Ip Pool group assignment

Giuseppina Venezia giusy.venezia at gmail.com
Sun Aug 27 13:39:03 CEST 2006 

On 8/26/06, Alan DeKok <aland at deployingradius.com> wrote:
>   If you want EVERYONE to get an IP pool, do:
>
> DEFAULT Pool-Name := "main_pool"
>         Fall-Through = Yes
>
>   Alan DeKok.

I want that only "professors" gets an IP pool.
I made this:
DEFAULT Auth-Type = LDAP
        Fall-Through = 1
DEFAULT Pool-Name :="main_pool", Ldap-Group == "professor"
        Service-Type == Framed-User,
        Fall-Through = yes
and it seems to work, it assign an IP but, the IP is not real assigned.

He's a professor:
.....

rad_recv: Access-Request packet from host 127.0.0.1:1039, id=0, length=220
       User-Name = "prof1"
       CHAP-Challenge = 0xefc559504d3ba3c9fa54b43a24630c73
       CHAP-Password = 0x006ddd83222dfe14d8bde3f858d2270462
       NAS-IP-Address = 127.0.0.1
       Service-Type = Login-User
       Framed-IP-Address = 192.168.182.3
       Calling-Station-Id = "00-02-C7-8F-A0-16"
       Called-Station-Id = "00-50-BF-E3-E8-2A"
       NAS-Identifier = "localhost"
       Acct-Session-Id = "44f16e9a00000001"
       NAS-Port-Type = Wireless-802.11
       NAS-Port = 1
       Message-Authenticator = 0x27936b28337edbd63b0c974cd804f9d2
       WISPr-Logoff-URL = "http://192.168.182.1:3990/logoff"
 Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
 modcall[authorize]: module "preprocess" returns ok for request 0
 rlm_chap: Setting 'Auth-Type := CHAP'
 modcall[authorize]: module "chap" returns ok for request 0
 modcall[authorize]: module "mschap" returns noop for request 0
   rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[authorize]: module "suffix" returns noop for request 0
 rlm_eap: No EAP-Message, not doing EAP
 modcall[authorize]: module "eap" returns noop for request 0
   users: Matched entry DEFAULT at line 154
rlm_ldap: Entering ldap_groupcmp()
radius_xlat:  'ou=statistica,dc=mydomain,dc=it'
radius_xlat:  '(uid=prof1)'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: attempting LDAP reconnection
rlm_ldap: (re)connect to localhost:389, authentication 0
rlm_ldap: bind as cn=Manager,dc=mydomain,dc=it/password to localhost:389
rlm_ldap: waiting for bind result ...
rlm_ldap: Bind was successful
rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: ldap_release_conn: Release Id: 0
radius_xlat:  '(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfU$
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit)))'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with
filter (&(cn=professor)(|(&(objectClass=GroupOfNames)(member=cn\3dMaurizio
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))(&(objectClass=GroupOfU$
Costanzo\2cou\3dfaculty\2cou\3ddspsa\2cou\3dstatistica\2cdc\3dmydomain\2cdc\3dit))))
rlm_ldap: object not found or got ambiguous search result
rlm_ldap: ldap_release_conn: Release Id: 0
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in cn=Maurizio
Costanzo,ou=faculty,ou=dspsa,ou=statistica,dc=mydomain,dc=it, with filter
(objectclass=*)
rlm_ldap::ldap_groupcmp: User found in group professor
rlm_ldap: ldap_release_conn: Release Id: 0
   users: Matched entry DEFAULT at line 176
 modcall[authorize]: module "files" returns ok for request 0
rlm_ldap: - authorize
rlm_ldap: performing user authorization for prof1
radius_xlat:  '(uid=prof1)'
radius_xlat:  'ou=statistica,dc=mydomain,dc=it'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in ou=statistica,dc=mydomain,dc=it, with
filter (uid=prof1)
rlm_ldap: checking if remote access for prof1 is allowed by userPassword
rlm_ldap: Added password a in check items
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding radiusGroupName as Ldap-Group, value professor & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
C4-5A-5E-D0-1F-F4 & op=21
rlm_ldap: Adding radiusCallingStationId as Calling-Station-Id, value
00-02-C7-8F-A0-16 & op=21
rlm_ldap: Adding userPassword as User-Password, value a & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user prof1 authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
 modcall[authorize]: module "ldap" returns ok for request 0
rlm_checkval: Item Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
rlm_checkval: Value Name: Calling-Station-Id, Value: C4-5A-5E-D0-1F-F4
rlm_checkval: Value Name: Calling-Station-Id, Value: 00-02-C7-8F-A0-16
 modcall[authorize]: module "checkval" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
 rad_check_password:  Found Auth-Type CHAP
auth: type "CHAP"
 Processing the authenticate section of radiusd.conf
modcall: entering group CHAP for request 0
 rlm_chap: login attempt by "prof1" with CHAP password
 rlm_chap: Using clear text password a for user prof1 authentication.
 rlm_chap: chap user prof1 authenticated succesfully
 modcall[authenticate]: module "chap" returns ok for request 0
modcall: leaving group CHAP (returns ok) for request 0
 Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 0
rlm_ippool: Searching for an entry for nas/port: 127.0.0.1/1
rlm_ippool: Allocating ip to nas/port: 127.0.0.1/1
rlm_ippool: num: 1
rlm_ippool: Allocated ip 192.168.182.234 to client on nas 127.0.0.1,port 1
 modcall[post-auth]: module "main_pool" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
 modcall[post-auth]: module "main_pool" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 0 to 127.0.0.1 port 1039
       Service-Type == Framed-User
       Framed-IP-Address = 192.168.182.234
       Framed-IP-Netmask = 255.255.255.0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Accounting-Request packet from host 127.0.0.1:1037, id=0,
length=135
       Acct-Status-Type = Start
       User-Name = "prof1"
       Calling-Station-Id = "00-02-C7-8F-A0-16"
       Called-Station-Id = "00-50-BF-E3-E8-2A"
       NAS-Port-Type = Wireless-802.11
       NAS-Port = 1
       NAS-Port-Id = "00000001"
       NAS-IP-Address = 127.0.0.1
       NAS-Identifier = "localhost"
       Framed-IP-Address = 192.168.182.3
       Acct-Session-Id = "44f16e9a00000001"
 Processing the preacct section of radiusd.conf
modcall: entering group preacct for request 1
 modcall[preacct]: module "preprocess" returns noop for request 1
rlm_acct_unique: Hashing 'NAS-Port = 1,Client-IP-Address =
127.0.0.1,NAS-IP-Address = 127.0.0.1,Acct-Session-Id =
"44f16e9a00000001",User-Name = "prof1"'
rlm_acct_unique: Acct-Unique-Session-ID = "ef2fe80af19d1f1a".
 modcall[preacct]: module "acct_unique" returns ok for request 1
   rlm_realm: No '@' in User-Name = "prof1", looking up realm NULL
   rlm_realm: No such realm "NULL"
 modcall[preacct]: module "suffix" returns noop for request 1
 modcall[preacct]: module "files" returns noop for request 1
modcall: leaving group preacct (returns ok) for request 1
 Processing the accounting section of radiusd.conf
modcall: entering group accounting for request 1
radius_xlat:
'/usr/local/var/log/radius/radacct/127.0.0.1/detail-20060827'
rlm_detail:
/usr/local/var/log/radius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /usr/local/var/log/radius/radacct/127.0.0.1/detail-20060827
 modcall[accounting]: module "detail" returns ok for request 1
 modcall[accounting]: module "unix" returns ok for request 1
radius_xlat:  '/usr/local/var/log/radius/radutmp'
radius_xlat:  'prof1'
 modcall[accounting]: module "radutmp" returns ok for request 1
rlm_ippool: This is not an Accounting-Stop. Return NOOP.
 modcall[accounting]: module "main_pool" returns noop for request 1
modcall: leaving group accounting (returns ok) for request 1
Sending Accounting-Response of id 0 to 127.0.0.1 port 1037
Finished request 1
Going to the next request
..........................

It seems to assign 192.168.182.234 but the user has
192.168.182.3 .... why it doesn't assing IP?
Thanks
Giusy

More information about the Freeradius-Users mailing list