sqlippool and exhausted pool
mirko.alberio at telemar.it
Mon Jul 19 15:30:33 CEST 2021
Ok, thanks: investigating in the NAS: i tried debugging that user with
that has expiry_time on 2021-01-15 20:12:31
I tried disconnecting his PPPOE session, shortly afterward I get this
request in the freeradius/radacct/NASIPADDRESS/ log files
Mon Jul 19 15:25:35 2021
Packet-Type = Access-Request
Service-Type = Framed-User
Framed-Protocol = PPP
NAS-Port = 15923828
NAS-Port-Type = Ethernet
User-Name = "xxxxxxxxx"
Calling-Station-Id = "50:0F:F5:D9:86:80"
Called-Station-Id = "vlan101"
NAS-Port-Id = "vlan101-zzzzzz"
NAS-Identifier = "yyyy"
NAS-IP-Address = 10.255.255.85
Timestamp = 1626701135
And the authentication is fine. But still the expiry_time isn't updated.
I should se another Accounting request below that right?
Amministratore di Sistemi
Via Enrico Fermi, 235 - 36100 Vicenza - Italia
Tel 0444 291302 - Fax 0444 566310 - www.telemar.it <http://www.telemar.it>
Reg. Imp. Di Vicenza /C.F./P.I. 02508710247
Cap. Soc. € 120.000,00 I.V.
Il presente messaggio non costituisce offerta e/o accettazione
Ai sensi del Regolamento europeo per la protezione dei dati personali n.
679/2016 (GDPR) si precisa che le informazioni contenute in questo
messaggio e/o nel/i file/s allegato/i sono riservate ed a uso esclusivo
del destinatario. Qualora il messaggio in parola Le fosse pervenuto per
errore, La invitiamo ad eliminarlo senza copiarlo e a non inoltrarlo a
terzi, dandocene gentilmente comunicazione. Grazie.
Pursuant to General Data Protection Regulation (GDPR), you are hereby
informed that this message contains confidential information intended
only for the use of the addressee. If you are not the addressee, and
have received this message by mistake, please delete it and immediately
notify us. You may not copy or disseminate this message to anyone. Thank
Il 19/07/2021 15:04, Alan DeKok ha scritto:
> On Jul 19, 2021, at 8:55 AM, Alberio Mirko <mirko.alberio at telemar.it> wrote:
>> Hi Alan, thanks for the answer, I have some doubts:
>> The module returns FAIL if it can't assign an IP address.
>> What happens after that depends on your local configuration
>> What do you mean with "depends on your local configuration"?
> The module just returns "fail". Then, the virtual server gets processed as normal. This means any additional unlang rules, or modules, or...
> i.e. whatever is in the virtual server. Which is your local configuration.
>> Which comes from where?
>> That is the point: the customer takes an IP from the pool without allocating the pool. Maybe is something related to the above question? Meaning is there something I miss to "block" a user on sqlippool module FAIL?
> No. If the module returns "fail", then it hasn't assigned an IP.
> Something else is going on. Either the NAS is assigning an IP, or something else is assigning an IP. You need to track down what's going on. Perhaps by checking debug output...
>> And another thing I noticed:
>> we have some expiry_time way back in the past, but the ip is correctly assigned in NAS:
> The IP is in use by the NAS. It is not CORRECTLY assigned in the NAS.
>> What could it be?
> Your NAS is broken.
> If the DB says that the IP is expired, then FreeRADIUS thinks that the IP has expired. And can therefore assign it again.
> However, if the IP is still in use by the NAS, then assigning the IP to another system will cause problems. The NAS SHOULD be sending accounting packets which indicate that the session is still in use, and that the IP is still allocated. If those packets are sent, then FreeRADIUS will update the DB to say that the IP is still in use.
> So what's happening here one of two things:
> 1) your NAS isn't sending accounting update messages
> 2) you've configured FreeRADIUS to not run the sqlippool module when it receives accounting update messages.
> (1) is much more likely than (2).
> Fix the NAS, and the problem will go away.
> Alan DeKok.
More information about the Freeradius-Users