Assign Ip-Pool based on NAS-Ip-Address
I would like to assign IP addresses from pools based on which NAS the request comes from. Can I achieve this? Users are stored in LDAP and NAS on SQL.
Alan DeKok wrote:
Giovanni Lovato wrote:
I would like to assign IP addresses from pools based on which NAS the request comes from. Can I achieve this? Users are stored in LDAP and NAS on SQL.
See the sqlippool module.
What key on sqippool table should I set to make FR choose a pool based on NAS-IP-Address? The scenario is: 1. a NAS requires access for a user; 2. if FR doesn't find a Framed-IP-Address on user attributes, it should assign an IP from a pool depending which NAS the request comes from. I tried to set `nasipaddress' key on sqippool table but FR seems ignore it...
Giovanni Lovato wrote:
What key on sqippool table should I set to make FR choose a pool based on NAS-IP-Address?
Read the sqlippool.conf file? This IS documented.
The scenario is: 1. a NAS requires access for a user; 2. if FR doesn't find a Framed-IP-Address on user attributes, it should assign an IP from a pool depending which NAS the request comes from. I tried to set `nasipaddress' key on sqippool table but FR seems ignore it...
<sigh> Read the FAQ for "it doesn't work". Alan DeKok.
Users file: DEFAULT NAS-IP-Address == a.b.c.d, Pool-Name := thatNASpool Ivan Kalik Kalik Informatika ISP Dana 29/5/2008, "Giovanni Lovato" <giovanni.lovato@aldu.net> piše:
Alan DeKok wrote:
Giovanni Lovato wrote:
I would like to assign IP addresses from pools based on which NAS the request comes from. Can I achieve this? Users are stored in LDAP and NAS on SQL.
See the sqlippool module.
What key on sqippool table should I set to make FR choose a pool based on NAS-IP-Address? The scenario is: 1. a NAS requires access for a user; 2. if FR doesn't find a Framed-IP-Address on user attributes, it should assign an IP from a pool depending which NAS the request comes from. I tried to set `nasipaddress' key on sqippool table but FR seems ignore it...
I have problems with accented characters (and other like ç) in user passwords. My system is Fedora 8 with this localization [root@bidone ~]# locale LANG=it_IT.UTF-8 LC_CTYPE="it_IT.UTF-8" LC_NUMERIC="it_IT.UTF-8" LC_TIME="it_IT.UTF-8" LC_COLLATE="it_IT.UTF-8" LC_MONETARY="it_IT.UTF-8" LC_MESSAGES="it_IT.UTF-8" LC_PAPER="it_IT.UTF-8" LC_NAME="it_IT.UTF-8" LC_ADDRESS="it_IT.UTF-8" LC_TELEPHONE="it_IT.UTF-8" LC_MEASUREMENT="it_IT.UTF-8" LC_IDENTIFICATION="it_IT.UTF-8" When I try to autenticate with Username guest Password università I have this result: User-Name = "guest" User-Password = "universit\340" +- entering group authorize ++[preprocess] returns ok expand: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /usr/local/var/log/radius/radacct/150.217.4.65/auth-detail-20080529 rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/150.217.4.65/auth-detail-20080529 expand: %t -> Thu May 29 16:01:18 2008 ++[auth_log] returns ok ++[chap] returns noop ++[mschap] returns noop rlm_realm: No '@' in User-Name = "guest", looking up realm NULL rlm_realm: Found realm "NULL" rlm_realm: Adding Stripped-User-Name = "guest" rlm_realm: Adding Realm = "NULL" rlm_realm: Authentication realm is LOCAL. ++[suffix] returns noop rlm_eap: No EAP-Message, not doing EAP ++[eap] returns noop ++[unix] returns notfound users: Matched entry guest at line 206 ++[files] returns ok rlm_ldap: - authorize rlm_ldap: performing user authorization for guest WARNING: Deprecated conditional expansion ":-". See "man unlang" for details expand: (uid=%{Stripped-User-Name:-%{User-Name}}) -> (uid=guest) expand: dc=unifi, dc=it -> dc=unifi, dc=it rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to 150.217.6.106:389, authentication 0 rlm_ldap: bind as orclApplicationCommonName=radius,ou=services,dc=unifi,dc=it/radiusserver to 150.217.6.106:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in dc=unifi, dc=it, with filter (uid=guest) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 ++[ldap] returns notfound ++[expiration] returns noop ++[logintime] returns noop ++[pap] returns updated rad_check_password: Found Auth-Type auth: type "PAP" +- entering group PAP rlm_pap: login attempt with password "università" rlm_pap: Using clear text password "universitÃ?" rlm_pap: Passwords don't match ++[pap] returns reject auth: Failed to validate the user. Login incorrect (rlm_ldap: User not found): [guest/universit\340] (from client private port 0) WARNING: Unprintable characters in the password. Double-check the shared secret on the server and the NAS! Found Post-Auth-Type Reject +- entering group REJECT expand: %{User-Name} -> guest attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Waking up in 4.9 seconds. Cleaning up request 0 ID 30 with timestamp +6 Ready to process requests. Usually I use ldap for authorization but to become simpler I put the account in user file: guest Cleartext-Password := "università " As you can see ( User-Password = "universit\340") it sems like arrive at freeradius a wrong carachter: I try this autentication whith the software ntradping test utility on a windows XP system with a italian keyboard. Thanks for al the possible help. Gianfranco Ferrini CSIAF - Universita' di Firenze Area Operativa Servizio Reti Tel. 0554239306
Gianfranco Ferrini wrote:
I have problems with accented characters (and other like ç) in user passwords.
... when you don't use UTF-8.
When I try to autenticate with
Username guest Password università
I have this result:
User-Name = "guest" User-Password = "universit\340"
\340 is hex 0xE0, which is not a valid UTF-8 character.
Usually I use ldap for authorization but to become simpler
The LDAP module enforces the LDAP specification on strings, which is that they are UTF-8. Any character that is not UTF-8 is replaced with a hex equivalent (=e0), as defined by the specification.
I put the account in user file:
guest Cleartext-Password := "università "
Which should work, because the "users" file doesn't care about UTF-8. It just does string matching.
As you can see ( User-Password = "universit\340") it sems like arrive at freeradius a wrong carachter:
No. The character is 0xE0 (\340), and is not UTF-8. So it is not printed as 'à', because it is not valud.
I try this autentication whith the software ntradping test utility on a windows XP system with a italian keyboard.
Tell the XP system to use UTF-8, and not ISO-8859, or some other character encoding. Alan DeKok.
Am 29.05.2008 um 14:48 schrieb Gianfranco Ferrini:
I have problems with accented characters (and other like ç) in user passwords.
My system is Fedora 8 with this localization
[root@bidone ~]# locale LANG=it_IT.UTF-8 LC_CTYPE="it_IT.UTF-8" LC_NUMERIC="it_IT.UTF-8" LC_TIME="it_IT.UTF-8" LC_COLLATE="it_IT.UTF-8" LC_MONETARY="it_IT.UTF-8" LC_MESSAGES="it_IT.UTF-8" LC_PAPER="it_IT.UTF-8" LC_NAME="it_IT.UTF-8" LC_ADDRESS="it_IT.UTF-8" LC_TELEPHONE="it_IT.UTF-8" LC_MEASUREMENT="it_IT.UTF-8" LC_IDENTIFICATION="it_IT.UTF-8"
[...]
Usually I use ldap for authorization but to become simpler I put the account in user file:
guest Cleartext-Password := "università "
As you can see ( User-Password = "universit\340") it sems like arrive at freeradius a wrong carachter:
I try this autentication whith the software ntradping test utility on a windows XP system with a italian keyboard.
Thanks for al the possible help.
Octal 340 seems to be à in code page 1252, what seems to be expected for a Windows in Western Europe.
Gianfranco Ferrini CSIAF - Universita' di Firenze Area Operativa Servizio Reti Tel. 0554239306
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html
Have a nice day! Nicolas Goutte extragroup GmbH - Karlsruhe Waldstr. 49 76133 Karlsruhe Germany Geschäftsführer: Stephan Mönninghoff, Hans Martin Kern, Tilman Haerdle Registergericht: Amtsgericht Münster / HRB: 5624 Steuer Nr.: 337/5903/0421 / UstID: DE 204607841
participants (5)
-
Alan DeKok -
Gianfranco Ferrini -
Giovanni Lovato -
Ivan Kalik -
Nicolas Goutte