Hi all, i've just installed a FreeRadius server 2.2.0 with DHCP support because i need a dhcp server that use MySQL ad a backend. My network topology is: eth0 inet addr:193.205.4.xxx [PUBLIC] eth1 inet addr:172.20.1.2 [PRIVATE] all dhcp requests and reply should come from eth1. Here is freeradius -X dump: FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20 2012 at 13:37:59 Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/smsotp including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/ldap including configuration file /etc/freeradius/mods-enabled/counter including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/otp including configuration file /etc/freeradius/mods-enabled/inner-eap including configuration file /etc/freeradius/mods-enabled/acct_unique including configuration file /etc/freeradius/mods-enabled/wimax including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/etc_group including configuration file /etc/freeradius/mods-enabled/redis including configuration file /etc/freeradius/mods-enabled/cui including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/cache including configuration file /etc/freeradius/mods-enabled/mac2ip including configuration file /etc/freeradius/mods-enabled/dhcp_sqlippool including configuration file /etc/freeradius/sql/mysql/ippool-dhcp.conf including configuration file /etc/freeradius/mods-enabled/policy including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/smbpasswd including configuration file /etc/freeradius/mods-enabled/ippool including configuration file /etc/freeradius/mods-enabled/rediswho including configuration file /etc/freeradius/mods-enabled/pam including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/detail.example.com including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/mac2vlan including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/checkval including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/krb5 including configuration file /etc/freeradius/mods-enabled/sql_log including configuration file /etc/freeradius/mods-enabled/attr_rewrite including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/perl including configuration file /etc/freeradius/mods-enabled/radrelay including configuration file /etc/freeradius/mods-enabled/sqlcounter_expire_on_login including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/opendirectory including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sqlippool.conf including configuration file /etc/freeradius/sql/mysql/ippool.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/dhcp including configuration file /etc/freeradius/sites-enabled/default main { user = "root" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/mods-enabled/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/mods-enabled/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/mods-enabled/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/huntgroups reading pairlist file /etc/freeradius/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/mods-enabled/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } reading pairlist file /etc/freeradius/users reading pairlist file /etc/freeradius/acct_users reading pairlist file /etc/freeradius/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/mods-enabled/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.access_reject } # modules } # server server dhcp { # from file /etc/freeradius/sites-enabled/dhcp modules { Module: Checking dhcp DHCP-Discover {...} for more modules to load Module: Loading virtual module dhcp_sqlippool.post-auth Module: Linked to module rlm_sqlippool Module: Instantiating module "dhcp_sqlippool" from file /etc/freeradius/mods-enabled/dhcp_sqlippool sqlippool dhcp_sqlippool { sql-instance-name = "sql" lease-duration = 7200 pool-name = "" allocate-begin = "START TRANSACTION" allocate-clear = "UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE expiry_time <= NOW() - INTERVAL 1 SECOND " allocate-find = "SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND ( (callingstationid = '%{Calling-Station-Id}') OR (expiry_time < NOW() OR expiry_time IS NULL) ) ORDER BY (callingstationid = '%{Calling-Station-Id}') DESC, expiry_time DESC LIMIT 1 FOR UPDATE" allocate-update = "UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{Calling-Station-Id}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', calledstationid = 'Freeradius-DHCP', expiry_time = GREATEST( IF(ISNULL(expiry_time),'0000-00-00 00:00:00',expiry_time), NOW() + INTERVAL 7200 SECOND) WHERE framedipaddress = '%I' AND ( (callingstationid = '%{Calling-Station-Id}') OR (expiry_time < NOW() OR expiry_time IS NULL) ) " allocate-commit = "COMMIT" allocate-rollback = "ROLLBACK" pool-check = "SELECT id FROM radippool WHERE pool_name='%{control:Pool-Name}' LIMIT 1" start-begin = "START TRANSACTION" start-update = "SELECT NOW()" start-commit = "COMMIT" start-rollback = "ROLLBACK" alive-begin = "START TRANSACTION" alive-update = "SELECT NOW()" alive-commit = "COMMIT" alive-rollback = "ROLLBACK" stop-begin = "START TRANSACTION" stop-clear = "SELECT NOW()" stop-commit = "COMMIT" stop-rollback = "ROLLBACK" on-begin = "START TRANSACTION" on-clear = "SELECT NOW()" on-commit = "COMMIT" on-rollback = "ROLLBACK" off-begin = "START TRANSACTION" off-clear = "SELECT NOW()" off-commit = "COMMIT" off-rollback = "ROLLBACK" sqlippool_log_exists = "DHCP: Existing IP: %{reply:Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_success = "DHCP: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_clear = "DHCP: Released IP %{Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name})" sqlippool_log_failed = "DHCP: IP Allocation FAILED from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" sqlippool_log_nopool = "DHCP: No Pool-Name defined (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})" defaultpool = "main_pool" } Module: Linked to module rlm_sql Module: Instantiating module "sql" from file /etc/freeradius/sql.conf sql { driver = "rlm_sql_mysql" server = "xxx" port = "3306" login = "xxx" password = "xxxx" radius_db = "xxx" read_groups = yes sqltrace = no sqltracefile = "/var/log/freeradius/sqltrace.sql" readclients = no deletestalesessions = yes num_sql_socks = 5 lifetime = 0 max_queries = 0 sql_user_name = "" default_user_profile = "" nas_query = "SELECT id,nasname,shortname,type,secret FROM nas" authorize_check_query = "" authorize_group_check_query = "" authorize_group_reply_query = "" accounting_onoff_query = "" accounting_update_query = "" accounting_update_query_alt = "" accounting_start_query = "" accounting_start_query_alt = "" accounting_stop_query = "" accounting_stop_query_alt = "" connect_failure_retry_delay = 60 simul_count_query = "" simul_verify_query = "" postauth_query = "" safe-characters = "@abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-_: /" } rlm_sql (sql): Driver rlm_sql_mysql (module rlm_sql_mysql) loaded and linked rlm_sql (sql): Attempting to connect to voip@mysql.unisi.it:3306/opensips rlm_sql (sql): starting 0 rlm_sql (sql): Attempting to connect rlm_sql_mysql #0 rlm_sql_mysql: Starting connect to MySQL server for #0 rlm_sql (sql): Connected new DB handle, #0 rlm_sql (sql): starting 1 rlm_sql (sql): Attempting to connect rlm_sql_mysql #1 rlm_sql_mysql: Starting connect to MySQL server for #1 rlm_sql (sql): Connected new DB handle, #1 rlm_sql (sql): starting 2 rlm_sql (sql): Attempting to connect rlm_sql_mysql #2 rlm_sql_mysql: Starting connect to MySQL server for #2 rlm_sql (sql): Connected new DB handle, #2 rlm_sql (sql): starting 3 rlm_sql (sql): Attempting to connect rlm_sql_mysql #3 rlm_sql_mysql: Starting connect to MySQL server for #3 rlm_sql (sql): Connected new DB handle, #3 rlm_sql (sql): starting 4 rlm_sql (sql): Attempting to connect rlm_sql_mysql #4 rlm_sql_mysql: Starting connect to MySQL server for #4 rlm_sql (sql): Connected new DB handle, #4 Module: Linked to module rlm_always Module: Instantiating module "ok" from file /etc/freeradius/mods-enabled/always always ok { rcode = "ok" simulcount = 0 mpp = no } Module: Checking dhcp DHCP-Request {...} for more modules to load Module: Loading virtual module dhcp_sqlippool.post-auth Module: Checking dhcp (null) {...} for more modules to load /etc/freeradius/sites-enabled/dhcp[67]: No name specified for Post-Auth-Type block } # modules } # server radiusd: #### Opening IP addresses and Ports #### listen { type = "dhcp" ipaddr = 255.255.255.255 port = 67 } Listening on dhcp interface eth1 address 255.255.255.255 port 67 as server dhcp Ready to process requests. and here is the DHCP request: Received DHCP-Discover of id 022e173c from 0.0.0.0:68 to 255.255.255.255:67 DHCP-Opcode = Client-Message DHCP-Hardware-Type = Ethernet DHCP-Hardware-Address-Length = 6 DHCP-Hop-Count = 0 DHCP-Transaction-Id = 36575036 DHCP-Number-of-Seconds = 0 DHCP-Flags = 0 DHCP-Client-IP-Address = 0.0.0.0 DHCP-Your-IP-Address = 0.0.0.0 DHCP-Server-IP-Address = 0.0.0.0 DHCP-Gateway-IP-Address = 0.0.0.0 DHCP-Client-Hardware-Address = 00:04:13:71:11:65 DHCP-Message-Type = DHCP-Discover DHCP-Parameter-Request-List = DHCP-Subnet-Mask DHCP-Parameter-Request-List = DHCP-Router-Address DHCP-Parameter-Request-List = DHCP-Time-Server DHCP-Parameter-Request-List = DHCP-Domain-Name-Server DHCP-Parameter-Request-List = DHCP-Hostname DHCP-Parameter-Request-List = DHCP-Domain-Name DHCP-Parameter-Request-List = DHCP-NTP-Servers DHCP-Parameter-Request-List = DHCP-Vendor DHCP-Parameter-Request-List = DHCP-IP-Address-Lease-Time DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name DHCP-Parameter-Request-List = DHCP-Boot-File-Name DHCP-Parameter-Request-List = DHCP-SIP-Servers-DHCP-Option DHCP-Parameter-Request-List = DHCP-V-I-Vendor-Specific DHCP-Parameter-Request-List = DHCP-IEEE-802.1P-VLAN-ID DHCP-Parameter-Request-List = DHCP-IEEE-802.1Q-L2-Priority DHCP-Vendor-Class-Identifier = "snom760" DHCP-Hostname = "snom760-711165" DHCP-V-I-Vendor-Specific = 0x00000de919010630303034313302063731313136350307736e6f6d373630 server dhcp { Trying sub-section dhcp DHCP-Discover {...} +- entering group DHCP-Discover {...} ++[reply] returns noop ++[reply] returns noop ++- entering policy dhcp_sqlippool.post-auth {...} +++[control] returns noop expand: DHCP-%{DHCP-Client-Hardware-Address} -> DHCP-00:04:13:71:11:65 expand: %{DHCP-Client-Hardware-Address} -> 00:04:13:71:11:65 expand: %{DHCP-Gateway-IP-Address} -> 0.0.0.0 expand: %{%{DHCP-Gateway-IP-Address}:-127.0.0.1} -> 0.0.0.0 +++[request] returns noop rlm_sql (sql): Reserving sql socket id: 4 [dhcp_sqlippool] expand: START TRANSACTION -> START TRANSACTION [dhcp_sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE expiry_time <= NOW() - INTERVAL 1 SECOND -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NULL WHERE expiry_time <= NOW() - INTERVAL 1 SECOND [dhcp_sqlippool] expand: SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND ( (callingstationid = '%{Calling-Station-Id}') OR (expiry_time < NOW() OR expiry_time IS NULL) ) ORDER BY (callingstationid = '%{Calling-Station-Id}') DESC, expiry_time DESC LIMIT 1 FOR UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name = 'main_pool' AND ( (callingstationid = '00:04:13:71:11:65') OR (expiry_time < NOW() OR expiry_time IS NULL) ) ORDER BY (callingstationid = '00:04:13:71:11:65') DESC, expiry_time DESC LIMIT 1 FOR UPDATE [dhcp_sqlippool] expand: UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{Calling-Station-Id}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', calledstationid = 'Freeradius-DHCP', expiry_time = GREATEST( IF(ISNULL(expiry_time),'0000-00-00 00:00:00',expiry_time), NOW() + INTERVAL 7200 SECOND) WHERE framedipaddress = '172.20.1.20' AND ( (callingstationid = '%{Calling-Station-Id}') OR (expiry_time < NOW() OR expiry_time IS NULL) ) -> UPDATE radippool SET nasipaddress = '0.0.0.0', pool_key = '00:04:13:71:11:65', callingstationid = '00:04:13:71:11:65', username = 'DHCP-00:04:13:71:11:65', calledstationid = 'Freeradius-DHCP', expiry_time = GREATEST( IF(ISNULL(expiry_time),'0000-00-00 00:00:00',expiry_time), NOW() + INTERVAL 7200 SECOND) WHERE framedipaddress = '172.20.1.20' AND ( (callingstationid = '00:04:13:71:11:65') OR (expiry_time < NOW() OR expiry_time IS NULL) ) [dhcp_sqlippool] Allocated IP 172.20.1.20 [140114ac] [dhcp_sqlippool] expand: COMMIT -> COMMIT rlm_sql (sql): Released sql socket id: 4 [dhcp_sqlippool] expand: DHCP: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> DHCP: Allocated IP: 172.20.1.20 from main_pool (did cli 00:04:13:71:11:65 port user DHCP-00:04:13:71:11:65) DHCP: Allocated IP: 172.20.1.20 from main_pool (did cli 00:04:13:71:11:65 port user DHCP-00:04:13:71:11:65) +++[dhcp_sqlippool] returns ok +++? if (ok) ? Evaluating (ok) -> TRUE +++? if (ok) -> TRUE +++- entering if (ok) {...} expand: %{reply:Framed-IP-Address} -> 172.20.1.20 ++++[reply] returns ok +++- if (ok) returns ok ++- policy dhcp_sqlippool.post-auth returns ok ++[ok] returns ok } # server dhcp DHCP-Subnet-Mask = 255.255.0.0 DHCP-Router-Address = 172.20.1.1 DHCP-Time-Server = 172.20.1.2 DHCP-Domain-Name-Server = 172.20.1.2 DHCP-Hostname = "voip.unisi.it" DHCP-Domain-Name = "voip.unisi.it" DHCP-NTP-Servers = 172.20.1.2 DHCP-IP-Address-Lease-Time = 7200 DHCP-DHCP-Server-Identifier = 172.20.1.2 DHCP-TFTP-Server-Name = "tftp://172.20.1.2" Sending DHCP-Offer of id 022e173c from 255.255.255.255:67 to 172.20.1.20:68 Finished request 0. Cleaning up request 0 ID 36575036 with timestamp +2 Going to the next request Ready to process requests. but TCPDUMP (and the phone, that didn't receive the reply) say: 10:40:34.484198 IP (tos 0x0, ttl 128, id 0, offset 0, flags [none], proto UDP (17), length 346) 0.0.0.0.bootpc > 255.255.255.255.bootps: [no cksum] BOOTP/DHCP, Request from 00:04:13:71:11:65 (oui Unknown), length 318, xid 0x22e173c, Flags [none] (0x0000) Client-Ethernet-Address 00:04:13:71:11:65 (oui Unknown) Vendor-rfc1048 Extensions Magic Cookie 0x63825363 DHCP-Message Option 53, length 1: Discover Parameter-Request Option 55, length 15: Subnet-Mask, Default-Gateway, Time-Server, Domain-Name-Server Hostname, Domain-Name, NTP, Vendor-Option Lease-Time, TFTP, BF, Option 120 Option 125, Option 132, Option 133 Vendor-Class Option 60, length 7: "snom760" Hostname Option 12, length 14: "snom760-711165" T125 Option 125, length 30: 0,3561,6401,1584,12336,13361,13058,1591,12593,12598,13571,1907,28271,27959,13872 END Option 255, length 0 .... any hint ? Thanks, Michele -- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053 Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it
Is there any layer 3 device between client and dhcp server? Then you need dhcp relay agent, if that is not the case chk firewall. Thanks On Tuesday, February 12, 2013, Michele Pinassi wrote:
Hi all,
i've just installed a FreeRadius server 2.2.0 with DHCP support because i need a dhcp server that use MySQL ad a backend.
My network topology is:
eth0 inet addr:193.205.4.xxx [PUBLIC] eth1 inet addr:172.20.1.2 [PRIVATE]
all dhcp requests and reply should come from eth1. Here is freeradius -X dump:
FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20 2012 at 13:37:59 Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/smsotp including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/ldap including configuration file /etc/freeradius/mods-enabled/counter including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/otp including configuration file /etc/freeradius/mods-enabled/inner-eap including configuration file /etc/freeradius/mods-enabled/acct_unique including configuration file /etc/freeradius/mods-enabled/wimax including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/etc_group including configuration file /etc/freeradius/mods-enabled/redis including configuration file /etc/freeradius/mods-enabled/cui including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/cache including configuration file /etc/freeradius/mods-enabled/mac2ip including configuration file /etc/freeradius/mods-enabled/dhcp_sqlippool including configuration file /etc/freeradius/sql/mysql/ippool-dhcp.conf including configuration file /etc/freeradius/mods-enabled/policy including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/smbpasswd including configuration file /etc/freeradius/mods-enabled/ippool including configuration file /etc/freeradius/mods-enabled/rediswho including configuration file /etc/freeradius/mods-enabled/pam including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/ detail.example.com including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/mac2vlan including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/checkval including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/krb5 including configuration file /etc/freeradius/mods-enabled/sql_log including configuration file /etc/freeradius/mods-enabled/attr_rewrite including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/perl including configuration file /etc/freeradius/mods-enabled/radrelay including configuration file /etc/freeradius/mods-enabled/sqlcounter_expire_on_login including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/opendirectory including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sqlippool.conf including configuration file /etc/freeradius/sql/mysql/ippool.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/dhcp including configuration file /etc/freeradius/sites-enabled/default main { user = "root" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/mods-enabled/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/mods-enabled/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/mods-enabled/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/huntgroups reading pairlist file /etc/freeradius/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/mods-enabled/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } reading pairlist file /etc/freeradius/users reading pairlist file /etc/freeradius/acct_users reading pairlist file /etc/freeradius/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/mods-enabled/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail detail { detailfile =
"/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pair -- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053
Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it
Thanks Russel for you prompt reply but i thing that's not a network issue. I'm trying FreeRadius as an alternative for ISC DHCPD server that run on the same server (and the same clients) perfectly. Any other hint ? Michele On 12/02/2013 12:33, Russell Mike wrote:
Is there any layer 3 device between client and dhcp server? Then you need dhcp relay agent,if that is not the case chk firewall. Thanks
-- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053 Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it
Maybe i've found something that can help us to solve the problem. Here's FreeRadius DHCP reply (from dhcpdump): --------------------------------------------------------------------------- TIME: 2013-02-12 15:13:10.426 IP: 172.20.1.2 (0:c:29:eb:3e:86) > 172.20.1.20 (0:4:13:71:11:65) OP: 2 (BOOTPREPLY) HTYPE: 1 (Ethernet) HLEN: 6 HOPS: 0 XID: 44d8b628 SECS: 0 FLAGS: 0 CIADDR: 0.0.0.0 YIADDR: 172.20.1.20 SIADDR: 172.20.1.2 GIADDR: 0.0.0.0 CHADDR: 00:04:13:71:11:65:00:00:00:00:00:00:00:00:00:00 SNAME: . FNAME: . OPTION: 53 ( 1) DHCP message type 5 (DHCPACK) OPTION: 1 ( 4) Subnet mask 255.255.255.0 OPTION: 3 ( 4) Routers 172.20.1.1 OPTION: 4 ( 4) Time server 172.20.1.2 OPTION: 6 ( 4) DNS server 172.20.1.2 OPTION: 12 ( 13) Host name voip.unisi.it OPTION: 15 ( 13) Domainname voip.unisi.it OPTION: 42 ( 4) NTP servers 172.20.1.2 OPTION: 51 ( 4) IP address leasetime 7200 (2h) OPTION: 54 ( 4) Server identifier 172.20.1.2 OPTION: 66 ( 17) TFTP server name tftp://172.20.1.2 --------------------------------------------------------------------------- and this is the ISC DHCP Server reply (that i use in production on the same machine): --------------------------------------------------------------------------- TIME: 2013-02-12 15:19:42.168 IP: 172.20.1.2 (0:c:29:eb:3e:86) > 172.20.1.20 (cc:ef:48:5e:8f:e4) OP: 2 (BOOTPREPLY) HTYPE: 1 (Ethernet) HLEN: 6 HOPS: 0 XID: 5ace8683 SECS: 0 FLAGS: 0 CIADDR: 172.20.1.20 YIADDR: 172.20.1.20 SIADDR: 0.0.0.0 GIADDR: 0.0.0.0 CHADDR: cc:ef:48:5e:8f:e4:00:00:00:00:00:00:00:00:00:00 SNAME: . FNAME: . OPTION: 53 ( 1) DHCP message type 5 (DHCPACK) OPTION: 54 ( 4) Server identifier 172.20.1.2 OPTION: 51 ( 4) IP address leasetime 7200 (2h) OPTION: 1 ( 4) Subnet mask 255.255.255.0 OPTION: 3 ( 4) Routers 172.20.1.1 OPTION: 42 ( 4) NTP servers 172.20.1.2 OPTION: 6 ( 4) DNS server 172.20.1.2 OPTION: 15 ( 13) Domainname voip.unisi.it OPTION: 58 ( 4) T1 3600 (60m) OPTION: 59 ( 4) T2 6300 (1h45m) OPTION: 66 ( 17) TFTP server name tftp://172.20.1.2 OPTION: 2 ( 4) Time offset 7200 (2h) --------------------------------------------------------------------------- I'm pointing on CIADDR and SIADDR. Maybe something wrong in my policy.conf ? [...] # Assign compatibility data to request for sqlippool dhcp_sqlippool.post-auth { # Do some minor hacks to the request so that it looks # like a RADIUS request to the SQL IP Pool module. update control { Pool-Name = "main_pool" } update request { User-Name = "DHCP-%{DHCP-Client-Hardware-Address}" Calling-Station-Id = "%{DHCP-Client-Hardware-Address}" NAS-IP-Address = "%{%{DHCP-Gateway-IP-Address}:-127.0.0.1}" Acct-Status-Type = Start } # Call the actual module # # Uncomment this in order to really call it! dhcp_sqlippool # fail # Convert Framed-IP-Address to DHCP, but only if we # actually allocated an address. if (ok) { update reply { DHCP-Your-IP-Address = "%{reply:Framed-IP-Address}" } } } } Thanks, Michele On 12/02/2013 12:33, Russell Mike wrote:
Is there any layer 3 device between client and dhcp server? Then you need dhcp relay agent,if that is not the case chk firewall. Thanks
On Tuesday, February 12, 2013, Michele Pinassi wrote:
Hi all,
i've just installed a FreeRadius server 2.2.0 with DHCP support because i need a dhcp server that use MySQL ad a backend.
My network topology is:
eth0 inet addr:193.205.4.xxx [PUBLIC] eth1 inet addr:172.20.1.2 [PRIVATE]
all dhcp requests and reply should come from eth1. Here is freeradius -X dump:
FreeRADIUS Version 2.2.0, for host i486-pc-linux-gnu, built on Sep 20 2012 at 13:37:59 Copyright (C) 1999-2012 The FreeRADIUS server project and contributors. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. You may redistribute copies of FreeRADIUS under the terms of the GNU General Public License v2. Starting - reading configuration files ... including configuration file /etc/freeradius/radiusd.conf including configuration file /etc/freeradius/clients.conf including files in directory /etc/freeradius/mods-enabled/ including configuration file /etc/freeradius/mods-enabled/replicate including configuration file /etc/freeradius/mods-enabled/smsotp including configuration file /etc/freeradius/mods-enabled/preprocess including configuration file /etc/freeradius/mods-enabled/ldap including configuration file /etc/freeradius/mods-enabled/counter including configuration file /etc/freeradius/mods-enabled/detail.log including configuration file /etc/freeradius/mods-enabled/otp including configuration file /etc/freeradius/mods-enabled/inner-eap including configuration file /etc/freeradius/mods-enabled/acct_unique including configuration file /etc/freeradius/mods-enabled/wimax including configuration file /etc/freeradius/mods-enabled/dynamic_clients including configuration file /etc/freeradius/mods-enabled/etc_group including configuration file /etc/freeradius/mods-enabled/redis including configuration file /etc/freeradius/mods-enabled/cui including configuration file /etc/freeradius/mods-enabled/ntlm_auth including configuration file /etc/freeradius/mods-enabled/cache including configuration file /etc/freeradius/mods-enabled/mac2ip including configuration file /etc/freeradius/mods-enabled/dhcp_sqlippool including configuration file /etc/freeradius/sql/mysql/ippool-dhcp.conf including configuration file /etc/freeradius/mods-enabled/policy including configuration file /etc/freeradius/mods-enabled/expiration including configuration file /etc/freeradius/mods-enabled/logintime including configuration file /etc/freeradius/mods-enabled/radutmp including configuration file /etc/freeradius/mods-enabled/smbpasswd including configuration file /etc/freeradius/mods-enabled/ippool including configuration file /etc/freeradius/mods-enabled/rediswho including configuration file /etc/freeradius/mods-enabled/pam including configuration file /etc/freeradius/mods-enabled/soh including configuration file /etc/freeradius/mods-enabled/detail.example.com <http://detail.example.com> including configuration file /etc/freeradius/mods-enabled/realm including configuration file /etc/freeradius/mods-enabled/mac2vlan including configuration file /etc/freeradius/mods-enabled/attr_filter including configuration file /etc/freeradius/mods-enabled/exec including configuration file /etc/freeradius/mods-enabled/pap including configuration file /etc/freeradius/mods-enabled/unix including configuration file /etc/freeradius/mods-enabled/passwd including configuration file /etc/freeradius/mods-enabled/echo including configuration file /etc/freeradius/mods-enabled/sradutmp including configuration file /etc/freeradius/mods-enabled/always including configuration file /etc/freeradius/mods-enabled/checkval including configuration file /etc/freeradius/mods-enabled/chap including configuration file /etc/freeradius/mods-enabled/mschap including configuration file /etc/freeradius/mods-enabled/krb5 including configuration file /etc/freeradius/mods-enabled/sql_log including configuration file /etc/freeradius/mods-enabled/attr_rewrite including configuration file /etc/freeradius/mods-enabled/files including configuration file /etc/freeradius/mods-enabled/perl including configuration file /etc/freeradius/mods-enabled/radrelay including configuration file /etc/freeradius/mods-enabled/sqlcounter_expire_on_login including configuration file /etc/freeradius/mods-enabled/expr including configuration file /etc/freeradius/mods-enabled/linelog including configuration file /etc/freeradius/mods-enabled/opendirectory including configuration file /etc/freeradius/mods-enabled/detail including configuration file /etc/freeradius/mods-enabled/digest including configuration file /etc/freeradius/eap.conf including configuration file /etc/freeradius/sql.conf including configuration file /etc/freeradius/sqlippool.conf including configuration file /etc/freeradius/sql/mysql/ippool.conf including configuration file /etc/freeradius/policy.conf including files in directory /etc/freeradius/sites-enabled/ including configuration file /etc/freeradius/sites-enabled/dhcp including configuration file /etc/freeradius/sites-enabled/default main { user = "root" group = "freerad" allow_core_dumps = no } including dictionary file /etc/freeradius/dictionary main { name = "freeradius" prefix = "/usr" localstatedir = "/var" sbindir = "/usr/sbin" logdir = "/var/log/freeradius" run_dir = "/var/run/freeradius" libdir = "/usr/lib/freeradius" radacctdir = "/var/log/freeradius/radacct" hostname_lookups = no max_request_time = 30 cleanup_delay = 5 max_requests = 1024 pidfile = "/var/run/freeradius/freeradius.pid" checkrad = "/usr/sbin/checkrad" debug_level = 0 proxy_requests = no log { stripped_names = no auth = no auth_badpass = no auth_goodpass = no } security { max_attributes = 200 reject_delay = 1 status_server = yes } } radiusd: #### Loading Realms and Home Servers #### radiusd: #### Loading Clients #### client localhost { ipaddr = 127.0.0.1 require_message_authenticator = no secret = "testing123" nastype = "other" } radiusd: #### Instantiating modules #### instantiate { Module: Linked to module rlm_exec Module: Instantiating module "exec" from file /etc/freeradius/mods-enabled/exec exec { wait = no input_pairs = "request" shell_escape = yes } Module: Linked to module rlm_expr Module: Instantiating module "expr" from file /etc/freeradius/mods-enabled/expr Module: Linked to module rlm_expiration Module: Instantiating module "expiration" from file /etc/freeradius/mods-enabled/expiration expiration { reply-message = "Password Has Expired " } Module: Linked to module rlm_logintime Module: Instantiating module "logintime" from file /etc/freeradius/mods-enabled/logintime logintime { reply-message = "You are calling outside your allowed timespan " minimum-timeout = 60 } } radiusd: #### Loading Virtual Servers #### server { # from file /etc/freeradius/radiusd.conf modules { Module: Creating Auth-Type = digest Module: Creating Post-Auth-Type = REJECT Module: Checking authenticate {...} for more modules to load Module: Linked to module rlm_pap Module: Instantiating module "pap" from file /etc/freeradius/mods-enabled/pap pap { encryption_scheme = "auto" auto_header = no } Module: Linked to module rlm_chap Module: Instantiating module "chap" from file /etc/freeradius/mods-enabled/chap Module: Linked to module rlm_mschap Module: Instantiating module "mschap" from file /etc/freeradius/mods-enabled/mschap mschap { use_mppe = yes require_encryption = no require_strong = no with_ntdomain_hack = no allow_retry = yes } Module: Linked to module rlm_digest Module: Instantiating module "digest" from file /etc/freeradius/mods-enabled/digest Module: Linked to module rlm_unix Module: Instantiating module "unix" from file /etc/freeradius/mods-enabled/unix unix { radwtmp = "/var/log/freeradius/radwtmp" } Module: Linked to module rlm_eap Module: Instantiating module "eap" from file /etc/freeradius/eap.conf eap { default_eap_type = "md5" timer_expire = 60 ignore_unknown_eap_types = no cisco_accounting_username_bug = no max_sessions = 4096 } Module: Linked to sub-module rlm_eap_md5 Module: Instantiating eap-md5 Module: Linked to sub-module rlm_eap_leap Module: Instantiating eap-leap Module: Linked to sub-module rlm_eap_gtc Module: Instantiating eap-gtc gtc { challenge = "Password: " auth_type = "PAP" } Module: Linked to sub-module rlm_eap_tls Module: Instantiating eap-tls tls { rsa_key_exchange = no dh_key_exchange = yes rsa_key_length = 512 dh_key_length = 512 verify_depth = 0 CA_path = "/etc/freeradius/certs" pem_file_type = yes private_key_file = "/etc/freeradius/certs/server.key" certificate_file = "/etc/freeradius/certs/server.pem" CA_file = "/etc/freeradius/certs/ca.pem" private_key_password = "whatever" dh_file = "/etc/freeradius/certs/dh" random_file = "/dev/urandom" fragment_size = 1024 include_length = yes check_crl = no cipher_list = "DEFAULT" make_cert_command = "/etc/freeradius/certs/bootstrap" ecdh_curve = "prime256v1" cache { enable = no lifetime = 24 max_entries = 255 } verify { } ocsp { enable = no override_cert_url = yes url = "http://127.0.0.1/ocsp/" use_nonce = yes timeout = 0 softfail = no } } Module: Linked to sub-module rlm_eap_ttls Module: Instantiating eap-ttls ttls { default_eap_type = "md5" copy_request_to_tunnel = no use_tunneled_reply = no virtual_server = "inner-tunnel" include_length = yes } Module: Linked to sub-module rlm_eap_peap Module: Instantiating eap-peap peap { default_eap_type = "mschapv2" copy_request_to_tunnel = no use_tunneled_reply = no proxy_tunneled_request_as_eap = yes virtual_server = "inner-tunnel" soh = no } Module: Linked to sub-module rlm_eap_mschapv2 Module: Instantiating eap-mschapv2 mschapv2 { with_ntdomain_hack = no send_error = no } Module: Checking authorize {...} for more modules to load Module: Linked to module rlm_preprocess Module: Instantiating module "preprocess" from file /etc/freeradius/mods-enabled/preprocess preprocess { huntgroups = "/etc/freeradius/huntgroups" hints = "/etc/freeradius/hints" with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no with_alvarion_vsa_hack = no } reading pairlist file /etc/freeradius/huntgroups reading pairlist file /etc/freeradius/hints Module: Linked to module rlm_realm Module: Instantiating module "suffix" from file /etc/freeradius/mods-enabled/realm realm suffix { format = "suffix" delimiter = "@" ignore_default = no ignore_null = no } Module: Linked to module rlm_files Module: Instantiating module "files" from file /etc/freeradius/mods-enabled/files files { usersfile = "/etc/freeradius/users" acctusersfile = "/etc/freeradius/acct_users" preproxy_usersfile = "/etc/freeradius/preproxy_users" compat = "no" } reading pairlist file /etc/freeradius/users reading pairlist file /etc/freeradius/acct_users reading pairlist file /etc/freeradius/preproxy_users Module: Checking preacct {...} for more modules to load Module: Linked to module rlm_acct_unique Module: Instantiating module "acct_unique" from file /etc/freeradius/mods-enabled/acct_unique acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port" } Module: Checking accounting {...} for more modules to load Module: Linked to module rlm_detail Module: Instantiating module "detail" from file /etc/freeradius/mods-enabled/detail detail { detailfile = "/var/log/freeradius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d" header = "%t" detailperm = 384 dirperm = 493 locking = no log_packet_header = no } Module: Linked to module rlm_attr_filter Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.accounting_response { attrsfile = "/etc/freeradius/attrs.accounting_response" key = "%{User-Name}" relaxed = no } reading pairlist file /etc/freeradius/attrs.accounting_response Module: Checking session {...} for more modules to load Module: Linked to module rlm_radutmp Module: Instantiating module "radutmp" from file /etc/freeradius/mods-enabled/radutmp radutmp { filename = "/var/log/freeradius/radutmp" username = "%{User-Name}" case_sensitive = yes check_with_nas = yes perm = 384 callerid = yes } Module: Checking post-proxy {...} for more modules to load Module: Checking post-auth {...} for more modules to load Module: Instantiating module "attr_filter.access_reject" from file /etc/freeradius/mods-enabled/attr_filter attr_filter attr_filter.access_reject { attrsfile = "/etc/freeradius/attrs.access_reject" key = "%{User-Name}" relaxed = no } reading pair -- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053
Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Michele Pinassi Responsabile Telefonia di Ateneo Servizio Reti, Sistemi e Sicurezza Informatica - Università degli Studi di Siena tel: 0577.(23)2169 - fax: 0577.(23)2053 Per trovare una soluzione rapida ai tuoi problemi tecnici consulta le FAQ di Ateneo, http://www.faq.unisi.it
Michele Pinassi wrote:
Maybe i've found something that can help us to solve the problem.
Here's FreeRadius DHCP reply (from dhcpdump): ... I'm pointing on CIADDR and SIADDR.
Maybe something wrong in my policy.conf ?
I don't think so. It's weird that the fields are reversed. I've pushed some changes to the v2.x.x branch on github. It should print out more information about the DHCP packet it's sending. If you could try that, it would be a big help. Alan DeKok.
Michele Pinassi wrote:
Hi all,
i've just installed a FreeRadius server 2.2.0 with DHCP support because i need a dhcp server that use MySQL ad a backend. ... Sending DHCP-Offer of id 022e173c from 255.255.255.255:67 to 172.20.1.20:68 Finished request 0.
That looks weird. An empty offer packet? There should be *something* in it. I suggest starting with the example configuration in sites-available/dhcp. It won't do SQL, but it will return "example" DHCP responses. If that works, then the code is OK. The next step is to update the configuration to send the correct options in DHCP packets. Alan DeKok.
participants (3)
-
Alan DeKok -
Michele Pinassi -
Russell Mike