Hi all, I've tried to assign ip via ippool. I have freeradius 1.1.2 and i use chillispot as captive portal and OpenLdap to manage user. When i log in directly with default user (user "prova" , defined in users file) it seems to assign ip, but it really doesn't (the client doesn't obtain the assigned ip address). When i log in directly with an OpenLdap user, it says that can't find Pool-Name attribute. I will paste the output of "radiusd -X" whit the operation listed above and the conf files. Thanks in advance. Giusy radius -X ----------------------------------------------------------------------------- <!-- @page { size: 8.27in 11.69in; margin: 0.79in } P { margin-bottom: 0.08in } --> Starting - reading configuration files ... reread_config: reading radiusd.conf Config: including file: /usr/local/etc/raddb/proxy.conf Config: including file: /usr/local/etc/raddb/clients.conf Config: including file: /usr/local/etc/raddb/snmp.conf Config: including file: /usr/local/etc/raddb/eap.conf Config: including file: /usr/local/etc/raddb/sql.conf main: prefix = "/usr/local" main: localstatedir = "/usr/local/var" main: logdir = "/usr/local/var/log/radius" main: libdir = "/usr/local/lib" main: radacctdir = "/usr/local/var/log/radius/radacct" main: hostname_lookups = no main: max_request_time = 30 main: cleanup_delay = 5 main: max_requests = 1024 main: delete_blocked_requests = 0 main: port = 0 main: allow_core_dumps = no main: log_stripped_names = no main: log_file = "/usr/local/var/log/radius/radius.log" main: log_auth = no main: log_auth_badpass = no main: log_auth_goodpass = no main: pidfile = "/usr/local/var/run/radiusd/radiusd.pid" main: user = "(null)" main: group = "(null)" main: usercollide = no main: lower_user = "no" main: lower_pass = "no" main: nospace_user = "no" main: nospace_pass = "no" main: checkrad = "/usr/local/sbin/checkrad" main: proxy_requests = yes proxy: retry_delay = 5 proxy: retry_count = 3 proxy: synchronous = no proxy: default_fallback = yes proxy: dead_time = 120 proxy: post_proxy_authorize = no proxy: wake_all_if_all_dead = no security: max_attributes = 200 security: reject_delay = 1 security: status_server = no main: debug_level = 0 read_config_files: reading dictionary read_config_files: reading naslist Using deprecated naslist file. Support for this will go away soon. read_config_files: reading clients read_config_files: reading realms radiusd: entering modules setup Module: Library search path is /usr/local/lib Module: Loaded exec exec: wait = yes exec: program = "(null)" exec: input_pairs = "request" exec: output_pairs = "(null)" exec: packet_type = "(null)" rlm_exec: Wait=yes but no output defined. Did you mean output=none? Module: Instantiated exec (exec) Module: Loaded expr Module: Instantiated expr (expr) Module: Loaded PAP pap: encryption_scheme = "crypt" Module: Instantiated pap (pap) Module: Loaded CHAP Module: Instantiated chap (chap) Module: Loaded MS-CHAP mschap: use_mppe = yes mschap: require_encryption = no mschap: require_strong = no mschap: with_ntdomain_hack = no mschap: passwd = "(null)" mschap: ntlm_auth = "(null)" Module: Instantiated mschap (mschap) Module: Loaded System unix: cache = no unix: passwd = "(null)" unix: shadow = "(null)" unix: group = "(null)" unix: radwtmp = "/usr/local/var/log/radius/radwtmp" unix: usegroup = no unix: cache_reload = 600 Module: Instantiated unix (unix) Module: Loaded LDAP ldap: server = "localhost" ldap: port = 389 ldap: net_timeout = 1 ldap: timeout = 4 ldap: timelimit = 3 ldap: identity = "cn=Manager,dc=mydomain,dc=it" ldap: tls_mode = no ldap: start_tls = no ldap: tls_cacertfile = "(null)" ldap: tls_cacertdir = "(null)" ldap: tls_certfile = "(null)" ldap: tls_keyfile = "(null)" ldap: tls_randfile = "(null)" ldap: tls_require_cert = "allow" ldap: password = "xxxxxxx" ldap: basedn = "ou=statistica,dc=mydomain,dc=it" ldap: filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" ldap: base_filter = "(objectclass=radiusprofile)" ldap: default_profile = "(null)" ldap: profile_attribute = "(null)" ldap: password_header = "(null)" ldap: password_attribute = "userPassword" ldap: access_attr = "userPassword" ldap: groupname_attribute = "radiusGroupName" ldap: groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-UserDn})))" ldap: groupmembership_attribute = "(null)" ldap: dictionary_mapping = "/usr/local/etc/raddb/ldap.attrmap" ldap: ldap_debug = 0 ldap: ldap_connections_number = 5 ldap: compare_check_items = no ldap: access_attr_used_for_allow = yes ldap: do_xlat = yes ldap: set_auth_type = yes rlm_ldap: Registering ldap_groupcmp for Ldap-Group rlm_ldap: Registering ldap_xlat with xlat_name ldap rlm_ldap: reading ldap<->radius mappings from file /usr/local/etc/raddb/ldap.attrmap rlm_ldap: LDAP radiusCheckItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP radiusReplyItem mapped to RADIUS $GENERIC$ rlm_ldap: LDAP userPassword mapped to RADIUS User-Password rlm_ldap: LDAP radiusAuthType mapped to RADIUS Auth-Type rlm_ldap: LDAP radiusSimultaneousUse mapped to RADIUS Simultaneous-Use rlm_ldap: LDAP radiusCalledStationId mapped to RADIUS Called-Station-Id rlm_ldap: LDAP radiusCallingStationId mapped to RADIUS Calling-Station-Id rlm_ldap: LDAP lmPassword mapped to RADIUS LM-Password rlm_ldap: LDAP ntPassword mapped to RADIUS NT-Password rlm_ldap: LDAP acctFlags mapped to RADIUS SMB-Account-CTRL-TEXT rlm_ldap: LDAP radiusExpiration mapped to RADIUS Expiration rlm_ldap: LDAP radiusNASIpAddress mapped to RADIUS NAS-IP-Address rlm_ldap: LDAP radiusGroupName mapped to RADIUS Ldap-Group rlm_ldap: LDAP radiusServiceType mapped to RADIUS Service-Type rlm_ldap: LDAP radiusFramedProtocol mapped to RADIUS Framed-Protocol rlm_ldap: LDAP radiusFramedIPAddress mapped to RADIUS Framed-IP-Address rlm_ldap: LDAP radiusFramedIPNetmask mapped to RADIUS Framed-IP-Netmask rlm_ldap: LDAP radiusFramedRoute mapped to RADIUS Framed-Route rlm_ldap: LDAP radiusFramedRouting mapped to RADIUS Framed-Routing rlm_ldap: LDAP radiusFilterId mapped to RADIUS Filter-Id rlm_ldap: LDAP radiusFramedMTU mapped to RADIUS Framed-MTU rlm_ldap: LDAP radiusFramedCompression mapped to RADIUS Framed-Compression rlm_ldap: LDAP radiusLoginIPHost mapped to RADIUS Login-IP-Host rlm_ldap: LDAP radiusLoginService mapped to RADIUS Login-Service rlm_ldap: LDAP radiusLoginTCPPort mapped to RADIUS Login-TCP-Port rlm_ldap: LDAP radiusCallbackNumber mapped to RADIUS Callback-Number rlm_ldap: LDAP radiusCallbackId mapped to RADIUS Callback-Id rlm_ldap: LDAP radiusFramedIPXNetwork mapped to RADIUS Framed-IPX-Network rlm_ldap: LDAP radiusClass mapped to RADIUS Class rlm_ldap: LDAP radiusSessionTimeout mapped to RADIUS Session-Timeout rlm_ldap: LDAP radiusIdleTimeout mapped to RADIUS Idle-Timeout rlm_ldap: LDAP radiusTerminationAction mapped to RADIUS Termination-Action rlm_ldap: LDAP radiusLoginLATService mapped to RADIUS Login-LAT-Service rlm_ldap: LDAP radiusLoginLATNode mapped to RADIUS Login-LAT-Node rlm_ldap: LDAP radiusLoginLATGroup mapped to RADIUS Login-LAT-Group rlm_ldap: LDAP radiusFramedAppleTalkLink mapped to RADIUS Framed-AppleTalk-Link rlm_ldap: LDAP radiusFramedAppleTalkNetwork mapped to RADIUS Framed-AppleTalk-Network rlm_ldap: LDAP radiusFramedAppleTalkZone mapped to RADIUS Framed-AppleTalk-Zone rlm_ldap: LDAP radiusPortLimit mapped to RADIUS Port-Limit rlm_ldap: LDAP radiusLoginLATPort mapped to RADIUS Login-LAT-Port rlm_ldap: LDAP radiusReplyMessage mapped to RADIUS Reply-Message rlm_ldap: LDAP radiusTunnelType mapped to RADIUS Tunnel-Type rlm_ldap: LDAP radiusTunnelMediumType mapped to RADIUS Tunnel-Medium-Type rlm_ldap: LDAP radiusTunnelPrivateGroupId mapped to RADIUS Tunnel-Private-Group-Id conns: 0x8139940 Module: Instantiated ldap (ldap) Module: Loaded eap eap: default_eap_type = "md5" eap: timer_expire = 60 eap: ignore_unknown_eap_types = no eap: cisco_accounting_username_bug = no rlm_eap: Loaded and initialized type md5 rlm_eap: Loaded and initialized type leap gtc: challenge = "Password: " gtc: auth_type = "PAP" rlm_eap: Loaded and initialized type gtc tls: rsa_key_exchange = no tls: dh_key_exchange = yes tls: rsa_key_length = 512 tls: dh_key_length = 512 tls: verify_depth = 0 tls: CA_path = "(null)" tls: pem_file_type = yes tls: private_key_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: certificate_file = "/usr/local/etc/raddb/certs/cert-srv.pem" tls: CA_file = "/usr/local/etc/raddb/certs/demoCA/cacert.pem" tls: private_key_password = "whatever" tls: dh_file = "/usr/local/etc/raddb/certs/dh" tls: random_file = "/usr/local/etc/raddb/certs/random" tls: fragment_size = 1024 tls: include_length = yes tls: check_crl = no tls: check_cert_cn = "(null)" tls: cipher_list = "(null)" tls: check_cert_issuer = "(null)" rlm_eap_tls: Loading the certificate file as a chain rlm_eap: Loaded and initialized type tls ttls: default_eap_type = "md5" ttls: copy_request_to_tunnel = no ttls: use_tunneled_reply = no rlm_eap: Loaded and initialized type ttls mschapv2: with_ntdomain_hack = no rlm_eap: Loaded and initialized type mschapv2 Module: Instantiated eap (eap) Module: Loaded preprocess preprocess: huntgroups = "/usr/local/etc/raddb/huntgroups" preprocess: hints = "/usr/local/etc/raddb/hints" preprocess: with_ascend_hack = no preprocess: ascend_channels_per_line = 23 preprocess: with_ntdomain_hack = no preprocess: with_specialix_jetstream_hack = no preprocess: with_cisco_vsa_hack = no Module: Instantiated preprocess (preprocess) Module: Loaded realm realm: format = "suffix" realm: delimiter = "@" realm: ignore_default = no realm: ignore_null = no Module: Instantiated realm (suffix) Module: Loaded files files: usersfile = "/usr/local/etc/raddb/users" files: acctusersfile = "/usr/local/etc/raddb/acct_users" files: preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users" files: compat = "no" Module: Instantiated files (files) Module: Loaded checkval checkval: item-name = "Calling-Station-Id" checkval: check-name = "Calling-Station-Id" checkval: data-type = "string" checkval: notfound-reject = yes rlm_checkval: Registered name Calling-Station-Id for attribute 31 Module: Instantiated checkval (checkval) Module: Loaded Acct-Unique-Session-Id acct_unique: key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" Module: Instantiated acct_unique (acct_unique) Module: Loaded detail detail: detailfile = "/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d" detail: detailperm = 384 detail: dirperm = 493 detail: locking = no Module: Instantiated detail (detail) Module: Loaded radutmp radutmp: filename = "/usr/local/var/log/radius/radutmp" radutmp: username = "%{User-Name}" radutmp: case_sensitive = yes radutmp: check_with_nas = yes radutmp: perm = 384 radutmp: callerid = yes Module: Instantiated radutmp (radutmp) Module: Loaded IPPOOL ippool: session-db = "/usr/local/etc/raddb/db.ippool" ippool: ip-index = "/usr/local/etc/raddb/db.ipindex" ippool: range-start = 192.168.182.129 IP address [192.168.182.129] ippool: range-stop = 192.168.182.254 IP address [192.168.182.254] ippool: netmask = 255.255.255.0 IP address [255.255.255.0] ippool: cache-size = 800 ippool: override = no ippool: maximum-timeout = 0 Module: Instantiated ippool (main_pool) Listening on authentication *:1812 Listening on accounting *:1813 Ready to process requests. rad_recv: Access-Request packet from host 127.0.0.1:1043, id=0, length=215 User-Name = "prova" CHAP-Challenge = 0x55e75e2624e19c07877bcf36aa16c024 CHAP-Password = 0x002dcc1e416cd9f6b116102c3c3f65de71 NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.4 Calling-Station-Id = "00-16-C7-8F-A0-02" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Identifier = "nas01" Acct-Session-Id = "44f032f900000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Message-Authenticator = 0x1dc4e649177a2b3eda2541fe0d773729 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "prova", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry prova at line 80 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for prova radius_xlat: '(uid=prova)' radius_xlat: 'ou=statistica,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/xxxxxxx to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (uid=prova) rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns notfound for request 0 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-C7-8F-A0-02 rlm_checkval: Could not find attribute named Calling-Station-Id in check pairs modcall[authorize]: module "checkval" returns notfound for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied CHAP-Password matches local User-Password Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_ippool: Searching for an entry for nas/port: 0.0.0.0/1 rlm_ippool: Searching for an entry for nas/port: 0.0.0.0/1 rlm_ippool: Allocating ip to nas/port: 0.0.0.0/1 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.182.231 to client on nas 0.0.0.0,port 1 modcall[post-auth]: module "main_pool" returns ok for request 0 modcall: leaving group post-auth (returns ok) for request 0 Sending Access-Accept of id 0 to 127.0.0.1 port 1043 Service-Type = Framed-User Framed-IP-Address = 192.168.182.231 Framed-IP-Netmask = 255.255.255.0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:1041, id=0, length=130 Acct-Status-Type = Start User-Name = "prova" Calling-Station-Id = "00-16-C7-8F-A0-02" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.4 Acct-Session-Id = "44f032f900000001" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module "preprocess" returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "44f032f900000001",User-Name = "prova"' rlm_acct_unique: Acct-Unique-Session-ID = "6b96572558c4da26". modcall[preacct]: module "acct_unique" returns ok for request 1 rlm_realm: No '@' in User-Name = "prova", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 1 modcall[preacct]: module "files" returns noop for request 1 modcall: leaving group preacct (returns ok) for request 1 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826 modcall[accounting]: module "detail" returns ok for request 1 modcall[accounting]: module "unix" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'prova' modcall[accounting]: module "radutmp" returns ok for request 1 rlm_ippool: This is not an Accounting-Stop. Return NOOP. modcall[accounting]: module "main_pool" returns noop for request 1 modcall: leaving group accounting (returns ok) for request 1 Sending Accounting-Response of id 0 to 127.0.0.1 port 1041 Finished request 1 Going to the next request --- Walking the entire request list --- Cleaning up request 1 ID 0 with timestamp 44f0331f Waking up in 5 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 0 with timestamp 44f0331e Nothing to do. Sleeping until we see a request. rad_recv: Accounting-Request packet from host 127.0.0.1:1041, id=1, length=178 Acct-Status-Type = Stop User-Name = "prova" Calling-Station-Id = "00-16-C7-8F-A0-02" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.4 Acct-Session-Id = "44f032f900000001" Acct-Input-Octets = 2333 Acct-Output-Octets = 7498 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 23 Acct-Output-Packets = 27 Acct-Session-Time = 6 Acct-Terminate-Cause = User-Request Processing the preacct section of radiusd.conf modcall: entering group preacct for request 2 modcall[preacct]: module "preprocess" returns noop for request 2 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "44f032f900000001",User-Name = "prova"' rlm_acct_unique: Acct-Unique-Session-ID = "6b96572558c4da26". modcall[preacct]: module "acct_unique" returns ok for request 2 rlm_realm: No '@' in User-Name = "prova", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 2 modcall[preacct]: module "files" returns noop for request 2 modcall: leaving group preacct (returns ok) for request 2 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 2 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826 modcall[accounting]: module "detail" returns ok for request 2 modcall[accounting]: module "unix" returns ok for request 2 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'prova' modcall[accounting]: module "radutmp" returns ok for request 2 rlm_ippool: Searching for an entry for nas/port: 0.0.0.0/1 rlm_ippool: Deallocated entry for ip/port: 192.168.182.231/1 rlm_ippool: num: 0 modcall[accounting]: module "main_pool" returns ok for request 2 modcall: leaving group accounting (returns ok) for request 2 Sending Accounting-Response of id 1 to 127.0.0.1 port 1041 Finished request 2 Going to the next request --- Walking the entire request list --- Cleaning up request 2 ID 1 with timestamp 44f03325 Nothing to do. Sleeping until we see a request. rad_recv: Access-Request packet from host 127.0.0.1:1043, id=0, length=216 User-Name = "user1" CHAP-Challenge = 0x1669c921cccf393ea4c3cd6fb04cad51 CHAP-Password = 0x00998b87a9c04a1ae386929663e9f4fbff NAS-IP-Address = 0.0.0.0 Service-Type = Login-User Framed-IP-Address = 192.168.182.4 Calling-Station-Id = "00-16-C7-8F-A0-02" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Identifier = "nas01" Acct-Session-Id = "44f0332500000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Message-Authenticator = 0x8db3bf8679635fe3528607ab31299415 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 3 modcall[authorize]: module "preprocess" returns ok for request 3 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 3 modcall[authorize]: module "mschap" returns noop for request 3 rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 3 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 3 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=statistica,dc=mydomain,dc=it' radius_xlat: '(uid=user1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (uid=user1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dAntonio Piccolo\2cou\3dfaculty\2cou\3ddepartment\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dAntonio Piccolo\2cou\3dfaculty\2cou\3ddepartment\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (&(radiusGroupName=professor)(|(&(objectClass=GroupOfNames)(member=cn\3dAntonio Piccolo\2cou\3dfaculty\2cou\3ddepartment\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfUniqueNames)(uniquemember=cn\3dAntonio Piccolo\2cou\3dfaculty\2cou\3ddepartment\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap::ldap_groupcmp: Group professor not found or user is not a member. modcall[authorize]: module "files" returns ok for request 3 rlm_ldap: - authorize rlm_ldap: performing user authorization for user1 radius_xlat: '(uid=user1)' radius_xlat: 'ou=statistica,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (uid=user1) rlm_ldap: checking if remote access for user1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value C4-5A-5E-D0-1F-F4 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-16-C7-8F-A0-02 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user user1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-16-C7-8F-A0-02 rlm_checkval: Value Name: Calling-Station-Id, Value: C4-5A-5E-D0-1F-F4 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-16-C7-8F-A0-02 modcall[authorize]: module "checkval" returns ok for request 3 modcall: leaving group authorize (returns ok) for request 3 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 3 rlm_chap: login attempt by "user1" with CHAP password rlm_chap: Using clear text password a for user user1 authentication. rlm_chap: chap user user1 authenticated succesfully modcall[authenticate]: module "chap" returns ok for request 3 modcall: leaving group CHAP (returns ok) for request 3 Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 3 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "main_pool" returns noop for request 3 modcall: leaving group post-auth (returns noop) for request 3 Sending Access-Accept of id 0 to 127.0.0.1 port 1043 Finished request 3 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:1041, id=2, length=131 Acct-Status-Type = Start User-Name = "user1" Calling-Station-Id = "00-16-C7-8F-A0-02" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.4 Acct-Session-Id = "44f0332500000001" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 4 modcall[preacct]: module "preprocess" returns noop for request 4 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "44f0332500000001",User-Name = "user1"' rlm_acct_unique: Acct-Unique-Session-ID = "03b237c32d98c65e". modcall[preacct]: module "acct_unique" returns ok for request 4 rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 4 modcall[preacct]: module "files" returns noop for request 4 modcall: leaving group preacct (returns ok) for request 4 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 4 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826 modcall[accounting]: module "detail" returns ok for request 4 modcall[accounting]: module "unix" returns ok for request 4 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'user1' modcall[accounting]: module "radutmp" returns ok for request 4 rlm_ippool: This is not an Accounting-Stop. Return NOOP. modcall[accounting]: module "main_pool" returns noop for request 4 modcall: leaving group accounting (returns ok) for request 4 Sending Accounting-Response of id 2 to 127.0.0.1 port 1041 Finished request 4 Going to the next request Cleaning up request 4 ID 2 with timestamp 44f03347 Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:1041, id=3, length=179 Acct-Status-Type = Stop User-Name = "user1" Calling-Station-Id = "00-16-C7-8F-A0-02" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" NAS-IP-Address = 0.0.0.0 NAS-Identifier = "nas01" Framed-IP-Address = 192.168.182.4 Acct-Session-Id = "44f0332500000001" Acct-Input-Octets = 2328 Acct-Output-Octets = 7447 Acct-Input-Gigawords = 0 Acct-Output-Gigawords = 0 Acct-Input-Packets = 23 Acct-Output-Packets = 26 Acct-Session-Time = 6 Acct-Terminate-Cause = User-Request Processing the preacct section of radiusd.conf modcall: entering group preacct for request 5 modcall[preacct]: module "preprocess" returns noop for request 5 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 0.0.0.0,Acct-Session-Id = "44f0332500000001",User-Name = "user1"' rlm_acct_unique: Acct-Unique-Session-ID = "03b237c32d98c65e". modcall[preacct]: module "acct_unique" returns ok for request 5 rlm_realm: No '@' in User-Name = "user1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 5 modcall[preacct]: module "files" returns noop for request 5 modcall: leaving group preacct (returns ok) for request 5 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 5 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060826 modcall[accounting]: module "detail" returns ok for request 5 modcall[accounting]: module "unix" returns ok for request 5 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'user1' modcall[accounting]: module "radutmp" returns ok for request 5 rlm_ippool: Searching for an entry for nas/port: 0.0.0.0/1 rlm_ippool: Deallocated entry for ip/port: 192.168.182.231/1 modcall[accounting]: module "main_pool" returns ok for request 5 modcall: leaving group accounting (returns ok) for request 5 Sending Accounting-Response of id 3 to 127.0.0.1 port 1041 Finished request 5 Going to the next request --- Walking the entire request list --- Cleaning up request 3 ID 0 with timestamp 44f03347 Cleaning up request 5 ID 3 with timestamp 44f0334d Nothing to do. Sleeping until we see a request. ----------------------------------------------------------------------------- Ldap user ================================ dn: cn=AntonioPiccolo,ou=faculty,ou=department,ou=statistica,dc=mydomain,dc=it uid: user1 objectClass: top objectClass: inetOrgPerson objectClass: radiusprofile sn: Piccolo cn: AntonioPiccolo structuralObjectClass: inetOrgPerson entryUUID: 495881e0-addd-102a-9362-d731fc0d1eff creatorsName: cn=Manager,dc=mydomain,dc=it createTimestamp: 20060722145122Z userPassword:: YQ== radiusCallingStationId: C4-5A-5E-D0-1F-F4 radiusCallingStationId: 00-02-C7-8F-A0-16 radiusGroupName: professor entryCSN: 20060826113921Z#000000#00#000000 modifiersName: cn=Manager,dc=mydomain,dc=it modifyTimestamp: 20060826113921Z ---------------------------------------------------------------------------------------------------------- radius.conf ........... modules { ........... ldap { server="localhost" port="389" identity = "cn=Manager,dc=uniroma1,dc=it" password = P1PP3R0 basedn="ou=statistica,dc=uniroma1,dc=it" filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" start_tls = no access_attr = "userPassword" dictionary_mapping = ${raddbdir}/ldap.attrmap authtype = ldap ldap_connections_number = 5 password_attribute = userPassword groupname_attribute = radiusGroupName timeout = 4 timelimit = 3 net_timeout = 1 } .................... } ippool main_pool { range-start = 192.168.182.129 range-stop = 192.168.182.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } accounting { detail unix main_pool } post-auth { main_pool } --------------------------------------------------------------- users prova Pool-Name:="main_pool", Auth-Type := Local, User-Password == "a" Service-Type = Framed-User, Fall-Through = no DEFAULT Auth-Type = System Fall-Through = 1 DEFAULT Ldap-Group == professor, Pool-Name :="main_pool" Service-Type == Framed-User, Fall-Through = no DEFAULT Service-Type == Framed-User Framed-IP-Address = 255.255.255.254, Framed-MTU = 576, Service-Type = Framed-User, Fall-Through = Yes DEFAULT Framed-Protocol == PPP Framed-Protocol = PPP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "CSLIP" Framed-Protocol = SLIP, Framed-Compression = Van-Jacobson-TCP-IP DEFAULT Hint == "SLIP" Framed-Protocol = SLIP -------------------------------------------------------------------------------------------- ldap.attrmap checkItem $GENERIC$ radiusCheckItem replyItem $GENERIC$ radiusReplyItem checkItem User-Password userPassword checkItem Auth-Type radiusAuthType checkItem Simultaneous-Use radiusSimultaneousUse checkItem Called-Station-Id radiusCalledStationId checkItem Calling-Station-Id radiusCallingStationId checkItem LM-Password lmPassword checkItem NT-Password ntPassword checkItem SMB-Account-CTRL-TEXT acctFlags checkItem Expiration radiusExpiration checkItem NAS-IP-Address radiusNASIpAddress checkItem Ldap-Group radiusGroupName replyItem Service-Type radiusServiceType replyItem Framed-Protocol radiusFramedProtocol replyItem Framed-IP-Address radiusFramedIPAddress replyItem Framed-IP-Netmask radiusFramedIPNetmask replyItem Framed-Route radiusFramedRoute replyItem Framed-Routing radiusFramedRouting replyItem Filter-Id radiusFilterId replyItem Framed-MTU radiusFramedMTU replyItem Framed-Compression radiusFramedCompression replyItem Login-IP-Host radiusLoginIPHost replyItem Login-Service radiusLoginService replyItem Login-TCP-Port radiusLoginTCPPort replyItem Callback-Number radiusCallbackNumber replyItem Callback-Id radiusCallbackId replyItem Framed-IPX-Network radiusFramedIPXNetwork replyItem Class radiusClass replyItem Session-Timeout radiusSessionTimeout replyItem Idle-Timeout radiusIdleTimeout replyItem Termination-Action radiusTerminationAction replyItem Login-LAT-Service radiusLoginLATService replyItem Login-LAT-Node radiusLoginLATNode replyItem Login-LAT-Group radiusLoginLATGroup replyItem Framed-AppleTalk-Link radiusFramedAppleTalkLink replyItem Framed-AppleTalk-Network radiusFramedAppleTalkNetwork replyItem Framed-AppleTalk-Zone radiusFramedAppleTalkZone replyItem Port-Limit radiusPortLimit replyItem Login-LAT-Port radiusLoginLATPort replyItem Reply-Message radiusReplyMessage ------------------------------------------------------------------------------------------------------
"Giuseppina Venezia" <giusy.venezia@gmail.com> wrote:
When i log in directly with default user (user "prova" , defined in users file) it seems to assign ip, but it really doesn't (the client doesn't obtain the assigned ip address). When i log in directly with an OpenLdap user, it says that can't find Pool-Name attribute.
You have to tell the server which pool to use. See the rlm_ippool documentation. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
You have to tell the server which pool to use. See the rlm_ippool documentation.
Alan DeKok.
Ok,thanks Alan I've read the documentation about rlm_ippool on freeradius wiki and in particular http://wiki.freeradious.org/index.php/Ippool_and_radius_clients (I've not found rlm_ippool documentation in freeradius installed docs). Now I've specified the NAS-IP-Address and NAS-Identifier in chillispot, with the same results when I try to login with this user: prova Pool-Name:="main_pool", Auth-Type := Local, User-Password == "a" Service-Type = Framed-User, Fall-Through = no defined in users file This is the new output: rlm_ippool: Searching for an entry for nas/port: 127.0.0.1/1 rlm_ippool: Searching for an entry for nas/port: 127.0.0.1/1 rlm_ippool: Allocating ip to nas/port: 127.0.0.1/1 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.182.138 to client on nas 127.0.0.1,port 1 modcall[post-auth]: module "main_pool" returns ok for request 0 modcall: leaving group post-auth (returns ok) for request 0 Sending Access-Accept of id 0 to 127.0.0.1 port 1061 Service-Type = Framed-User Framed-IP-Address = 192.168.182.138 Framed-IP-Netmask = 255.255.255.0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:1059, id=0, length=134 Acct-Status-Type = Start User-Name = "prova" Calling-Station-Id = "00-02-C7-8F-A0-16" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" NAS-IP-Address = 127.0.0.1 NAS-Identifier = "localhost" Framed-IP-Address = 192.168.182.3 Acct-Session-Id = "44f0825400000001" Processing the preacct section of radiusd.conf When I try to login with LDAP users the debug says that can't find Pool-Name attribute (but as shown in the first post) Pool-Name attribute is set in the users file. What's wrong in the first and in the second cases? Thanks, Giusy
"Giuseppina Venezia" <giusy.venezia@gmail.com> wrote:
prova Pool-Name:="main_pool", Auth-Type := Local, User-Password == "a"
<sigh> What has to be done to convince people not to set Auth-Type?
When I try to login with LDAP users the debug says that can't find Pool-Name attribute (but as shown in the first post) Pool-Name attribute is set in the users file.
It's set only for people who aren't using LDAP. If you want EVERYONE to get an IP pool, do: DEFAULT Pool-Name := "main_pool" Fall-Through = Yes Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
On 8/26/06, Alan DeKok <aland@deployingradius.com> wrote:
If you want EVERYONE to get an IP pool, do:
DEFAULT Pool-Name := "main_pool" Fall-Through = Yes
Alan DeKok.
I want that only "professors" gets an IP pool. I made this: DEFAULT Auth-Type = LDAP Fall-Through = 1 DEFAULT Pool-Name :="main_pool", Ldap-Group == "professor" Service-Type == Framed-User, Fall-Through = yes and it seems to work, it assign an IP but, the IP is not real assigned. He's a professor: ..... rad_recv: Access-Request packet from host 127.0.0.1:1039, id=0, length=220 User-Name = "prof1" CHAP-Challenge = 0xefc559504d3ba3c9fa54b43a24630c73 CHAP-Password = 0x006ddd83222dfe14d8bde3f858d2270462 NAS-IP-Address = 127.0.0.1 Service-Type = Login-User Framed-IP-Address = 192.168.182.3 Calling-Station-Id = "00-02-C7-8F-A0-16" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Identifier = "localhost" Acct-Session-Id = "44f16e9a00000001" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 Message-Authenticator = 0x27936b28337edbd63b0c974cd804f9d2 WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff" Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 rlm_chap: Setting 'Auth-Type := CHAP' modcall[authorize]: module "chap" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry DEFAULT at line 154 rlm_ldap: Entering ldap_groupcmp() radius_xlat: 'ou=statistica,dc=mydomain,dc=it' radius_xlat: '(uid=prof1)' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to localhost:389, authentication 0 rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/password to localhost:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: ldap_release_conn: Release Id: 0 radius_xlat: '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfU$ Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit)))' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (&(cn=professor)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfU$ Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit)))) rlm_ldap: object not found or got ambiguous search result rlm_ldap: ldap_release_conn: Release Id: 0 rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in cn=Maurizio Costanzo,ou=faculty,ou=dspsa,ou=statistica,dc=mydomain,dc=it, with filter (objectclass=*) rlm_ldap::ldap_groupcmp: User found in group professor rlm_ldap: ldap_release_conn: Release Id: 0 users: Matched entry DEFAULT at line 176 modcall[authorize]: module "files" returns ok for request 0 rlm_ldap: - authorize rlm_ldap: performing user authorization for prof1 radius_xlat: '(uid=prof1)' radius_xlat: 'ou=statistica,dc=mydomain,dc=it' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with filter (uid=prof1) rlm_ldap: checking if remote access for prof1 is allowed by userPassword rlm_ldap: Added password a in check items rlm_ldap: looking for check items in directory... rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value C4-5A-5E-D0-1F-F4 & op=21 rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value 00-02-C7-8F-A0-16 & op=21 rlm_ldap: Adding userPassword as User-Password, value a & op=21 rlm_ldap: looking for reply items in directory... rlm_ldap: user prof1 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 0 rlm_checkval: Item Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 rlm_checkval: Value Name: Calling-Station-Id, Value: C4-5A-5E-D0-1F-F4 rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16 modcall[authorize]: module "checkval" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 rad_check_password: Found Auth-Type CHAP auth: type "CHAP" Processing the authenticate section of radiusd.conf modcall: entering group CHAP for request 0 rlm_chap: login attempt by "prof1" with CHAP password rlm_chap: Using clear text password a for user prof1 authentication. rlm_chap: chap user prof1 authenticated succesfully modcall[authenticate]: module "chap" returns ok for request 0 modcall: leaving group CHAP (returns ok) for request 0 Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_ippool: Searching for an entry for nas/port: 127.0.0.1/1 rlm_ippool: Allocating ip to nas/port: 127.0.0.1/1 rlm_ippool: num: 1 rlm_ippool: Allocated ip 192.168.182.234 to client on nas 127.0.0.1,port 1 modcall[post-auth]: module "main_pool" returns ok for request 0 modcall: leaving group post-auth (returns ok) for request 0 modcall[post-auth]: module "main_pool" returns ok for request 0 modcall: leaving group post-auth (returns ok) for request 0 Sending Access-Accept of id 0 to 127.0.0.1 port 1039 Service-Type == Framed-User Framed-IP-Address = 192.168.182.234 Framed-IP-Netmask = 255.255.255.0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Accounting-Request packet from host 127.0.0.1:1037, id=0, length=135 Acct-Status-Type = Start User-Name = "prof1" Calling-Station-Id = "00-02-C7-8F-A0-16" Called-Station-Id = "00-50-BF-E3-E8-2A" NAS-Port-Type = Wireless-802.11 NAS-Port = 1 NAS-Port-Id = "00000001" NAS-IP-Address = 127.0.0.1 NAS-Identifier = "localhost" Framed-IP-Address = 192.168.182.3 Acct-Session-Id = "44f16e9a00000001" Processing the preacct section of radiusd.conf modcall: entering group preacct for request 1 modcall[preacct]: module "preprocess" returns noop for request 1 rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address = 127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id = "44f16e9a00000001",User-Name = "prof1"' rlm_acct_unique: Acct-Unique-Session-ID = "ef2fe80af19d1f1a". modcall[preacct]: module "acct_unique" returns ok for request 1 rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL rlm_realm: No such realm "NULL" modcall[preacct]: module "suffix" returns noop for request 1 modcall[preacct]: module "files" returns noop for request 1 modcall: leaving group preacct (returns ok) for request 1 Processing the accounting section of radiusd.conf modcall: entering group accounting for request 1 radius_xlat: '/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060827' rlm_detail: /usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060827 modcall[accounting]: module "detail" returns ok for request 1 modcall[accounting]: module "unix" returns ok for request 1 radius_xlat: '/usr/local/var/log/radius/radutmp' radius_xlat: 'prof1' modcall[accounting]: module "radutmp" returns ok for request 1 rlm_ippool: This is not an Accounting-Stop. Return NOOP. modcall[accounting]: module "main_pool" returns noop for request 1 modcall: leaving group accounting (returns ok) for request 1 Sending Accounting-Response of id 0 to 127.0.0.1 port 1037 Finished request 1 Going to the next request .......................... It seems to assign 192.168.182.234 but the user has 192.168.182.3 .... why it doesn't assing IP? Thanks Giusy
"Giuseppina Venezia" <giusy.venezia@gmail.com> wrote:
I want that only "professors" gets an IP pool. I made this: ... and it seems to work, it assign an IP but, the IP is not real assigned.
OK...
Sending Access-Accept of id 0 to 127.0.0.1 port 1039 Service-Type == Framed-User Framed-IP-Address = 192.168.182.234 Framed-IP-Netmask = 255.255.255.0
So everything works as configured. Wonderful!
It seems to assign 192.168.182.234 but the user has 192.168.182.3 .... why it doesn't assing IP?
Ask the NAS. At this point, it looks like you have the server configured correctly, and it's doing what you want. But the *NAS* isn't doing what you want. Please don't blame FreeRADIUS for that. Read the NAS documentation to see what magic is required to get it to accept the IP address from FreeRADIUS. And after a *large* number of messages, it looks like you have a clear approach to solving the problem. This is why we suggest posting full debug logs at the start, along with descriptions of what you expect should be happening. It makes solving the problem infinitely easier. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Many thanks Alan for your fundamental help,without your help I could not have done very much. This forum owns all the characteristics that an ideal forum should have: swiftness,clearness and efficiency. Thanks Again Best Regards,Giusy
On 8/27/06, Alan DeKok <aland@deployingradius.com> wrote:
Read the NAS documentation to see what magic is required to get it to accept the IP address from FreeRADIUS.
Alan, excuse me for a question, I have read documentation but i think that it's impossible to do it with chillispot, it's real? There isn't opensource NAS that can do it? Thanks Giusy
"Giuseppina Venezia" <giusy.venezia@gmail.com> wrote:
Alan, excuse me for a question, I have read documentation but i think that it's impossible to do it with chillispot, it's real? There isn't opensource NAS that can do it?
No idea, sorry. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Giuseppina Venezia