(RADIATOR) AddressAllocator DHCP

Hugh Irvine hugh at open.com.au
Tue Sep 11 19:22:43 CDT 2001


Hello Andreas -

Could you please send me a trace 4 debug from Radiator showing what is 
happening? I would also like to know what hardware/software platform you are 
using and what version of Radiator.

The tcpdump shown below only shows the initial DHCPDISCOVER being sent, with 
no reply coming back. What DHCP server are you using and what version? Also, 
are there any filters between the two machines that might be blocking the 
packets? And what does a debug on the DHCP server show?

thanks

Hugh


On Wednesday 12 September 2001 04:12, Andreas Häggander wrote:
> Hi !
>
> I got a Q about AddressAllocator DHCP.
>
> I want to connect to a Nortel Shasta BSN 5000, with Nortel Extranet Client
> and terminate an IPsex tunnel. For this i need to authenticate the user.
>
> Everything works fine, but im not getting a leased ip-address from the DHCP
> server. The Radiator connects to the DHCP server but can assign an addrsss
> for the user.
>
> If a give the user at statick frame ip address, the IP tunnel is setup.
>
> For more info, see the configs and tcp-dump for DHCP.
> Of course the DHCP server is configured for 10.10.10.0/24
>
> Suggestions ?
>
> Cheers
>
> /Andreas
>
>
> #cat /usr/local/etc/users
> mike at saab.net   User-Password = saab
>                  PoolHint = 10.10.10.12
>
> #cat /usr/local/etc/radius.cfg
>
> AuthPort        1645
> AcctPort        1646
>
> Foreground
> LogStdout
> LogDir          .
> DbDir           .
>
> # User a lower trace level in production systems:
> Trace           4
>
> <Client DEFAULT>
>          Secret  mysecret
>          DupInterval 0
> </Client>
>
> <AddressAllocator DHCP>
>
> Identifier dhcpallocator
>          Host 62.119.0.2
>
>          ServerPort 67
>          ClientPort 68
>
>          SubnetSelectionOption 118
>          #SubnetSelectionOption 211
>
>
> </AddressAllocator>
>
> <Realm DEFAULT>
>
>          AuthByPolicy ContinueWhileAccept
>
>          <AuthBy FILE>
>                Filename  /usr/local/etc/users
>          </AuthBy>
>          # Log accounting to a detail file
>          AcctLogFileName       /usr/local/etc/detail
>
>          <AuthBy DYNADDRESS>
>
>                  Allocator       dhcpallocator
>                  PoolHint        %{Reply:PoolHint}
>                  #MapAttribute   yiaddr, Framed-IP-Address
>                  #MapAttribute   subnetmask, Framed-IP-Netmask
>                  StripFromReply PoolHint
>
>          </AuthBy>
> </Realm>
>
> <Realm utfors.net>
>          # Strip the realm so we can auth with the bare user name
>          # in the users file
>          RewriteUsername s/^([^@]+).*/$1/
>
>          <AuthBy FILE>
>                  Filename /usr/local/etc/users_utfors
>          </AuthFile>
> </Realm>
>
> ETHER:  ----- Ether Header -----
> ETHER:
> ETHER:  Packet 16 arrived at 11:31:21.51
> ETHER:  Packet size = 342 bytes
> ETHER:  Destination = 8:0:20:f0:e2:1e, Sun
> ETHER:  Source      = 0:3:42:6:40:a5,
> ETHER:  Ethertype = 0800 (IP)
> ETHER:
> IP:   ----- IP Header -----
> IP:
> IP:   Version = 4
> IP:   Header length = 20 bytes
> IP:   Type of service = 0x00
> IP:         xxx. .... = 0 (precedence)
> IP:         ...0 .... = normal delay
> IP:         .... 0... = normal throughput
> IP:         .... .0.. = normal reliability
> IP:   Total length = 328 bytes
> IP:   Identification = 23744
> IP:   Flags = 0x4
> IP:         .1.. .... = do not fragment
> IP:         ..0. .... = last fragment
> IP:   Fragment offset = 0 bytes
> IP:   Time to live = 251 seconds/hops
> IP:   Protocol = 17 (UDP)
> IP:   Header checksum = 0f1e
> IP:   Source address = 212.73.0.4, frodo.defero.net
> IP:   Destination address = 62.119.0.2, captive.defero.net
> IP:   No options
> IP:
> UDP:  ----- UDP Header -----
> UDP:
> UDP:  Source port = 67
> UDP:  Destination port = 67 (BOOTPS)
> UDP:  Length = 308
> UDP:  Checksum = 3079
> UDP:
> DHCP: ----- Dynamic Host Configuration Protocol -----
> DHCP:
> DHCP: Hardware address type (htype) =  1 (Ethernet (10Mb))
> DHCP: Hardware address length (hlen) = 6 octets
> DHCP: Relay agent hops = 1
> DHCP: Transaction ID = 0x4
> DHCP: Time since boot = 0 seconds
> DHCP: Flags = 0x0000
> DHCP: Client address (ciaddr) = 0.0.0.0
> DHCP: Your client address (yiaddr) = 0.0.0.0
> DHCP: Next server address (siaddr) = 0.0.0.0
> DHCP: Relay agent address (giaddr) = 212.73.0.4
> DHCP: Client hardware address (chaddr) = 0F:FF:00:00:00:04
> DHCP:
> DHCP: ----- (Options) field options -----
> DHCP:
> DHCP: Message type = DHCPDISCOVER
> DHCP: Client Identifier =       0x006D696B6540736161622E6E6574
> (unprintable) DHCP: IP Address Lease Time = 86400 seconds
> DHCP:   Value = 0x0A0A0A7F (unprintable)
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list