Assigning IP address from RADIUS to Cisco PPTP users
up at 3.am
up at 3.am
Tue May 26 17:34:41 CEST 2009
Hi:
I've used Livingston and Cistron radiusd's in the past with dialup ppp
users and Cisco/Lucent NASes and have been able to do this with no
problems.
Users are currently authenticating fine and getting assigned IPs from the
IP pool as defined in the Cisco NAS. However, I'd like to have a few,
select users assigned static IPs from outside that pool, but the Cisco
(2811) is simply ignoring the raddb/users file entry for that user and
assigning an IP from the pool on the NAS.
Here is my Cisco config::
--------------------
aaa new-model
aaa authentication login default local group radius
aaa authentication ppp default group radius local
aaa authorization exec default local
aaa authorization network default if-authenticated
aaa session-id common
vpdn-group 1
accept-dialin
protocol pptp
virtual-template 1
interface Loopback0
ip address 99.99.99.99 255.255.255.255
ip nat inside
ip virtual-reassembly
interface Virtual-Template1
ip unnumbered FastEthernet0/0
ip policy route-map VPN-Client
peer match aaa-pools
peer default ip address pool vpnpool
no keepalive
ppp encrypt mppe auto
ppp authentication pap chap ms-chap ms-chap-v2
!
ip local pool vpnpool 172.16.30.2 172.16.30.254
---------
Here is the raddb/users file entry:
---------
testuser Service-Type == Framed-User
Framed-Protocol == PPP,
Framed-IP-Address = 172.16.1.2,
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP
DEFAULT Framed-Protocol == PPP
Framed-Protocol = PPP,
Framed-Compression = Van-Jacobson-TCP-IP
--------------
The DEFAULT entry allows users in /etc/passwd to authenticate fine, but
"testuser" still gets an IP from the NAS pool instead of the one above..
Any pointers appreciated!
James Smallacombe PlantageNet, Inc. CEO and Janitor
up at 3.am http://3.am
=========================================================================
More information about the Freeradius-Users
mailing list