Mikrotik ignores Framed-IP-Address

tnt at kalik.co.yu tnt at kalik.co.yu
Tue Nov 13 01:02:22 CET 2007


Static addresses must not be from ippools.

Create group dynamic in sql and assign all the users that will have such
addresses to it. Create an ippool dynamicIP (in freeradius not mikrotik)
containing addresses free for dynamic IP use. Insert into radgroupcheck
table Pool-Name dynamicIP with op:= for group dynamic. Leave users with
static IPs as they are. Users should have point-to-point netmask
(255.255.255.255).

No scripts needed.

Ivan Kalik
Kalik Informatika ISP


Dana 12/11/2007, "Marinko Tarlac" <mangia81 at gmail.com> piše:

>Well I'm trying to use it. When I enter for example
>ID |   UserName  |   Attribute  |   op
>
>32 | user | Framed-IP-Address | 192.168.8.152 | :=
>
>in radreply table, user should get static IP address (in this case 192.168.8152) but this is ignored by Mikrotik because Framed-Pool is also available because user is inside specific group which has defined IP pool. When I delete IP pool from Mikrotik everything works fine... It seem that finally I will wrote specific perl or php script who will be dedicated to decide
>
>if framed-ip-address exist send it to MT
>	else send IP-pool name
>
>
>
>
>Re: Mikrotik ignores Framed-IP-Address (tnt at kalik.co.yu)
>>
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 12 Nov 2007 12:55:14 +0100
>> From: <tnt at kalik.co.yu>
>> Subject: Re: Mikrotik ignores Framed-IP-Address
>> To: "FreeRadius users mailing list"
>> 	<freeradius-users at lists.freeradius.org>
>> Message-ID: <fXF2NwKz.1194868514.1514360.tnt at kalik.co.yu>
>> Content-Type: text/plain; charset=ISO-8859-2
>>
>> Use one way to assign IP addresses: DHCP or radius. If you want to give
>> static addresses to devices use dhcp pools (dynamic IP) and reservations
>> (static IP); if you want to give static IPs to users than use radius
>> ippool (dynamic IP) and (static) IP address assignment.
>>
>> Ivan Kalik
>> Kalik Informatika ISP
>>
>> Dana 12/11/2007, "Marinko Tarlac" <mangia81 at gmail.com> pi?e:
>>
>>
>>> Hello
>>>
>>> I have freeradius and Mikrotik combination and here is the problem.
>>> Freeradius is configured to use mysql database. When I add
>>> Framed-IP-Address for certain user (in radreply table) For example
>>>
>>> 32  	user  	Framed-IP-Address  	10.51.8.152  	:=
>>>
>>> It works but only if I don't have IP pool created on Mikrotik. If I
>>> create IP pool than Framed-IP-Address is ignored. Framed-Pool is
>>> specified for every group and attributes for every group is added in
>>> radgroupreply table.
>>>
>>> Log without IP pool
>>>
>>> rad_recv: Access-Request packet from host 192.168.1.7:1026, id=229, length=149
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        NAS-Port = 870
>>>        NAS-Port-Type = Ethernet
>>>        User-Name = "admin-test"
>>>        Calling-Station-Id = "00:C0:CA:18:75:B3"
>>>        Called-Station-Id = "radius"
>>>        NAS-Port-Id = "ether1"
>>>        CHAP-Challenge = 0x89a28dc77659b6311a88c16eb7500767
>>>        CHAP-Password = 0x01d385ce5c814c1d1db9cafadb4736c351
>>>        NAS-Identifier = "1.7 - h-0"
>>>        NAS-IP-Address = 192.168.1.7
>>>  rlm_chap: Setting 'Auth-Type := CHAP'
>>> rlm_sql (sql): Reserving sql socket id: 4
>>> rlm_sql (sql): Released sql socket id: 4
>>>  rlm_chap: login attempt by "admin-test" with CHAP password
>>>  rlm_chap: Using clear text password "perica" for user admin-test
>>> authentication.
>>>  rlm_chap: chap user admin-test authenticated succesfully
>>> Sending Access-Accept of id 229 to 192.168.1.7 port 1026
>>>        Framed-IP-Address := 192.168.8.152
>>>        Framed-MTU = 576
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        Framed-Compression = Van-Jacobson-TCP-IP
>>>        Ascend-Data-Rate := 0
>>>        Ascend-Xmit-Rate := 0
>>>        Framed-Pool := "radius"
>>>
>>> Log with created IP pool called "radius"
>>>
>>> rad_recv: Access-Request packet from host 192.168.1.7:1027, id=240, length=149
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        NAS-Port = 872
>>>        NAS-Port-Type = Ethernet
>>>        User-Name = "admin-test"
>>>        Calling-Station-Id = "00:C0:CA:18:75:B3"
>>>        Called-Station-Id = "radius"
>>>        NAS-Port-Id = "ether1"
>>>        CHAP-Challenge = 0x5293ac8321ad51693a5e3109f8887511
>>>        CHAP-Password = 0x01b0a9f7bca1f632878bee51c13d667f5c
>>>        NAS-Identifier = "1.7 - h-0"
>>>        NAS-IP-Address = 192.168.1.7
>>>  rlm_chap: Setting 'Auth-Type := CHAP'
>>> rlm_sql (sql): Reserving sql socket id: 4
>>> rlm_sql (sql): Released sql socket id: 4
>>>  rlm_chap: login attempt by "admin-test" with CHAP password
>>>  rlm_chap: Using clear text password "perica" for user admin-test
>>> authentication.
>>>  rlm_chap: chap user admin-test authenticated succesfully
>>> Sending Access-Accept of id 240 to 192.168.1.7 port 1027
>>>        Framed-IP-Address := 192.168.8.152
>>>        Framed-MTU = 576
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        Framed-Compression = Van-Jacobson-TCP-IP
>>>        Ascend-Data-Rate := 0
>>>        Ascend-Xmit-Rate := 0
>>>        Framed-Pool := "radius"
>>> rad_recv: Accounting-Request packet from host 192.168.1.7:1027,
>>> id=241, length=146
>>>        Service-Type = Framed-User
>>>        Framed-Protocol = PPP
>>>        NAS-Port = 872
>>>        NAS-Port-Type = Ethernet
>>>        User-Name = "admin-test"
>>>        Calling-Station-Id = "00:C0:CA:18:75:B3"
>>>        Called-Station-Id = "radius"
>>>        NAS-Port-Id = "ether1"
>>>        Acct-Session-Id = "81d00316"
>>>        Framed-IP-Address = 192.168.8.159
>>>        Acct-Authentic = RADIUS
>>>        Acct-Status-Type = Start
>>>        NAS-Identifier = "1.7 - h-0"
>>>        NAS-IP-Address = 192.168.1.7
>>>        Acct-Delay-Time = 0
>>> rlm_sql (sql): Reserving sql socket id: 3
>>> rlm_sql (sql): Released sql socket id: 3
>>> Sending Accounting-Response of id 241 to 192.168.1.7 port 1027
>>>
>>> Any ideas?
>>>
>>
>>
>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>




More information about the Freeradius-Users mailing list