assigning different ippools according to huntgroups
Hi, I have 3 NAS and want to assign Framed-IP-Address from 3 different IP pools according to the NAS the user logs in from. Config below looks fine to me and I can see that the huntgroup is indeed matched but there seems to be a problem with the postauth definition. Please advise, Ami My config has : huntgroups: t1 NAS-IP-Address == 172.16.2.1 t2 NAS-IP-Address == 172.16.3.1 d1 NAS-IP-Address == 172.16.4.1 users: DEFAULT Huntgroup-Name == "t1" Pool-Name := Pool-t1, Fall-Through = No DEFAULT Huntgroup-Name == "t2" Pool-Name := Pool-t2, Fall-Through = No DEFAULT Huntgroup-Name == "d1" Pool-Name := Pool-d1, Fall-Through = No Radiusd.conf: ippool Pool-t1 { range-start = 172.16.2.30 range-stop = 172.16.2.50 netmask = 255.255.255.0 cache-size = 20 session-db = ${raddbdir}/t1db.ippool ip-index = ${raddbdir}/t1db.ipindex } ippool Pool-t2 { range-start = 172.16.3.30 range-stop = 172.16.3.50 netmask = 255.255.255.0 cache-size = 20 session-db = ${raddbdir}/t2db.ippool ip-index = ${raddbdir}/t2db.ipindex } ippool Pool-d1 { range-start = 172.16.4.30 range-stop = 172.16.4.50 netmask = 255.255.255.0 cache-size = 20 session-db = ${raddbdir}/d1db.ippool ip-index = ${raddbdir}/d1db.ipindex } accounting { radutmp # Return an address to the IP Pool when we see a stop record. Pool-t1 Pool-t2 Pool-d1 } post-auth { # Get an address from the IP Pool Pool-t1 Pool-t2 Pool-d1 } log: rad_recv: Access-Request packet from host 172.16.3.1:32802, id=122, length=55 User-Name = "Ami" User-Password = "ami123" NAS-Port = 11 NAS-IP-Address = 172.16.3.1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "Ami", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry Ami at line 26 users: Matched entry DEFAULT at line 41 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "Pool-t1" returns noop for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "Pool-t2" returns noop for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "Pool-d1" returns noop for request 0 modcall: leaving group post-auth (returns noop) for request 0 Sending Access-Accept of id 122 to 172.16.3.1 port 32802 Finished request 0 radiusd.conf:
Solved. Pool-Name is a check item : users: DEFAULT Huntgroup-Name == "t1", Pool-Name := Pool-t1 Fall-Through = No DEFAULT Huntgroup-Name == "t2", Pool-Name := Pool-t2 Fall-Through = No DEFAULT Huntgroup-Name == "d1", Pool-Name := Pool-d1 Fall-Through = No On 9/19/06, Ami Schieber <ami.schieber@gmail.com> wrote:
Hi,
I have 3 NAS and want to assign Framed-IP-Address from 3 different IP pools according to the NAS the user logs in from. Config below looks fine to me and I can see that the huntgroup is indeed matched but there seems to be a problem with the postauth definition.
Please advise,
Ami
My config has :
huntgroups:
t1 NAS-IP-Address == 172.16.2.1
t2 NAS-IP-Address == 172.16.3.1
d1 NAS-IP-Address == 172.16.4.1
users:
DEFAULT Huntgroup-Name == "t1" Pool-Name := Pool-t1, Fall-Through = No
DEFAULT Huntgroup-Name == "t2" Pool-Name := Pool-t2, Fall-Through = No
DEFAULT Huntgroup-Name == "d1" Pool-Name := Pool-d1, Fall-Through = No
Radiusd.conf:
ippool Pool-t1 { range-start = 172.16.2.30 range-stop = 172.16.2.50 netmask = 255.255.255.0 cache-size = 20 session-db = ${raddbdir}/t1db.ippool ip-index = ${raddbdir}/t1db.ipindex }
ippool Pool-t2 { range-start = 172.16.3.30 range-stop = 172.16.3.50 netmask = 255.255.255.0 cache-size = 20 session-db = ${raddbdir}/t2db.ippool ip-index = ${raddbdir}/t2db.ipindex }
ippool Pool-d1 { range-start = 172.16.4.30 range-stop = 172.16.4.50 netmask = 255.255.255.0 cache-size = 20 session-db = ${raddbdir}/d1db.ippool ip-index = ${raddbdir}/d1db.ipindex }
accounting { radutmp # Return an address to the IP Pool when we see a stop record. Pool-t1 Pool-t2 Pool-d1 }
post-auth { # Get an address from the IP Pool Pool-t1 Pool-t2 Pool-d1 }
log:
rad_recv: Access-Request packet from host 172.16.3.1:32802, id=122, length=55 User-Name = "Ami" User-Password = "ami123" NAS-Port = 11 NAS-IP-Address = 172.16.3.1 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_realm: No '@' in User-Name = "Ami", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module "eap" returns noop for request 0 users: Matched entry Ami at line 26 users: Matched entry DEFAULT at line 41 modcall[authorize]: module "files" returns ok for request 0 modcall: leaving group authorize (returns ok) for request 0 auth: type Local auth: user supplied User-Password matches local User-Password Processing the post-auth section of radiusd.conf modcall: entering group post-auth for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "Pool-t1" returns noop for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "Pool-t2" returns noop for request 0 rlm_ippool: Could not find Pool-Name attribute. modcall[post-auth]: module "Pool-d1" returns noop for request 0 modcall: leaving group post-auth (returns noop) for request 0 Sending Access-Accept of id 122 to 172.16.3.1 port 32802 Finished request 0
radiusd.conf:
Ami Schieber wrote:
users:
DEFAULT Huntgroup-Name == "t1" Pool-Name := Pool-t1, Fall-Through = No
Hi Ami, You need to assign Pool-Name as a check item rather than a reply item. In the case of the users file stanza above, this: DEFAULT Huntgroup-Name == "t1", Pool-Name := Pool-t1 Fall-Through = No should work. -- James Wakefield, Unix Administrator, Information Technology Services Division Deakin University, Geelong, Victoria 3217 Australia. Phone: 03 5227 8690 International: +61 3 5227 8690 Fax: 03 5227 8866 International: +61 3 5227 8866 E-mail: james.wakefield@deakin.edu.au Website: http://www.deakin.edu.au
participants (2)
-
Ami Schieber -
James Wakefield