(RADIATOR) handing out a static IP + netmask

Hugh Irvine hugh at open.com.au
Fri Dec 6 18:41:30 CST 2002 

Hello Tony -

Thanks for sending the trace output.

The Access-Accept that is being sent from Radiator correctly contains 
"Framed-IP-Netmask = 255.255.255.240", therefore the problem would 
appear to be on the NAS not with Radiator.

You will need to do some debugging and/or configuration on the NAS.

In the meantime I would be interested in seeing a packet sniffer trace 
of the ethernet packets from both the Livingston server and Radiator 
(using tcpdump/snoop/ethereal/whatever). Perhaps the Livingston is 
sending some additional and/or different attributes that we can 
identify and add to your Radiator configuration.

BTW - the more usual way to configure multiple reply attributes is to 
put them all in the REPLYATTR field, like this:

	Framed-IP-Address=192.168.1.177, Framed-IP-Netmask=255.255.255.240, 
.....

regards

Hugh


On Saturday, Dec 7, 2002, at 07:28 Australia/Melbourne, 
tony at staff.ark.com wrote:

> Hi all - have searched the mail list archives and cannot find any
> direct references to what we're trying to do, which is:
>
> - hand out a netmask + static IP
>
> We have a few dedicated line clients, assigned small IP ranges, who
> are hosting their own clients behind the IP we assign. Radiator
> handles the static IP no problem, but the netmask (although Radiator
> does parse it from the SQL db) isn't being used by the remote client.
> Previously, these clients were handled successfully with a version
> of Livingston radius - in fact they still are until we get this
> issue resolved.
>
> Hopefully I'm making a minor mistake in the setup that someone could
> point out. I'd appreciate it!
>
>> From radius.cfg:
> <AuthBy SQL>
> AuthSelect select PASSWORD, REPLYATTR, PLAINTEXT, CHECKATTR
> from SUBSCRIBERS where USERNAME='%n'
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, GENERIC, reply
> AuthColumnDef 2, Framed-IP-Address, reply
> AuthColumnDef 3, Framed-IP-Netmask, reply
> -------
>
> Note that PLAINTEXT and CHECKATTR are unused columns in our
> SUBSCRIBERS table - varchar(50) and varchar(200) respectively.
>
> In the level 4 trace that follows, I've modified the IP's
> to protect the innocent ;-) otherwise all is as radiator replies.
> As can be seen, we are trying to give the client a netmask of
> 255.255.255.240, but the client is coming up with 255.255.255.0
>
> Fri Nov 29 11:53:44 2002: DEBUG: Handling with Radius::AuthSQL
> Fri Nov 29 11:53:44 2002: DEBUG: Query is: select PASSWORD, REPLYATTR, 
> PLAINTEXT, CHECKATTR from SUBSCRIBERS where USERNAME='xxxxxx'
>
> Fri Nov 29 11:53:44 2002: DEBUG: Radius::AuthSQL looks for match with 
> xxxxxx
> Fri Nov 29 11:53:44 2002: DEBUG: Radius::AuthSQL ACCEPT:
> Fri Nov 29 11:53:44 2002: DEBUG: Access accepted for xxxxxx
> Fri Nov 29 11:53:44 2002: DEBUG: Packet dump:
> *** Sending to 192.168.1.28 port 1097 ....
> Code:       Access-Accept
> Identifier: 190
> Authentic:  <edited out>
> Attributes:
>         Framed-IP-Address = 192.168.1.177
>         Class = "xxxxxxx.yyy"
>         Framed-IP-Netmask = 255.255.255.240
>
> ---------
>
> Thanks for any help ...
>
>
> -- 
> Best regards,
>
> Tony Hunter
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list