IP-Assignment with sqlippool based on nas-ip-address
Sebastian Heil
s3b0 at gmx.de
Mon Feb 2 09:22:51 CET 2009
-------- Original-Nachricht --------
> Datum: Fri, 30 Jan 2009 11:51:20 +0100
> Von: tnt at kalik.net
> An: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
> Betreff: Re: IP-Assignment with sqlippool based on nas-ip-address
> >Now, the "behaviour" of the server changed in the way, that the
> freeradius reserves only one ip-address per user. if the same user logs in again on
> the same nas (without accounting-stop-packet before), the old ip-address is
> freed and the user receives a new one.
> >
>
> That should happen only if IP allocation has expired (see lease-duration
> in sqlippool.conf). There is another allocate-find query that issues
> random IPs.
>
Hmmm, maybe there is another problem in my config. I tried two requests within ten seconds. Attached you'll find the debug. During the second request the first ip-address is freed and can be used again. The lease-duration has the standard value of 3600, so this can't be the reason.
This is the table radippool after the second request:
+-----------+-----------------+--------------+---------------------+----------+----------+
| pool_name | framedipaddress | nasipaddress | expiry_time | username | pool_key |
+-----------+-----------------+--------------+---------------------+----------+----------+
| poolUK | 10.10.10.10 | 10.98.6.95 | 2009-02-02 10:14:32 | peter2 | |
| poolUK | 10.10.10.11 | | 2009-02-02 09:14:31 | | 0 |
+-----------+-----------------+--------------+---------------------+----------+----------+
debug
------------
rad_recv: Access-Request packet from host 10.98.6.95 port 3099, id=194, length=46
User-Name = "peter2"
User-Password = "peter2"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.98.6.95/auth-detail-20090202
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.98.6.95/auth-detail-20090202
[auth_log] expand: %t -> Mon Feb 2 09:13:45 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "peter2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 183
++[files] returns ok
[sql] expand: %{User-Name} -> peter2
[sql] sql_set_user escaped user --> 'peter2'
rlm_sql (sql): Reserving sql socket id: 0
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'peter2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'peter2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'peter2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'peter2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'peter2' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'peter2' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'UK' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'UK' ORDER BY id
[sql] User found in group UK
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'UK' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'UK' ORDER BY id
rlm_sql (sql): Released sql socket id: 0
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "peter2"
[pap] Using clear text password "peter2"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
rlm_sql (sql): Reserving sql socket id: 4
[sqlippool] expand: %{User-Name} -> peter2
[sqlippool] sql_set_user escaped user --> 'peter2'
[sqlippool] expand: START TRANSACTION -> START TRANSACTION
rlm_sql_mysql: query: START TRANSACTION
[sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '%{NAS-Port}' AND nasipaddress = '%{Nas-IP-Address}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '' AND nasipaddress = '10.98.6.95'
rlm_sql_mysql: query: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '' AND nasipaddress = '10.98.6.95'
[sqlippool] expand: SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < NOW() ORDER BY (username <> '%{User-Name}'), (callingstationid <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name = 'poolUK' AND expiry_time < NOW() ORDER BY (username <> 'peter2'), (callingstationid <> ''), expiry_time LIMIT 1 FOR UPDATE
rlm_sql_mysql: query: SELECT framedipaddress FROM radippool WHERE pool_name = 'poolUK' AND expiry_time < NOW() ORDER BY (username <> 'peter2'), (callingstationid <> ''), expiry_time LIMIT 1 FOR UPDATE
[sqlippool] expand: UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.11' -> UPDATE radippool SET nasipaddress = '10.98.6.95', pool_key = '', callingstationid = '', username = 'peter2', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.11'
rlm_sql_mysql: query: UPDATE radippool SET nasipaddress = '10.98.6.95', pool_key = '', callingstationid = '', username = 'peter2', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.11'
[sqlippool] Allocated IP 10.10.10.11 [0b0a0a0a]
[sqlippool] expand: COMMIT -> COMMIT
rlm_sql_mysql: query: COMMIT
rlm_sql (sql): Released sql socket id: 4
[sqlippool] expand: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> Allocated IP: 10.10.10.11 from poolUK (did cli port user peter2)
Allocated IP: 10.10.10.11 from poolUK (did cli port user peter2)
++[sqlippool] returns ok
++[exec] returns noop
Sending Access-Accept of id 194 to 10.98.6.95 port 3099
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.0
Framed-IP-Address = 10.10.10.11
Finished request 2.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 2 ID 194 with timestamp +174
Ready to process requests.
rad_recv: Access-Request packet from host 10.98.6.95 port 3114, id=120, length=46
User-Name = "peter2"
User-Password = "peter2"
+- entering group authorize {...}
++[preprocess] returns ok
[auth_log] expand: /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d -> /var/log/radius/radacct/10.98.6.95/auth-detail-20090202
[auth_log] /var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands to /var/log/radius/radacct/10.98.6.95/auth-detail-20090202
[auth_log] expand: %t -> Mon Feb 2 09:14:32 2009
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "peter2", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry DEFAULT at line 183
++[files] returns ok
[sql] expand: %{User-Name} -> peter2
[sql] sql_set_user escaped user --> 'peter2'
rlm_sql (sql): Reserving sql socket id: 3
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'peter2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'peter2' ORDER BY id
[sql] User found in radcheck table
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'peter2' ORDER BY id
rlm_sql_mysql: query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'peter2' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'peter2' ORDER BY priority
rlm_sql_mysql: query: SELECT groupname FROM radusergroup WHERE username = 'peter2' ORDER BY priority
[sql] expand: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'UK' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, Value, op FROM radgroupcheck WHERE groupname = 'UK' ORDER BY id
[sql] User found in group UK
[sql] expand: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = '%{Sql-Group}' ORDER BY id -> SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'UK' ORDER BY id
rlm_sql_mysql: query: SELECT id, groupname, attribute, value, op FROM radgroupreply WHERE groupname = 'UK' ORDER BY id
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns updated
Found Auth-Type = PAP
+- entering group PAP {...}
[pap] login attempt with password "peter2"
[pap] Using clear text password "peter2"
[pap] User authenticated successfully
++[pap] returns ok
+- entering group post-auth {...}
rlm_sql (sql): Reserving sql socket id: 2
[sqlippool] expand: %{User-Name} -> peter2
[sqlippool] sql_set_user escaped user --> 'peter2'
[sqlippool] expand: START TRANSACTION -> START TRANSACTION
rlm_sql_mysql: query: START TRANSACTION
[sqlippool] expand: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '%{NAS-Port}' AND nasipaddress = '%{Nas-IP-Address}' -> UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '' AND nasipaddress = '10.98.6.95'
rlm_sql_mysql: query: UPDATE radippool SET nasipaddress = '', pool_key = 0, callingstationid = '', username = '', expiry_time = NOW() - INTERVAL 1 SECOND WHERE pool_key = '' AND nasipaddress = '10.98.6.95'
[sqlippool] expand: SELECT framedipaddress FROM radippool WHERE pool_name = '%{control:Pool-Name}' AND expiry_time < NOW() ORDER BY (username <> '%{User-Name}'), (callingstationid <> '%{Calling-Station-Id}'), expiry_time LIMIT 1 FOR UPDATE -> SELECT framedipaddress FROM radippool WHERE pool_name = 'poolUK' AND expiry_time < NOW() ORDER BY (username <> 'peter2'), (callingstationid <> ''), expiry_time LIMIT 1 FOR UPDATE
rlm_sql_mysql: query: SELECT framedipaddress FROM radippool WHERE pool_name = 'poolUK' AND expiry_time < NOW() ORDER BY (username <> 'peter2'), (callingstationid <> ''), expiry_time LIMIT 1 FOR UPDATE
[sqlippool] expand: UPDATE radippool SET nasipaddress = '%{NAS-IP-Address}', pool_key = '%{NAS-Port}', callingstationid = '%{Calling-Station-Id}', username = '%{User-Name}', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.10' -> UPDATE radippool SET nasipaddress = '10.98.6.95', pool_key = '', callingstationid = '', username = 'peter2', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.10'
rlm_sql_mysql: query: UPDATE radippool SET nasipaddress = '10.98.6.95', pool_key = '', callingstationid = '', username = 'peter2', expiry_time = NOW() + INTERVAL 3600 SECOND WHERE framedipaddress = '10.10.10.10'
[sqlippool] Allocated IP 10.10.10.10 [0a0a0a0a]
[sqlippool] expand: COMMIT -> COMMIT
rlm_sql_mysql: query: COMMIT
rlm_sql (sql): Released sql socket id: 2
[sqlippool] expand: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name}) -> Allocated IP: 10.10.10.10 from poolUK (did cli port user peter2)
Allocated IP: 10.10.10.10 from poolUK (did cli port user peter2)
++[sqlippool] returns ok
++[exec] returns noop
Sending Access-Accept of id 120 to 10.98.6.95 port 3114
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.0
Framed-IP-Address = 10.10.10.10
Finished request 3.
Going to the next request
Waking up in 4.9 seconds.
> >Is there a possibility to assign also a specific subnetmask with the
> radippool-table? we have different subnetmasks for the different pools.
> >
>
> If these are PPP connections you should use 255.255.255.255 for all of
> them. That will match any gateway subnet and mask. You coral them with
> firewall.
>
I'm afriad, but this won't work in my environment. I will need a different subnetmask. Is it possible to use radgroupreply for this issue?
Thanks.
--
Jetzt 1 Monat kostenlos! GMX FreeDSL - Telefonanschluss + DSL
für nur 17,95 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a
More information about the Freeradius-Users
mailing list