Can't access Internet?

Guy Davies aguydavies at gmail.com
Tue Jan 9 21:46:55 CET 2007 

Hi Tim,

Erm, yes, they're all critical to getting dial-up to work :-)

I think you could use a DEFAULT user in the users file that says
something like...

DEFAULT auth-type := system
  Fall-Through = yes

DEFAULT service-type == framed, framed-protocol == ppp
  service-type = framed,
  framed-protocol = ppp,
  framed-ip-address = 255.255.255.254
  framed-mtu = 1500

This is directly taken from the man page for the users file.

Rgds,

Guy

On 09/01/07, Tim Tyler <tyler at beloit.edu> wrote:
>
>  FreeRadius experts,
>    Ok, I ran radtest on both the old Lucent technology radius server and on
> Freeradius with the following results:
>
>  Lucent Technology radius server (which works)
>     [root at alum raddb]# radtest tylert xxxxxx 144.89.40.30:1645 1645 yyyyyy
>  Sending Access-Request of id 37 to 144.89.40.30:1645
>          User-Name = "tylert"
>          User-Password = "xxxxxx"
>          NAS-IP-Address = alum.beloit.edu
>          NAS-Port = 1645
>  rad_recv: Access-Accept packet from host 144.89.40.30:1645, id=37,
> length=44
>          Framed-Protocol = PPP
>          Service-Type = Framed-User
>          Framed-IP-Address = 255.255.255.254
>          Framed-MTU = 1500
>
>  FreeRadius which authenticates, access the local network, but doesn't
> access the Internet:
>  [root at alum raddb]# radtest tylert xxxxxx 144.89.40.9 1812 yyyyyyy
>  Sending Access-Request of id 159 to 144.89.40.9:1812
>          User-Name = "tylert"
>          User-Password = "xxxxxx"
>          NAS-IP-Address = alu.beloit.edu
>          NAS-Port = 1812
>  rad_recv: Access-Accept packet from host 144.89.40.9:1812, id=159,
> length=20
>
>
>  So what I am observing is that Freeradius does not send back the following
> information that Lucent Tech. does.
>
>         Framed-Protocol = PPP
>          Service-Type = Framed-User
>          Framed-IP-Address = 255.255.255.254
>          Framed-MTU = 1500
>
>  I am guessing that some or all of these are important.  Some of the old
> archives have suggested that the mtu might be important.  If I am using a
> standard unix password crypt file, is it possible to get freeradius to send
> this information?  Or do I need to consider another method?
>  Tim
>
>
>  At 11:54 AM 1/8/2007, you wrote:
>
> You may wish to use the radius-tools package (correct me if the package name
> is wrong, List) which is included with freeradius to send test packets from
> the test application to the Freeradius server, and it'll show you what the
> attributes you're sending  and what the server replies with.
>
>  You can then do this again to your AIX server and see how the response is
> different - this will involve adding your test client machine as a NAS in
> the AIX machine's clients file.
>
>  Basically you need to eavesdrop on the connection between the radius client
> and new/old servers, and compare and contrast the replies. This is the best
> way to work out "What has changed?"
>
>  Hope this helps,
>
>  Jan
>
>
>  On 08/01/07, Tim Tyler <tyler at beloit.edu> wrote:
>  FreeRadius experts,
>    We are trying to run FreeRadius on a RedHat AS 2.1 system.  We use
>  an external password file for authentication defined in the unix
>  system (password = filename) section of radius.conf.  This seems to
>  work fine.  Modem users can authenticate to our old 3com Total
>  Control modem pool, but users can not access the Internet.  They can
>  access all local domain servers on campus, but they can't get off
>  campus.  This really should not be a firewall  issue as the same ip
>  addresses are still associated with the modem pool.
>    Note: if we go back to our old Lucent Technology radius server
>  running on AIX, everybody is fine and can access the Internet again.
>    I am trying to find out what might cause a modem pool to only work
>  locally (access servers on our campus) after switching to FreeRadius
>  particularly since it seems that the authentication part is
>  working?  I know that the 3com Total Control modem pool is rather old
>  but I don't know why it would behave differently from one radius
>  server to another as long as authentication works.
>    I read in one of the FreeRadius archives that some users have
>  experienced a similar problem of either very slow or won't work at
>  all for some customers accessing the Internet via Freeradius
>  authentication until they modified the MTU setting.  This is curious
>  to me.  Is there a place in FreeRadius that I might change the mtu
>  setting given that I am using an external unix password crypt file
>  for all authentication?  If so, what mtu setting might be recommended?
>    Is there another possible explanation that might relate to Freeradius?
>  any thoughts are much appreciated?
>
>
>
>  Tim Tyler
>  Network Engineer - Beloit College
>  tyler at beloit.edu
>
>
>  -
>  List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
>  -
>  List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>  Tim Tyler
>  Network Engineer - Beloit College
>  tyler at beloit.edu
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>

More information about the Freeradius-Users mailing list