No subject

Simon Earthrowl searthrowl at eseye.com
Wed Feb 18 11:45:00 CET 2009 

Hi,
I am trying to configure free radius to work with our 28 NASs.
These NASs are split into two groups, at different locations (equal 
split 14-14).
ll NASs report NAS-IP-Address correctly (ie uniquely)
Any device requesting authentication randomly connects to any one of the 
28 NASs.
All devices are unique, and Calling-Station-ID is used to uniquely 
identify every device. There is no possible chance of multiple instances 
connecting
Some devices *may* require require PAP/CHAP -- the default being ignore 
User-Name etc. This is configured on a device by device basis.
Devices may require an alternative configuration using Called-Station-ID
Furthermore, I wish to use MySQL, so that I can add new provisioned 
devices auto-magically, without needing to tell the radius server.
I've a freshly compiled version 2.1.3, running on CentOS 5.3 -- That was 
by far the easiest bit! Many thanks for that.

*Now the problem....*

Each set of NASs requires a different Framed-IP-Address pool eg 
10.0.0.0/24 for site1, and 10.8.0.0/24 for site2 with Called-Station-Id 
= domain.com, and 192.168.110.0/26 for site1, and 192.168.110.128/26 for 
site2 with Called-Station-Id = domain.co.uk
I'm using sqlippool to supply the IP.

*What I've tried.....*

Pool-name : I've set this in huntgroups, hints, clients.conf with no 
success whatsoever.
Pool-Name: In netgroups -- performace was too slow, as I need 28 groups 
per device!
Virtual-Servers: I just don't get these. The README suggests I don't 
need a listen clause, the debug output suggests I do. I'm concerned that 
if I go down this route, I'll end up with slow responses again

*Where I've got to:*

I'm using radcheck table with the Sql-Name set to Calling-Station-ID, 
with Auth-Type := Accept (for the default case), and adding User-Name & 
password checking for specific PAP/CHAP authentication.

*What I need please*

Easiest: A fix, so I can set Pool-Name in clients.conf, or hints, that 
works in sqlippool.
Intermediate: Another strategy that will scale (not 28 groups per device)
Or
Advanced: A far better understanding of where, and how, I can use 
unlang, and be able to calculate Pool-Name within a context such that 
sqlippool will corectly allocate an IP address.

Many thanks in anticipation for help/suggestions being offered

kind regards

Simon

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090218/99bfd962/attachment.html>

More information about the Freeradius-Users mailing list