Different IP Pool per proxied realm

Tony Spencer tony at eurisp.co.uk
Mon Feb 11 14:26:22 CET 2008 

We are running freeradius on Centos and the most supported package that gets
installed by "yum update" is freeradius-1.0.1-3.RHEL4.5, which I now have
installed.

I've tried to upgrade by downloading the latest version, 2.0.1.
Although it builds and installs it doesn't seem to try to connect to my SQL
database. When I start the old version with -X I see a lot of mention of
sql.
But version 2.0.1 started with -X doesn't seem to say anything apart from
its loading the sql.conf file.
Am I missing something here?

That said I do have some debug for the version I am using for trying to
assign a different IP pool per realm.

Here is the section that shows that radius is loading the IP pool:

############
Module: Loaded IPPOOL
 ippool: session-db = "/etc/raddb/db.ippool"
 ippool: ip-index = "/etc/raddb/db.ipindex"
 ippool: range-start = 85.92.168.1 IP address [85.92.168.1]
 ippool: range-stop = 85.92.168.254 IP address [85.92.168.254]
 ippool: netmask = 255.255.255.0 IP address [255.255.255.0]
 ippool: cache-size = 800
 ippool: override = no
 ippool: maximum-timeout = 0
Module: Instantiated ippool (main_pool)
#############



This is the users entry:

############
DEFAULT Realm == "dsl.realm.co.uk", Pool-Name := "main_ip_realm1"
############

And here is the debug from a user using the realm logging in:

###########

rad_recv: Access-Request packet from host 192.168.1.88:1645, id=245,
length=127
        Framed-Protocol = PPP
        User-Name = "user at dsl.realm.co.uk"
        CHAP-Password = 0xb2cd36a39f414e084ae6ab6da5719886f7
        NAS-Port-Type = Virtual
        NAS-Port = 2548
        NAS-Port-Id = "Uniq-Sess-ID2548"
        Connect-Info = "4522000/1000"
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.1.88
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
  modcall[authorize]: module "preprocess" returns ok for request 14
  rlm_chap: Setting 'Auth-Type := CHAP'
  modcall[authorize]: module "chap" returns ok for request 14
  modcall[authorize]: module "mschap" returns noop for request 14
    rlm_realm: Looking up realm "dsl.realm.co.uk" for User-Name =
"user at dsl.realm.co.uk"
    rlm_realm: Found realm "dsl.realm.co.uk"
    rlm_realm: Proxying request from user leekane to realm dsl.realm.co.uk
    rlm_realm: Adding Realm = "dsl.realm.co.uk"
    rlm_realm: Preparing to proxy authentication request to realm
"dsl.realm.co.uk"
  modcall[authorize]: module "suffix" returns updated for request 14
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 14
    users: Matched DEFAULT at 1
  modcall[authorize]: module "files" returns ok for request 14
radius_xlat:  'user at dsl.realm.co.uk'
rlm_sql (sql): sql_set_user escaped user --> 'user at dsl.realm.co.uk'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'user at dsl.realm.co.uk' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 21
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'user at dsl.realm.co.uk' ORDER BY id
rlm_sql (sql): User user at dsl.realm.co.uk not found in radcheck
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user at dsl.realm.co.uk' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query:  SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user at dsl.realm.co.uk' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = 'user at dsl.realm.co.uk' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query:  SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = 'user at dsl.realm.co.uk' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): User user at dsl.realm.co.uk not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 21
  modcall[authorize]: module "sql" returns notfound for request 14
modcall: group authorize returns updated for request 14
  Processing the pre-proxy section of radiusd.conf
modcall: entering group pre-proxy for request 14
radius_xlat:
'/var/log/radius/radacct/192.168.1.88/pre-proxy-detail-20080211'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d expands
to /var/log/radius/radacct/192.168.1.88/pre-proxy-detail-20080211
  modcall[pre-proxy]: module "pre_proxy_log" returns ok for request 14
modcall: group pre-proxy returns ok for request 14
Sending Access-Request of id 1 to 88.20.106.18:1645
        Framed-Protocol = PPP
        User-Name = "user at dsl.realm.co.uk"
        CHAP-Password = 0xb2cd36a39f414e084ae6ab6da5719886f7
        NAS-Port-Type = Virtual
        NAS-Port = 2548
        NAS-Port-Id = "Uniq-Sess-ID2548"
        Connect-Info = "4522000/1000"
        Service-Type = Framed-User
        NAS-IP-Address = 192.168.1.88
        CHAP-Challenge = 0x0119ec26782b0c7dd878fb54c30f5859
        Proxy-State = 0x323435
Waking up in 5 seconds...
rad_recv: Access-Accept packet from host 88.20.106.18:1645, id=1, length=107
        Class =
0x5342522d434c20444e3d22323032343331222041543d22323030222055533d22222053493d
22323839302200
        Session-Timeout = 0
        Framed-IP-Address = 255.255.255.254
        Framed-IP-Netmask = 255.255.255.255
        Acct-Interim-Interval = 7200
        Framed-Protocol = PPP
        Service-Type = Framed-User
        Proxy-State = 0x323435
  Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 14
radius_xlat:
'/var/log/radius/radacct/192.168.1.88/post-proxy-detail-20080211'
rlm_detail:
/var/log/radius/radacct/%{Client-IP-Address}/post-proxy-detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.1.88/post-proxy-detail-20080211
  modcall[post-proxy]: module "post_proxy_log" returns ok for request 14
modcall: group post-proxy returns ok for request 14
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 14
  modcall[authorize]: module "preprocess" returns ok for request 14
  rlm_chap: WARNING: Auth-Type already set.  Not setting to CHAP
  modcall[authorize]: module "chap" returns noop for request 14
  modcall[authorize]: module "mschap" returns noop for request 14
    rlm_realm: Proxy reply, or no User-Name.  Ignoring.
  modcall[authorize]: module "suffix" returns noop for request 14
  modcall[authorize]: module "eap" returns noop for request 14
    users: Matched DEFAULT at 1
  modcall[authorize]: module "files" returns ok for request 14
radius_xlat:  'user at dsl.realm.co.uk'
rlm_sql (sql): sql_set_user escaped user --> 'user at dsl.realm.co.uk'
radius_xlat:  'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'user at dsl.realm.co.uk' ORDER BY id'
rlm_sql (sql): Reserving sql socket id: 20
rlm_sql_mysql: query:  SELECT id,UserName,Attribute,Value,op FROM radcheck
WHERE Username = 'user at dsl.realm.co.uk' ORDER BY id
rlm_sql (sql): User user at dsl.realm.co.uk not found in radcheck
radius_xlat:  'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user at dsl.realm.co.uk' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
rlm_sql_mysql: query:  SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op  FROM radgroupcheck,usergroup WHERE
usergroup.Username = 'user at dsl.realm.co.uk' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id
radius_xlat:  'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = 'user at dsl.realm.co.uk' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql_mysql: query:  SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op  FROM radgroupreply,usergroup WHERE
usergroup.Username = 'user at dsl.realm.co.uk' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id
rlm_sql (sql): User user at dsl.realm.co.uk not found in radgroupcheck
rlm_sql (sql): User not found
rlm_sql (sql): Released sql socket id: 20
  modcall[authorize]: module "sql" returns notfound for request 14
modcall: group authorize returns ok for request 14
  rad_check_password:  Found Auth-Type
  rad_check_password: Auth-Type = Accept, accepting the user
Login OK: [user at dsl.realm.co.uk/<CHAP-Password>] (from client 7304 port
2548)
Sending Access-Accept of id 245 to 192.168.1.88:1645
        Class =
0x5342522d434c20444e3d22323032343331222041543d22323030222055533d22222053493d
22323839302200
        Session-Timeout = 0
        Framed-IP-Address = 255.255.255.254
        Framed-IP-Netmask = 255.255.255.255
        Acct-Interim-Interval = 7200
        Framed-Protocol = PPP
        Service-Type = Framed-User
Finished request 14
########



Thanks in advance

Tony



-----Original Message-----
From: freeradius-users-bounces+tony=eurisp.co.uk at lists.freeradius.org
[mailto:freeradius-users-bounces+tony=eurisp.co.uk at lists.freeradius.org] On
Behalf Of Alan DeKok
Sent: 09 February 2008 16:06
To: FreeRadius users mailing list
Subject: Re: Different IP Pool per proxied realm

Tony Spencer wrote:
> We are using FreeRADIUS Version 1.0.1

  Why?

  I would suggest upgrading.  The newer versions have a LOT more
features, and make this kind of configuration much easier.

> But when the user logs in they get assigned an IP from the NAS and not
from
> the IP Pool.
> Am I doing something wrong?

  The debug log should explain what the server is sending back.  But if
you're using 1.0.1, I would suggest upgrading before posting the debug log.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html

No virus found in this incoming message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.20.2/1270 - Release Date: 10/02/2008
12:21
 

No virus found in this outgoing message.
Checked by AVG Free Edition. 
Version: 7.5.516 / Virus Database: 269.20.2/1270 - Release Date: 10/02/2008
12:21

More information about the Freeradius-Users mailing list