On 8/26/06, Alan DeKok <aland@deployingradius.com> wrote:
If you want EVERYONE to get an IP pool, do:
DEFAULT Pool-Name := "main_pool" Fall-Through = Yes
Alan DeKok.
I want that only "professors" gets an IP pool. I made this: DEFAULT Auth-Type = LDAP Fall-Through = 1 DEFAULT Pool-Name :="main_pool", Ldap-Group == "professor" Service-Type == Framed-User, Fall-Through = yes and it seems to work, it assign an IP but, the IP is not real assigned. He's a professor: ..... rad_recv: Access-Request packet from host 127.0.0.1:1039, id=0, length=220 User-Name = "prof1" CHAP-Challenge = 0xefc559504d3ba3c9fa54b43a24630c73 CHAP-Password = 0x006ddd83222dfe14d8bde3f858d2270462 NAS-IP-Address = 127.0.0.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = "00-02-C7-8F-A0-16" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Identifier = "localhost" Acct-Session-Id = "44f16e9a00000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Message-Authenticator = 0x27936b28337edbd63b0c974cd804f9d2 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=statistica,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/password to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfU$ Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (&(cn=professor)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfU$ Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=statistica,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group professor rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 176 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=statistica,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value C4-5A-5E-D0-1F-F4 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: C4-5A-5E-D0-1F-F4 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 modcall[authorize]: module "checkval" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 0 rlm_chap: login attempt by "prof1" with CHAP password rlm_chap: Using clear text password a for user prof1 authentication. rlm_chap: chap user prof1 authenticated succesfully modcall[authenticate]: module "chap" returns ok for request 0 modcall: leaving group CHAP (returns ok) for request 0 Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_ippool: Searching for an entry for nas/port: 127.0.0.1/1 rlm_ippool: Allocating ip to nas/port: 127.0.0.1/1 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.182.234 to client on nas 127.0.0.1,port 1 modcall[post-auth]: module "main_pool" returns ok for request 0 modcall: leaving group post-auth (returns ok) for request 0 modcall[post-auth]: module "main_pool" returns ok for request 0 modcall: leaving group post-auth (returns ok) for request 0 Sending Access-Accept of id 0 to 127.0.0.1 port 1039 Service-Type == Framed-User Framed-IP-Address = 192.168.182.234 Framed-IP-Netmask = 255.255.255.0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:1037, id=0, length=135 Acct-Status-Type = Start User-Name = "prof1" Calling-Station-Id = "00-02-C7-8F-A0-16" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" NAS-IP-Address = 127.0.0.1 NAS-Identifier = "localhost" Framed-IP-Address = 192.168.182.3 Acct-Session-Id = "44f16e9a00000001" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module "preprocess" returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "44f16e9a00000001",User-Name = "prof1"' rlm_acct_unique: Acct-Unique-Session-ID = "ef2fe80af19d1f1a". modcall[preacct]: module "acct_unique" returns ok for request 1 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 1 modcall[preacct]: module "files" returns noop for request 1 modcall: leaving group preacct (returns ok) for request 1 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060827' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060827 modcall[accounting]: module "detail" returns ok for request 1 modcall[accounting]: module "unix" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'prof1' modcall[accounting]: module "radutmp" returns ok for request 1 rlm_ippool: This is not an Accounting-Stop. Return NOOP. modcall[accounting]: module "main_pool" returns noop for request 1 modcall: leaving group accounting (returns ok) for request 1 Sending Accounting-Response of id 0 to 127.0.0.1 port 1037 Finished request 1 Going to the next request .......................... It seems to assign 192.168.182.234 but the user has 192.168.182.3 .... why it doesn't assing IP? Thanks Giusy