(RADIATOR) problems with addressallocator
Hugh Irvine
hugh at open.com.au
Thu Nov 8 01:46:12 CST 2001
Hello Nir -
When configured to use a recent version of the ISC DHCP server, you
should use the SubnetSelectionOption in the AddressAllocator DHCP
clause which tells Radiator to send the SubnetSelectionOption in the
DHCP request which indicates to the DHCP server that it should
operate in server-to-server mode. In this mode, the PoolHint must
contain a subnet specification from which the server should allocate
an address. In your case below, the PoolHint should be set to point
to "192.114.206.0", either in an attribute or directly.
There is an example configuration file in
"goodies/addressallocatordhcp.cfg" and you will find the
documentation in section 6.52 of the Radiator 2.19 reference manual
("doc/ref.html").
regards
Hugh
At 13:12 +0200 01/11/8, nir cohen wrote:
>Hi to all
>I installed the radiator and I need 2 realms one get the addresses
>from the router and the second realm get it from dhcp .
>I installed dhcp in a different box and its not working here is my radius.cfg:
># radius.cfg
>LogDir /var/log/radius
>DbDir /etc/radiator
>LogFile /var/log/radius/logfile
>SnmpgetProg /usr/bin/snmpget
># Use a low trace level in production systems. Increase
># it to 4 or 5 for debugging, or use the -trace flag to radiusd
>Trace 5
>
># You will probably want to add other Clients to suit your site,
># one for each NAS you want to work with
><Client localhost>
> StatusServerShowClientDetails
> Secret mysecret
> DupInterval 2
> NasType CiscoVPDN
> SNMPCommunity public
></Client>
>
><SessionDatabase DBM>
> Filename %D/online
></SessionDatabase>
>
><Log FILE>
> Filename /var/log/radius/%Y-radius.log
> LogFormat %1: %1: %2
> Trace 5
></Log>
>
><SNMPAgent>
> ROCommunity public
></SNMPAgent>
>
><AddressAllocator DHCP>
> Identifier 123456
> Host 192.114.206.33
># ServerPort 67
># ClientPort 68
></AddressAllocator>
>
><Realm DEFAULT>
><AuthBy GROUP>
> AuthByPolicy ContinueWhileAccept
> MaxSessions 1
> AcctLogFileName %L/detail
> PasswordLogFileName %L/passwords
> RewriteUsername <mailto:s/^([^@]+).*/$1/>s/^([^@]+).*/$1/
> <AuthBy UNIX>
> Filename /etc/shadow
></AuthBy>
><AuthBy DYNADDRESS>
> Allocator 123456
> </AuthBy>
> </AuthBy>
></Realm>
>
><Realm macam.ac.il>
> RewriteUsername <mailto:s/^([^@]+).*/$1/>s/^([^@]+).*/$1/
> <AuthBy UNIX>
> Filename /etc/shadow
> </AuthBy>
> # Log accounting to a detail file
> MaxSessions 1
> AcctLogFileName %L/detail
> PasswordLogFileName %L/passwords
></Realm>
>---------------------------------------------------------------------------------------------------------
>Here is my dhcp conf
># dhcpd.conf
>#
># Sample configuration file for ISC dhcpd
>#
>
># option definitions common to all supported networks...
>option domain-name "liz.com";
>option domain-name-servers dns1.macam.ac.il, dns2.macam.ac.il;
>option routers 192.114.206.206;
>option subnet-mask 255.255.255.0;
>option broadcast-address 192.114.206.255;
>
>default-lease-time 600;
>max-lease-time 7200;
>
># If this DHCP server is the official DHCP server for the local
># network, the authoritative directive should be uncommented.
>authoritative;
>
># Use this to send dhcp log messages to a different log file (you also
># have to hack syslog.conf to complete the redirection).
>log-facility local7;
>ddns-update-style ad-hoc;
>
># No service will be given on this subnet, but declaring it helps the
># DHCP server to understand the network topology.
>
>subnet 192.114.206.0 netmask 255.255.255.0 {
> range 192.114.206.239 192.114.206.245 ;
>}
>
>------------------------------------------------------------------------------------------------------------------------
>when I run passwtst -user nirc -password 150000 i get in logfile this:
>Packet length = 90
>01 c0 00 5a 31 32 33 34 35 36 37 38 39 30 31 32
>33 34 35 36 01 06 6e 69 72 63 06 06 00 00 00 02
>04 06 cb 3f 9a 01 05 06 00 00 04 d2 1e 0b 31 32
>33 34 35 36 37 38 39 1f 0b 39 38 37 36 35 34 33
>32 31 3d 06 00 00 00 00 02 12 c8 be 6f 9d 9f 6c
>04 f6 bc 38 09 a0 d8 7d 78 99
>Code: Access-Request
>Identifier: 192
>Authentic: 1234567890123456
>Attributes:
> User-Name = "nirc"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password =
>"<200><190>o<157><159>l<4><246><188>8<9><160><216>}x<153
>>"
>
>Fri Nov 9 02:04:13 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>Fri Nov 9 02:04:13 2001: DEBUG: Deleting session for nirc,
>203.63.154.1, 1234
>Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthGROUP
>Fri Nov 9 02:04:13 2001: DEBUG: Rewrote user name to nirc
>Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthUNIX: UNIX
>Fri Nov 9 02:04:13 2001: DEBUG: Radius::AuthUNIX looks for match with nirc
>Fri Nov 9 02:04:13 2001: DEBUG: Radius::AuthUNIX ACCEPT:
>Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
>Fri Nov 9 02:04:13 2001: INFO: Access rejected for nirc: Incorrect
>PoolHint val
>ue
>Fri Nov 9 02:04:13 2001: DEBUG: Packet dump:
>*** Sending to 127.0.0.1 port 1210 ....
>
>Packet length = 36
>03 c0 00 24 ea 7d b5 17 2a bd 5f 73 7a 3c 68 81
>8d c7 34 68 12 10 52 65 71 75 65 73 74 20 44 65
>6e 69 65 64
>Code: Access-Reject
>Identifier: 192
>Authentic: 1234567890123456
>Attributes:
> Reply-Message = "Request Denied"
>
>Fri Nov 9 02:04:13 2001: DEBUG: Packet dump:
>*** Received from 127.0.0.1 port 1210 ....
>
>Packet length = 88
>04 c1 00 58 72 8a 38 08 7e f9 b0 86 04 bb a1 42
>f6 48 b5 c6 01 06 6e 69 72 63 06 06 00 00 00 02
>04 06 cb 3f 9a 01 05 06 00 00 04 d2 3d 06 00 00
>00 00 2c 0a 30 30 30 30 31 32 33 34 28 06 00 00
>00 01 1e 0b 31 32 33 34 35 36 37 38 39 1f 0b 39
>38 37 36 35 34 33 32 31
>Code: Accounting-Request
>Identifier: 193
>Authentic: r<138>8<8>~<249><176><134><4><187><161>B<246>H<181><198>
>Attributes:
> User-Name = "nirc"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> NAS-Port-Type = Async
> Acct-Session-Id = "00001234"
> Acct-Status-Type = Start
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
>
>Fri Nov 9 02:04:13 2001: DEBUG: Handling request with Handler 'Realm=DEFAULT'
>Fri Nov 9 02:04:13 2001: DEBUG: Adding session for nirc, 203.63.154.1, 1234
>Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthGROUP
>Fri Nov 9 02:04:13 2001: DEBUG: Rewrote user name to nirc
>Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthUNIX: UNIX
>Fri Nov 9 02:04:13 2001: DEBUG: Handling with Radius::AuthDYNADDRESS
>Fri Nov 9 02:04:13 2001: DEBUG: Accounting accepted
>Fri Nov 9 02:04:13 2001: DEBUG: Packet dump:
>*** Sending to 127.0.0.1 port 1210 ....
>
>Packet length = 20
>05 c1 00 14 89 73 ec 8b 9e 34 25 68 86 7f 28 d6
>03 76 fb e9
>Code: Accounting-Response
>Identifier: 193
>Authentic: r<138>8<8>~<249><176><134><4><187><161>B<246>H<181><198>
>Attributes:
>
>Fri Nov 9 02:04:13 2001: DEBUG: Packet dump:
>*** Received from 127.0.0.1 port 1210 ....
>
>--------------------------------------------------------------------------------------------------------------------------------------------------
>Is it a problem with request or reply?
>what is missing in this configuration?and how should I fix it?
>
>
>
>
> thanks very much
>
>
>Nir Cohen
>
>Unix System- Mofet Inst
>
>
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20011108/a4bcd39d/attachment.html>
More information about the radiator
mailing list