[RADIATOR] Assigning IP's directly from the Radius server

Gerard Alcorlo Bofill galcorlo at cesca.cat
Fri Feb 4 01:28:47 CST 2011 

Hi Michael,

I don't think it's necessary to specify the FindQuery, AllocateQuery and
DeallocateQuery. There is a default query for each one.
I can see how my radius is sending correctly the information stored on
my sqlserver and how the IP addresses are also marked as assigned.

I've deleted all the values from the log because I'm assigning public IP
addresses.

*** Sending to 192.168.50.9 port 1645 ....
Code:       Access-Accept
Identifier: 208
Authentic:  L$<158><20>#x<233>V<147>3<204>{<161><22>sj
Attributes:
	Framed-IP-Netmask = xxx.xxx.xxx.xxx
	Framed-IP-Address = xxx.xxx.xxx.xxx
	MS-Primary-DNS-Server = xxx.xxx.xxx.xxx
	MS-Secondary-DNS-Server = xxx.xxx.xxx.xxx
	MS-MPPE-Send-Key = blablabla
	MS-MPPE-Recv-Key = blablabla
	EAP-Message = blablabla
	Message-Authenticator = blablabla


I can confirm after restarting the service my config doesn't re-mark all
ips as available.

Any other idea?

Thanks Michael

--
Gerard

Al 03/02/11 17:55, En/na Michael ha escrit:
> oh and keep in mind, when you restart radiator, or even maybe reload
> radiator, the AddressPool may re-mark all ips as available, therefore it
> may hand out an IP that is already in use.  Maybe someone else can
> confirm that is correct?
> 
> 
> On 11-02-03 11:53 AM, Michael wrote:
>> I think the AddressPool only populates the sql table with the
>> available ips in that pool.  I guess you're missing a FindQuery
>> definition of an sql query that returns an available ip from the sql db.
>>
>> my example had this:
>>
>>           # sql select statement seems to need the ip address in the
>> 2nd returned column in the results to satisfy '%3' for 'AllocateQuery'.
>>           # this seems to be an undocumented requirement.
>>           #FindQuery select TIME_STAMP, YIADDR, SUBNETMASK, DNSSERVER
>> from RADPOOL where POOL=? and STATE=0 order by TIME_STAMP limit 1
>>           FindQuery select NULL, ip, netmask from ip_pools where
>> pool=? and state=0 order by timestamp limit 1
>>           FindQueryBindVar %0
>>
>> which selects the ip/netmask and the reply IP/netmask must be the
>> 2nd/3rd returned column in the results, and adds this result into
>> Framed-IP-Address and Framed-IP-Netmask to the reply radius packet
>> needed for the nas.
>>
>> And of course, you need an AllocateQuery to mark that IP as used, and
>> DeallocateQuery to mark available again after the stop packet.
>>
>> Michael
>>
>>
>> On 11-02-03 09:47 AM, Gerard Alcorlo Bofill wrote:
>>> Hello,
>>>
>>> thanks Michael for your good explanation. I checked your configuration
>>> with mine and it was similar. Well, I only have one Radius so I don't
>>> use two AddressAllocators like you.
>>>
>>> Heikki, thank you too. Now I understand a little more the difference
>>> between the two different AddressAllocators. I've been experimenting,
>>> but I'm not able to get an ip address from the Radius server and I
>>> allways get the address from the DHCP server. I've based my
>>> configuration with goodies/addressallocator.cfg
>>>
>>>
>>> <AddressAllocator SQL>
>>>      Identifier myallocator
>>>      DBSource dbi:mysql:database_name:127.0.0.1
>>>      DBUsername              user
>>>      DBAuth                  password
>>>      FailureBackoffTime      30
>>>
>>>      DefaultLeasePeriod      86400
>>>      LeaseReclaimInterval    300
>>>
>>>      <AddressPool pool-eduroam>
>>>         Subnetmask   255.255.255.128
>>>         Range        10.0.0.2 10.0.0.127
>>>         DNSServer    8.8.8.8
>>>      </AddressPool>
>>> </AddressAllocator>
>>>
>>>
>>> <Handler TunnelledByTTLS=1, Realm=/(^xaxi$)/i>
>>>      AuthByPolicy ContinueWhileAccept
>>>      <AuthBy SQL>
>>>         DBSource dbi:mysql:database_name:127.0.0.1
>>>         DBUsername      user
>>>         DBAuth          password
>>>         FailureBackoffTime      30
>>>
>>>         AuthSelect      select PASSWORD from SUBSCRIBERS where BINARY
>>> USERNAME=%0
>>>         AuthColumnDef   0, User-Password, check
>>>         AuthColumnDef   1, GENERIC, check
>>>         EAPType MSCHAP-V2, PAP
>>>      </AuthBy>
>>>
>>>      <AuthBy DYNADDRESS>
>>>         AddressAllocator myallocator
>>>         PoolHint pool-eduroam
>>>         AddToReply Framed-Route="10.0.0.0/25  10.0.0.1 1"
>>>         AddToReply MS-Primary-DNS-Server=84.88.0.3,
>>> MS-Secondary-DNS-Server=84.88.0.5
>>>         StripFromReply PoolHint
>>>      </AuthBy>
>>> </Realm>
>>>
>>>
>>>
>>> This is the error I'm getting from de AP:
>>> 16:27:29.234 GMT: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
>>> 16:27:29.241 GMT: RADIUS/ENCODE(0000002A):Orig. component type = DOT11
>>> 16:27:29.241 GMT: RADIUS/ENCODE: No idb found! Framed IP Addr might not
>>> be included
>>>
>>> I thought that my NAS (my AP) would send all the attributes to the wifi
>>> client but that's not happening.
>>>
>>> Are this attributes only for PPP connections or is it possible to use
>>> them using a wifi AP?
>>>
>>> Thanks
>>>
>>> -- 
>>> Gerard
>>>
>>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>

More information about the radiator mailing list