[RADIATOR] Assigning IP's directly from the Radius server

Mon Feb 7 04:28:45 CST 2011

Heikki, you do understood my problem.
And you confirmed me my suspicions, Framed-* attributes are ONLY for
connections such as PPP or PPPoE.

I wanted to do all this work to have all logs centralized to radius and
to be able tu run radwho.cgi script to see which IP addresses were being
used in real time.

At this moment radwho.cgi is not showing the assigned IP address because
radius doesn't know the IP assigned by the DHCP server. The problem is
that if I want to trace a connection I need to match the MAC address at
the DHCP server and the Radiator server.

Do you think trying to pass the IP using SNMP traps from the AP would
be a good option or is there easier solution?

Thank you for your support

--
Gerard

Al 04/02/11 12:19, En/na Heikki Vatiainen ha escrit:
> On 02/04/2011 09:28 AM, Gerard Alcorlo Bofill wrote:
> 
> Gerard, if I understand correctly, the address allocator works, but you
> have problems getting the wireless AP to accept the IP address you want
> the wireless client to use.
> 
>> *** Sending to 192.168.50.9 port 1645 ....
>> Code:       Access-Accept
>> Identifier: 208
>> Authentic:  L$<158><20>#x<233>V<147>3<204>{<161><22>sj
>> Attributes:
>> 	Framed-IP-Netmask = xxx.xxx.xxx.xxx
>> 	Framed-IP-Address = xxx.xxx.xxx.xxx
>> 	MS-Primary-DNS-Server = xxx.xxx.xxx.xxx
>> 	MS-Secondary-DNS-Server = xxx.xxx.xxx.xxx
>> 	MS-MPPE-Send-Key = blablabla
>> 	MS-MPPE-Recv-Key = blablabla
>> 	EAP-Message = blablabla
>> 	Message-Authenticator = blablabla
> 
> You may want to check the incoming Access-Request to see if there are
> any Framed-* attributes. For example if Framed-Protocol is sent by the
> WLAN AP, it may want to see Framed-Protocol in the response. What it
> does with these attributes should be documented by the vendor.
> 
>>>>> This is the error I'm getting from de AP:
>>>>> 16:27:29.234 GMT: RADIUS/DECODE: EAP-Message fragments, 6, total 6 bytes
>>>>> 16:27:29.241 GMT: RADIUS/ENCODE(0000002A):Orig. component type = DOT11
>>>>> 16:27:29.241 GMT: RADIUS/ENCODE: No idb found! Framed IP Addr might not
>>>>> be included
>>>>>
>>>>> I thought that my NAS (my AP) would send all the attributes to the wifi
>>>>> client but that's not happening.
>>>>>
>>>>> Are this attributes only for PPP connections or is it possible to use
>>>>> them using a wifi AP?
> 
> I would say the Framed-* attributes are for connections such as PPP or
> PPPoE. Have you found out how you can transfer the IP address the WLAN
> AP receives to the Wireless user? It would be interesting to hear if
> there is a method to do that.
> 
> The usual case with WPA-Enterprise is that the authentication completes
> first and the client has then access to the network so it can query the
> DHCP server. I guess this is what you had first place.
> 
> There is one hack that might be possible: configure WPA-Enterprise
> authentication as it is normally done. Configure your DHCP server so
> that it always asks RADIUS for IP addresses. I think this is technically
> possible, but a good questions is does it make any sense :)
> 
> 