Free Radius configuration problem with 28 NASs

Simon Earthrowl searthrowl at
Wed Feb 18 12:05:01 CET 2009

Sorry should have given this email a title...
Simon Earthrowl wrote:
> Hi,
> I am trying to configure free radius to work with our 28 NASs.
> These NASs are split into two groups, at different locations (equal 
> split 14-14).
> ll NASs report NAS-IP-Address correctly (ie uniquely)
> Any device requesting authentication randomly connects to any one of 
> the 28 NASs.
> All devices are unique, and Calling-Station-ID is used to uniquely 
> identify every device. There is no possible chance of multiple 
> instances connecting
> Some devices *may* require require PAP/CHAP -- the default being 
> ignore User-Name etc. This is configured on a device by device basis.
> Devices may require an alternative configuration using Called-Station-ID
> Furthermore, I wish to use MySQL, so that I can add new provisioned 
> devices auto-magically, without needing to tell the radius server.
> I've a freshly compiled version 2.1.3, running on CentOS 5.3 -- That 
> was by far the easiest bit! Many thanks for that.
> *Now the problem....*
> Each set of NASs requires a different Framed-IP-Address pool eg 
> for site1, and for site2 with 
> Called-Station-Id =, and for site1, and 
> for site2 with Called-Station-Id =
> I'm using sqlippool to supply the IP.
> *What I've tried.....*
> Pool-name : I've set this in huntgroups, hints, clients.conf with no 
> success whatsoever.
> Pool-Name: In netgroups -- performace was too slow, as I need 28 
> groups per device!
> Virtual-Servers: I just don't get these. The README suggests I don't 
> need a listen clause, the debug output suggests I do. I'm concerned 
> that if I go down this route, I'll end up with slow responses again
> *Where I've got to:*
> I'm using radcheck table with the Sql-Name set to Calling-Station-ID, 
> with Auth-Type := Accept (for the default case), and adding User-Name 
> & password checking for specific PAP/CHAP authentication.
> *What I need please*
> Easiest: A fix, so I can set Pool-Name in clients.conf, or hints, that 
> works in sqlippool.
> Intermediate: Another strategy that will scale (not 28 groups per device)
> Or
> Advanced: A far better understanding of where, and how, I can use 
> unlang, and be able to calculate Pool-Name within a context such that 
> sqlippool will corectly allocate an IP address.
> Many thanks in anticipation for help/suggestions being offered
> kind regards
> Simon
> ------------------------------------------------------------------------
> -
> List info/subscribe/unsubscribe? See

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list