AD + Static IP Address

Parham Beheshti p_beheshti at rasana.net
Tue Jul 10 14:44:05 CEST 2007


Hello,
Our users connect from our internal lan to the internet through pptp
connection ( so we can control when they login and how much they use the
net).

LAN ---->PPTP---->Internet

I'm using active directory for authentication (rlm_ldap for PAP and
ntlm_auth for mschap) and authorization with groups and everything.
Everything works like a charm!
The problem is that I've setup a few with internal static ip addresses
(192.168.12.X range) and a few with our valid ip address range
(85.15.X.X range).
I'm assigning these ip addresses in Active Directory through
msRadiusFramedIPAdrress attribute.
Users with static ip address of 85.X are getting their static ip
addresses, but not users in 192.X range. (they get 255.255.255.255)
After digging for a while I noticed I could assigned ip addresses up to
127.255.255.255 and get the ip assigned.
Right after 128.0.0.0 the static ip will not get assigned to the user.
Apparently the 4 byte integer in the active directory for
msRadiusFramedIPAddress is being treated as a signed integer, so
anything more then 127.255.255.255 is treated as a negative value and an
invalid value.
Is there a setting to treat this 4 byte as an unsigned integer? A
setting?
Or this is a bug?
Thank you in advance,
And thank you for this great software :)
Cheers,
parham




More information about the Freeradius-Users mailing list