Freeradius does not assign IP from main_pool

Xiaochen Jing xjing at datavalet.com
Tue Aug 5 17:26:35 CEST 2008 

Hello all,

 

I want to use Freeradius to assign IP addresses to clients from main_pool.
After all set up (I think), L2tp tunnel is established but user cannot get
an IP from Freeradius. From the Reply message, I see no IP is replied to
user. 

 

Could anyone take a look at the debug and give me a hint?

 

Debug:

 

radiusd: #### Loading Virtual Servers ####

server inner-tunnel {

 modules {

 Module: Checking authenticate {...} for more modules to load

 Module: Linked to module rlm_pap

 Module: Instantiating pap

  pap {

        encryption_scheme = "auto"

        auto_header = no

  }

 Module: Linked to module rlm_chap

 Module: Instantiating chap

 Module: Linked to module rlm_mschap

 Module: Instantiating mschap

  mschap {

        use_mppe = yes

        require_encryption = no

        require_strong = no

        with_ntdomain_hack = no

  }

 Module: Linked to module rlm_unix

 Module: Instantiating unix

  unix {

        radwtmp = "/usr/local/var/log/radius/radwtmp"

  }

 Module: Linked to module rlm_eap

 Module: Instantiating eap

  eap {

        default_eap_type = "md5"

        timer_expire = 60

        ignore_unknown_eap_types = no

        cisco_accounting_username_bug = no

  }

 Module: Linked to sub-module rlm_eap_md5

 Module: Instantiating eap-md5

 Module: Linked to sub-module rlm_eap_leap

 Module: Instantiating eap-leap

 Module: Linked to sub-module rlm_eap_gtc

 Module: Instantiating eap-gtc

   gtc {

        challenge = "Password: "

        auth_type = "PAP"

   }

rlm_eap: Ignoring EAP-Type/tls because we do not have OpenSSL support.

rlm_eap: Ignoring EAP-Type/ttls because we do not have OpenSSL support.

rlm_eap: Ignoring EAP-Type/peap because we do not have OpenSSL support.

 Module: Linked to sub-module rlm_eap_mschapv2

 Module: Instantiating eap-mschapv2

   mschapv2 {

        with_ntdomain_hack = no

   }

 Module: Checking authorize {...} for more modules to load

 Module: Linked to module rlm_realm

 Module: Instantiating suffix

  realm suffix {

        format = "suffix"

        delimiter = "@"

        ignore_default = no

        ignore_null = no

  }

 Module: Linked to module rlm_files

 Module: Instantiating files

  files {

        usersfile = "/usr/local/etc/raddb/users"

        acctusersfile = "/usr/local/etc/raddb/acct_users"

        preproxy_usersfile = "/usr/local/etc/raddb/preproxy_users"

        compat = "no"

  }

[/usr/local/etc/raddb/users]:107 WARNING! Check item "Group"    found in
reply i

tem list for user "testuser".   This attribute MUST go on the first line
with th

e other check items

[/usr/local/etc/raddb/users]:107 WARNING! Check item "Pool-Name"
found in

 reply item list for user "testuser".   This attribute MUST go on the first
line

 with the other check items

 Module: Checking session {...} for more modules to load

 Module: Linked to module rlm_radutmp

 Module: Instantiating radutmp

  radutmp {

        filename = "/usr/local/var/log/radius/radutmp"

        username = "%{User-Name}"

        case_sensitive = yes

        check_with_nas = yes

        perm = 384

        callerid = yes

  }

 Module: Checking post-proxy {...} for more modules to load

 Module: Checking post-auth {...} for more modules to load

 Module: Linked to module rlm_attr_filter

 Module: Instantiating attr_filter.access_reject

  attr_filter attr_filter.access_reject {

        attrsfile = "/usr/local/etc/raddb/attrs.access_reject"

        key = "%{User-Name}"

  }

 }

}

server {

 modules {

 Module: Checking authenticate {...} for more modules to load

 Module: Checking authorize {...} for more modules to load

 Module: Linked to module rlm_preprocess

 Module: Instantiating preprocess

  preprocess {

        huntgroups = "/usr/local/etc/raddb/huntgroups"

        hints = "/usr/local/etc/raddb/hints"

        with_ascend_hack = no

        ascend_channels_per_line = 23

        with_ntdomain_hack = no

        with_specialix_jetstream_hack = no

        with_cisco_vsa_hack = no

        with_alvarion_vsa_hack = no

  }

 Module: Checking preacct {...} for more modules to load

 Module: Linked to module rlm_acct_unique

 Module: Instantiating acct_unique

  acct_unique {

        key = "User-Name, Acct-Session-Id, NAS-IP-Address,
Client-IP-Address, NA

S-Port"

  }

 Module: Checking accounting {...} for more modules to load

 Module: Linked to module rlm_detail

 Module: Instantiating detail

  detail {

        detailfile =
"/usr/local/var/log/radius/radacct/%{Client-IP-Address}/det

ail-%Y%m%d"

        header = "%t"

        detailperm = 384

        dirperm = 493

        locking = no

        log_packet_header = no

  }

 Module: Linked to module rlm_ippool

 Module: Instantiating main_pool

  ippool main_pool {

        session-db = "/usr/local/etc/raddb/db.ippool"

        ip-index = "/usr/local/etc/raddb/db.ipindex"

        key = "%{NAS-IP-Address} %{NAS-Port}"

        range-start = 192.168.1.1

        range-stop = 192.168.3.254

        netmask = 255.255.255.0

        cache-size = 800

        override = yes

        maximum-timeout = 0

  }

 Module: Instantiating attr_filter.accounting_response

  attr_filter attr_filter.accounting_response {

        attrsfile = "/usr/local/etc/raddb/attrs.accounting_response"

        key = "%{User-Name}"

  }

 Module: Checking session {...} for more modules to load

 Module: Checking post-proxy {...} for more modules to load

 Module: Checking post-auth {...} for more modules to load

 }

}

radiusd: #### Opening IP addresses and Ports ####

listen {

        type = "auth"

        ipaddr = *

        port = 0

}

listen {

        type = "acct"

        ipaddr = *

        port = 0

}

Listening on authentication address * port 1812

Listening on accounting address * port 1813

Ready to process requests.

 

 

Here is the process:

 

rad_recv: Access-Request packet from host 127.0.0.1 port 32915, id=0,
length=145

        User-Name = "testuser"

        User-Password = "testing"

        NAS-Port = 1

        Service-Type = Framed-User

        Framed-Protocol = PPP

        Calling-Station-Id = "atm 9/0.438:13.172#184577265#atm
xyz#speed:UBR#ppp

oe 00:1c:23:b6:d3:45#"

        NAS-IP-Address = 0.0.0.0

+- entering group authorize

++[preprocess] returns ok

++[chap] returns noop

++[mschap] returns noop

    rlm_realm: No '@' in User-Name = "testuser", looking up realm NULL

    rlm_realm: No such realm "NULL"

++[suffix] returns noop

  rlm_eap: No EAP-Message, not doing EAP

++[eap] returns noop

++[unix] returns notfound

    users: Matched entry testuser at line 107

++[files] returns ok

++[expiration] returns noop

++[logintime] returns noop

++[pap] returns updated

  rad_check_password:  Found Auth-Type

auth: type "PAP"

+- entering group PAP

rlm_pap: login attempt with password "testing"

rlm_pap: Using clear text password "testing"

rlm_pap: User authenticated successfully

++[pap] returns ok

Login OK: [testuser/testing] (from client localhost port 1 cli atm
9/0.438:13.17

2#184577265#atm xyz#speed:UBR#pppoe 00:1c:23:b6:d3:45#)

+- entering group post-auth

rlm_ippool: Could not find Pool-Name attribute.

++[main_pool] returns noop

Sending Access-Accept of id 0 to 127.0.0.1 port 32915

        Service-Type == Framed-User

        Framed-Protocol == PPP

Finished request 0.

Going to the next request

Waking up in 0.9 seconds.

Waking up in 3.9 seconds.

Cleaning up request 0 ID 0 with timestamp +283

Ready to process requests.

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080805/55c1ea07/attachment.html>

More information about the Freeradius-Users mailing list