Affect Static IP by Freeradius/ASA5510

Phibee Network Operation Center noc at phibee.net
Wed Feb 4 15:58:32 CET 2009 

Hi

Sorry to restart the same subject, but actually i am search .. i am 
search ....
but i don't see any solution ...


I use:
    FreeRadius with a Perl Script
    A Cisco ASA5510 IOS 8.0


In debug i have:


When a user don't have IP, use "Pool" :

==============================================================

rad_recv: Access-Request packet from host 10.218.7.243:1025, id=31, 
length=166
    User-Name = "vpn001 at xx.fr"
    User-Password = "XXX"
    NAS-Port = 1658880
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Called-Station-Id = "62.XX.XX.XX"
    Calling-Station-Id = "88.XX.XX.XX"
    NAS-Port-Type = Virtual
    Tunnel-Client-Endpoint:0 = "88.XX.XX.XX"
    NAS-IP-Address = 10.218.7.243
    Cisco-AVPair = "ip:source-ip=88.XX.XX.XXy\223"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: Looking up realm "xx.fr" for User-Name = "vpn001 at xx.fr"
    rlm_realm: No such realm "xx.fr"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
    users: Matched entry DEFAULT at line 154
    users: Matched entry DEFAULT at line 173
    users: Matched entry DEFAULT at line 185
  modcall[authorize]: module "files" returns ok for request 0
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
  modcall[authorize]: module "perl" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
  rad_check_password:  Found Auth-Type Perl
auth: type "Perl"
  Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 0
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 255.255.255.254
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
  modcall[authenticate]: module "perl" returns ok for request 0
modcall: leaving group Perl (returns ok) for request 0
Login OK: [vpn001 at xx.fr/XXX] (from client 10.218.7.243 port 1658880 cli 
88.XX.XX.XX)
Sending Access-Accept of id 31 to 10.218.7.243 port 1025
    Framed-IP-Address = 255.255.255.254
    Framed-MTU = 576
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Framed-Compression = Van-Jacobson-TCP-IP
    h323-credit-amount = "100"
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 31 with timestamp 4989aa4d
Nothing to do.  Sleeping until we see a request.
================================================

No problems, the user connect and have a IP of the Pool


When i use a user with static IP:
================================================
rad_recv: Access-Request packet from host 10.218.7.243:1025, id=32, 
length=166
    User-Name = "vpn006 at xx.fr"
    User-Password = "XXX"
    NAS-Port = 1662976
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Called-Station-Id = "62.23.17.71"
    Calling-Station-Id = "88.XX.XX.XX"
    NAS-Port-Type = Virtual
    Tunnel-Client-Endpoint:0 = "88.XX.XX.XX"
    NAS-IP-Address = 10.218.7.243
    Cisco-AVPair = "ip:source-ip=88.XX.XX.XXy\223"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: Looking up realm "xx.fr" for User-Name = "vpn006 at xx.fr"
    rlm_realm: No such realm "xx.fr"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 1
    users: Matched entry DEFAULT at line 154
    users: Matched entry DEFAULT at line 173
    users: Matched entry DEFAULT at line 185
  modcall[authorize]: module "files" returns ok for request 1
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 10.218.3.41
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
  modcall[authorize]: module "perl" returns ok for request 1
modcall: leaving group authorize (returns ok) for request 1
  rad_check_password:  Found Auth-Type Perl
auth: type "Perl"
  Processing the authenticate section of radiusd.conf
modcall: entering group Perl for request 1
Using perl at 0x8149a00
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair h323-credit-amount = 100
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Framed-IP-Address = 10.218.3.41
rlm_perl: Added pair Framed-Compression = Van-Jacobson-TCP-IP
rlm_perl: Added pair Framed-MTU = 576
rlm_perl: Added pair Framed-Protocol = PPP
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Auth-Type = Perl
  modcall[authenticate]: module "perl" returns ok for request 1
modcall: leaving group Perl (returns ok) for request 1
Login OK: [vpn006 at xx.fr/XXX] (from client 10.218.7.243 port 1662976 cli 
88.XX.XX.XX)
Sending Access-Accept of id 32 to 10.218.7.243 port 1025
    Framed-IP-Address = 255.255.255.254
    Framed-MTU = 576
    Service-Type = Framed-User
    Framed-Protocol = PPP
    Framed-Compression = Van-Jacobson-TCP-IP
    h323-credit-amount = "100"
Finished request 1
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
--- Walking the entire request list ---
Cleaning up request 1 ID 32 with timestamp 4989aa74
Nothing to do.  Sleeping until we see a request.
=============================================


I see "Framed-IP-Address = 10.218.3.41" but at the end of the logs he have:

"Sending Access-Accept of id 32 to 10.218.7.243 port 1025
    Framed-IP-Address = 255.255.255.254"

Why he sending 255.255.255.254 .....

It's because i use a client type "cisco" ? because my perl script use 
"RLM_MODULE_OK"
at authenticate and accounting ?


Thanks for your help

More information about the Freeradius-Users mailing list