Little "problem" with sqlippool

Antonio Modesto modesto at isimples.com.br
Tue Aug 21 19:20:25 CEST 2012 

I've configured it this way:

        if (Framed-Protocol == PPP) {

                sqlippool
        }

It's working so far, I'll do some more tests.

Thanks a lot.

2012/8/21 Antonio Modesto <modesto at isimples.com.br>

>
>
> 2012/8/21 Phil Mayers <p.mayers at imperial.ac.uk>
>
>> On 21/08/12 16:20, Antonio Modesto wrote:
>>
>>>
>>>
>>> Hi,
>>>
>>> I'm testing sqlippool, so far it's working well, but I'm with a
>>> exception that I haven't thought about it before. We use  radius to
>>> authenticate the clients on wireless access points and with PPPoE, and
>>> now I started using sqlippool to dynamically distribute the IP's and BGP
>>> to announce the routes through the NAS'es. The problem is that radius
>>> allocates a IP for the client when he associates to an access point,
>>> (the wireless authentication is done with the MAC Address as the
>>> UserName and Password) and another IP when he connects on PPPoE, of
>>> course the IP allocated for the MAC is not used, but the record stays on
>>> the radippool table, and cannot be allocated to another user. Is there a
>>> way to do a regex or something like that before selecting a pool for the
>>> client?
>>>
>>
>> sqlippool only runs if you tell it to. So, you need to conditionally run
>> it in post-auth. For example:
>>
>> post-auth {
>>   ...
>>   if (Huntgroup-Name == PPPoE) {
>>     # only allocate an IP on PPPoE
>>     sqlippool
>>   }
>> }
>>
>> Alternatively, use virtual servers and client/listen statements to break
>> the wireless and PPPoE policies out, and just don't use sqlippool in the
>> wireless virtual server.
>>
>>
> Can I test this 'if' statement against a radius attribute, such as
> Service-Type?
>
> Anyway, I had another idea, though it doesn't seem to be the best one. As
> I have two servers and just one is running  radius 2.X with sqlippool, I
> could use one for wireless authentication and another for ppp
> authentication. Bad Idea?
>
>
>
>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
>> list/users.html <http://www.freeradius.org/list/users.html>
>>
>>
>
>
>
>


-- 
Atenciosamente,
*
Antônio Modesto

Gerente de TI*





Praça Getúlio Vargas, 77 – Sala 308 – Centro

Santo Antônio do Monte – MG – CEP: 35560-000
Tel:(37) 3281-2800

Contato: isimples at isimples.com.br
http://www.isimples.com.br


Aviso:Esta mensagem e quaisquer arquivos em anexo podem conter informações
confidenciais e/ou

privilegiadas. Se você não for o destinatário ou a pessoa autorizada a
receber esta mensagem, por favor, não

leia, copie, repasse, imprima, guarde, nem tome qualquer ação baseada
nessas informações. Notifique o

remetente imediatamente por e-mail e apague a mensagem permanentemente.
Atenção: embora a Isimples

Telecom, tome seus cuidados para garantir a ausência de vírus neste e-mail,
a empresa não se responsabiliza

por quaisquer perdas ou danos decorrentes do uso da mensagem e seus anexos.
A segurança e ausência de

erros na transmissão do e-mail não podem ser garantidas, já que as
informações podem ser interceptadas,

corrompidas, perdidas, destruídas, atrasadas, chegarem incompletas, ou,
ainda, conter vírus. Recomendamos

checar se o e-mail e seus anexos contém vírus, uma vez que nem a Isimples
Telecom ou o remetente se

responsabilizam pela transmissão destes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120821/a76c3296/attachment-0001.html>

More information about the Freeradius-Users mailing list