Accounting - FramedIPAddress - DHCP/IPPOOL
mad
psymad at gmail.com
Wed May 10 16:59:29 CEST 2006
Yes, I'm french ... I hope you understand fine my english
I send my configuration
=> radiusd.conf
...
ippool test {
range-start = xxx.xxx.xxx.250
range-stop = xxx.xxx.xxx.253
netmask = 255.255.255.0
cache-size = 3
session-db = ${raddbdir}/db.ippool
ip-index = ${raddbdir}/db.ipindex
override = yes
maximum-timeout = 0
}
...
post-auth {
test
}
...
=> users
DEFAULT Huntgroup-Name == "xxx", Ldap-Group == "test-ldap", Autz-Type :=
Ldap, Pool-Name := "test"
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = xx
...
=> SWITCH
aaa new-model
aaa authentication dot1x default group radius none
aaa authorization network default group radius
aaa authorization configuration default group radius
aaa accounting dot1x default start-stop group radius
I think there are all ... for use ippool ... I hope that there are no error
because I have change my configuration since I have try to use ippool.
Thanks for your answer
Regards,
2006/5/10, Pierre LEONARD <pier.leonard at free.fr>:
>
> mad a écrit :
>
> > Hello,
> > I have a freeradius server, I use an eap/ttls authentication with
> > 802.1x and ldap.
> > I want to save the username, the ip adress, the MAC address, the start
> > time and the stop time of the connection with the accounting function
> > (with mysql).
> > I have a problem with the ip address ... because it's dhcpd who give
> > an ip address at the client, so freeradius can't have this information.
> >
> > I have try ippool in freeradius (freeradius want to give an ip address
> > but the client don't receive). Also I have read that it's impossible
> > to use ippool with eap and when there are access point and/or swith
> > between client and server ... it's true ?
> >
> > I have also try other solutions (with syslog-ng who get the ip address
> > in the log and insert in acct table ..., a scripts with omshell who
> > permit to freeradius to indicate at dhcpd what ip address give at this
> > client ...) BUT I think this solution are very unstable ...
> >
> > What do you think about this ?
> > Have you an other solution ?
> >
> > Sorry my english is rusty ... and thanks for your answers
> >
> > Regards,
> >
> > Psymad
> >
> >------------------------------------------------------------------------
> >
> >-
> >List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
> >
> i've a similar problem...but i don't arrive to assign fixed ip to a vpn
> client.
> my radius server (freeradius) send ip config like ip address, netmask,
> vlan and the router receive this info but it don't use.
>
> i don't know how configure it in order to say that it must relay config
> from the radius
>
> in my router config i cannot specify the authorization like
> " aaa authorization network authorization-radius group group-radius" and
> i must replace "network" by "configuration"
> because with "network" the router send the name of the client isakmp
> group as user name and "cisco" as password but i haven't specify this
> password. i don't understand where he found this pass...
>
> i know that i don't answers your request but if you could show me your
> configuration maybe i will understand my error !
>
> thanks
>
> ps: are you french ?
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20060510/0f2d4949/attachment.html>
More information about the Freeradius-Users
mailing list