br>
Module: Instantiating module "preprocess" from file<br>
/etc/freeradius/mods-enabled/preprocess<br>
preprocess {<br>
huntgroups = "/etc/freeradius/huntgroups"<br>
hints = "/etc/freeradius/hints"<br>
with_ascend_hack = no<br>
ascend_channels_per_line = 23<br>
with_ntdomain_hack = no<br>
with_specialix_jetstream_hack = no<br>
with_cisco_vsa_hack = no<br>
with_alvarion_vsa_hack = no<br>
}<br>
reading pairlist file /etc/freeradius/huntgroups<br>
reading pairlist file /etc/freeradius/hints<br>
Module: Linked to module rlm_realm<br>
Module: Instantiating module "suffix" from file<br>
/etc/freeradius/mods-enabled/realm<br>
realm suffix {<br>
format = "suffix"<br>
delimiter = "@"<br>
ignore_default = no<br>
ignore_null = no<br>
}<br>
Module: Linked to module rlm_files<br>
Module: Instantiating module "files" from file<br>
/etc/freeradius/mods-enabled/files<br>
files {<br>
usersfile = "/etc/freeradius/users"<br>
acctusersfile = "/etc/freeradius/acct_users"<br>
preproxy_usersfile = "/etc/freeradius/preproxy_users"<br>
compat = "no"<br>
}<br>
reading pairlist file /etc/freeradius/users<br>
reading pairlist file /etc/freeradius/acct_users<br>
reading pairlist file /etc/freeradius/preproxy_users<br>
Module: Checking preacct {...} for more modules to load<br>
Module: Linked to module rlm_acct_unique<br>
Module: Instantiating module "acct_unique" from file<br>
/etc/freeradius/mods-enabled/acct_unique<br>
acct_unique {<br>
key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier,<br>
NAS-Port"<br>
}<br>
Module: Checking accounting {...} for more modules to load<br>
Module: Linked to module rlm_detail<br>
Module: Instantiating module "detail" from file<br>
/etc/freeradius/mods-enabled/detail<br>
detail {<br>
detailfile =<br>
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d"<br>
header = "%t"<br>
detailperm = 384<br>
dirperm = 493<br>
locking = no<br>
log_packet_header = no<br>
}<br>
Module: Linked to module rlm_attr_filter<br>
Module: Instantiating module "attr_filter.accounting_response" from<br>
file /etc/freeradius/mods-enabled/attr_filter<br>
attr_filter attr_filter.accounting_response {<br>
attrsfile = "/etc/freeradius/attrs.accounting_response"<br>
key = "%{User-Name}"<br>
relaxed = no<br>
}<br>
reading pairlist file /etc/freeradius/attrs.accounting_response<br>
Module: Checking session {...} for more modules to load<br>
Module: Linked to module rlm_radutmp<br>
Module: Instantiating module "radutmp" from file<br>
/etc/freeradius/mods-enabled/radutmp<br>
radutmp {<br>
filename = "/var/log/freeradius/radutmp"<br>
username = "%{User-Name}"<br>
case_sensitive = yes<br>
check_with_nas = yes<br>
perm = 384<br>
callerid = yes<br>
}<br>
Module: Checking post-proxy {...} for more modules to load<br>
Module: Checking post-auth {...} for more modules to load<br>
Module: Instantiating module "attr_filter.access_reject" from file<br>
/etc/freeradius/mods-enabled/attr_filter<br>
attr_filter attr_filter.access_reject {<br>
attrsfile = "/etc/freeradius/attrs.access_reject"<br>
key = "%{User-Name}"<br>
relaxed = no<br>
}<br>
reading pair<br>
--<br>
Michele Pinassi<br>
Responsabile Telefonia di Ateneo<br>
Servizio Reti, Sistemi e Sicurezza Informatica - Universitą degli Studi<br>
di Siena<br>
tel: 0577.(23)2169 - fax: 0577.(23)2053<br>
<br>
Per trovare una soluzione rapida ai tuoi problemi tecnici<br>
consulta le FAQ di Ateneo, <a href="http://www.faq.unisi.it" target="_blank">http://www.faq.unisi.it</a><br>
<br>
</blockquote></div>