Framed-IP-Address cant override NAS ip pool
Tevfik Ceydeliler
tevfik.ceydeliler at astron.yasar.com.tr
Thu Jan 28 12:49:47 CET 2010
Hi list,
Still I try to assign statci Ip for my users. And still I can't achive.
I try to use all ways .
Now I try to assign particularIP to my users from pool. But it is not
satisfied.
I read some mail and modify suggested confiuration according to my
tolopogy.
Do I have to add some additional configuration?
P.S. SecOvid is Kobil SecOvid OTP server which IP address is 10.1.1.51,
10.1.2.123 Freeradius Server, 10.65.8.100 ismy laptop with NTRadPing
##Users conf:
Tevfikceydeliler Proxy-To-Realm := SecOvid, Pool-Name :=
"STATICPOOL"
Service-Type := Framed-User,
Framed-Protocol == PPP,
Framed-MTU = 576,
Framed-IP-Address = 172.16.64.120, -----> IP
Address that I want
Framed-IP-Netmask = 255.255.255.255,
Framed-Compression = Van-Jacobson-TCP-IP
##ippool conf:
ippool STATICPOOL {
range-start = 172.30.64.100
range-stop = 172.30.64.150
netmask = 255.255.240.0
cache-size = 51
session-db = ${db_dir}/db.ippool_static
ip-index = ${db_dir}/db.ipindex_static
override = no
maximum-timeout = 0
}
##Freeradius -X output:
rad_recv: Access-Request packet from host 10.65.8.100 port 64616, id=15,
length=56
User-Name = "tevfikceydeliler"
User-Password = "172925283501" --->produce by OTP
+- entering group authorize {...}
++[preprocess] returns ok
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/10.65.8.100/detail-20100122
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.65.8.100/detail-20100122
expand: %t -> Fri Jan 22 21:12:00 2010
++[detail] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] No '@' in User-Name = "tevfikceydeliler", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[eap] No EAP-Message, not doing EAP
++[eap] returns noop
++[unix] returns notfound
[files] users: Matched entry tevfikceydeliler at line 102
++[files] returns ok
++[expiration] returns noop
++[logintime] returns noop
++[pap] returns noop
+- entering group pre-proxy {...}
++[files] returns noop
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/10.65.8.100/detail-20100122
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.65.8.100/detail-20100122
expand: %t -> Fri Jan 22 21:12:00 2010
++[detail] returns ok
Sending Access-Request of id 22 to 10.1.1.51 port 1812
User-Name = "tevfikceydeliler"
User-Password = "172925283501"
NAS-IP-Address = 10.65.8.100
Proxy-State = 0x3135
Proxying request 0 to home server 10.1.1.51 port 1812
Sending Access-Request of id 22 to 10.1.1.51 port 1812
User-Name = "tevfikceydeliler"
User-Password = "172925283501"
NAS-IP-Address = 10.65.8.100
Proxy-State = 0x3135
Going to the next request
Waking up in 0.9 seconds.
rad_recv: Access-Accept packet from host 10.1.1.51 port 1812, id=22,
length=24
Proxy-State = 0x3135
+- entering group post-proxy {...}
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/10.65.8.100/detail-20100122
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.65.8.100/detail-20100122
expand: %t -> Fri Jan 22 21:12:00 2010
++[detail] returns ok
[eap] No pre-existing handler found
++[eap] returns noop
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
++[TESTPOOL] returns noop
expand: %{NAS-IP-Address} %{NAS-Port} -> 10.65.8.100
[STATICPOOL] MD5 on 'key' directive maps to:
b6201c0efddb958ed955eb3c8b0d920a
[STATICPOOL] Searching for an entry for key:
'b6201c0efddb958ed955eb3c8b0d920a'
rlm_ippool: Allocating ip to key: 'b6201c0efddb958ed955eb3c8b0d920a'
[STATICPOOL] num: 1
[STATICPOOL] Allocated ip 172.30.64.144 to client key:
b6201c0efddb958ed955eb3c8b0d920a
++[STATICPOOL] returns ok
expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d ->
/var/log/freeradius/radacct/10.65.8.100/detail-20100122
[detail] /var/log/freeradius/radacct/%{Client-IP-Address}/detail-%Y%m%d
expands to /var/log/freeradius/radacct/10.65.8.100/detail-20100122
expand: %t -> Fri Jan 22 21:12:00 2010
++[detail] returns ok
++[exec] returns noop
Sending Access-Accept of id 15 to 10.65.8.100 port 64616
Framed-IP-Address = 172.30.64.144 ----------->>From pool but not
that I want.
Framed-IP-Netmask = 255.255.240.0
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
Cleaning up request 0 ID 15 with timestamp +25
Ready to process requests.
##radsniff output:
Packet number 1 has just been sniffed
From: 10.65.8.100:64616
To: 10.1.2.123:1812
Type: Access-Request
User-Name = "tevfikceydeliler"
User-Password = "172925283501"
Packet number 2 has just been sniffed
From: 10.1.2.123:1814
To: 10.1.1.51:1812
Type: Access-Request
User-Name = "tevfikceydeliler"
User-Password = "pm_\366%\203\177\003\222\201M-9\267\010'"
NAS-IP-Address = 10.65.8.100
Proxy-State = 0x3135
Packet number 3 has just been sniffed
From: 10.1.1.51:1812
To: 10.1.2.123:1814
Type: Access-Accept
Proxy-State = 0x3135
Packet number 4 has just been sniffed
From: 10.1.2.123:1812
To: 10.65.8.100:64616
Type: Access-Accept
Framed-IP-Address = 172.30.64.144
Framed-IP-Netmask = 255.255.240.0
Best Ragards.
Bu elektronik postada bulunan tum fikir ve gorusler ve ekindeki dosyalar sadece adres sahip/sahiplerine ait olup, Yasar Toplulugu Sirketleri bu mesajin icerigi ile ilgili olarak hic bir hukuksal sorumlulugu kabul etmez. Eger gonderilmesi dusunulen kisi veya kurulus degilseniz, lutfen gonderen kisiyi derhal haberdar ediniz ve mesaji sisteminizden siliniz.The information contained in this e-mail and any files transmitted with it are intended solely for the use of the individual or entity to whom they are addressed and Yasar Group Companies do not accept legal responsibility for the contents. If you are not the intended recipient, please immediately notify the sender and delete it from your system.
More information about the Freeradius-Users
mailing list