(RADIATOR) Re: "No PoolHint found. No address will be allocated" using <AddressAllocator DHCP>
Hugh Irvine
hugh at open.com.au
Sun Jul 27 20:50:40 CDT 2003
Hello Francisco -
When using the AddressAllocator DHCP, the PoolHint must be an IP
address that matches what is configured in the DHCP server. You should
also probably use the SubnetSelectionOption with the ISC DHCP server.
See the example in "goodies/addressallocatordhcp.cfg".
regards
Hugh
On Sunday, Jul 27, 2003, at 04:00 Australia/Melbourne, fcontreiras
wrote:
> Hi,
>
> I'm still trying to assign and Framed-IP-Adress. I stoped using the
> FramedGroup because the manual advise to do use the <AuthBy
> DYNADDRESS>.
>
> I'm using the DHCPD deamon on 10000 port and Radiator configured to
> use it to deliver the IP.
>
> I don't know what to do with the POOL HINT part, I have just one pool
> configured in dhcpd.conf.
>
> I always the message "No PoolHint found. No address will be allocated"
> and my suplicant is unable to get a valid IP, netmask, gateway, dns,
> etc.
>
> What do I have to do?
>
> My final objective is to have the suplicant IP in the accounting file
> to add this IP to IPTALBES with a hook file.
>
> INCLUDE: dhcpd.conf / users file / radius.cfg / logfile
>
> ############# dhcpd.conf ##########
> # defalt-lease-time 86400;
> # max-lease-time 604800;
> option subnet-mask 255.255.255.0;
> option broadcast-address 192.168.0.255;
> option routers 192.168.0.254;
> option domain-name-servers 193.136.222.1, 193.136.132.2;
> option domain-name "lx.it.pt";
> ddns-update-style ad-hoc;
> subnet 192.168.0.0 netmask 255.255.255.0 {
> range 192.168.0.10 192.168.0.50;
> default-lease-time 86400;
> max-lease-time 604800;
> }
> host ap {
> hardware ethernet 00:0b:be:4c:e3:66;
> fixed-address 192.168.0.1;
> }
> ############################################3
>
> ########### users files ##########################
> testUser at ist.utl.pt User-Password = "******"
> ###################################
>
> ########### radius.cfg ###########################3
> AuthPort 1812
> AcctPort 1813
> LogDir /var/log/radius
> DbDir /etc/radius
> DictionaryFile %D/dictionary,%D/dictionary.ascend
> PidFile /var/run/radiusd.pid
> Trace 4
> <Client DEFAULT>
> Secret *********
> DupInterval 0
> </Client>
> <AddressAllocator DHCP>
> Identifier DHCPallocator
> Host 192.168.0.254
> Port 10000
> DefaultLease 86400
> </AddressAllocator>
> #Pedidos "internos", vindos de um tu'nel PEAP
> <Handler TunnelledByPEAP=1>
> <AuthBy FILE>
> Filename /etc/radius/users
> EAPType MSCHAP-V2
> </AuthBy>
> </Handler>
> #Pedidos internos enviados por tu'nel TTLS
> <Handler TunnelledByTTLS=1>
> <AuthBy FILE>
> Filename /etc/radius/users
> EAPType PAP
> # TLS requere a config abaixo
> EAPTLS_CAFile
> /etc/radius/cert/demoCA/cacert.pem
> EAPTLS_CertificateFile /etc/radius/cert/cert-srv.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile /etc/radius/cert/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
> </AuthBy>
> </Handler>
> <Handler Realm = ist.utl.pt>
> MaxSessions 1
> AuthByPolicy ContinueWhileAccept
> <AuthBy FILE>
> Filename /etc/radius/users
> #Para
> ja' permite PEAP, TTLS
> #
> adicionar outras variantes de EAP aqui
> EAPType PEAP, TTLS
>
> #mkcertificate.sh, em goodies/
> EAPTLS_CAFile
> /etc/radius/cert/demoCA/cacert.pem
> EAPTLS_CertificateFile
> /etc/radius/cert/cert-srv.pem
> EAPTLS_CertificateType PEM
> EAPTLS_PrivateKeyFile
> /etc/radius/cert/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
> EAPTLS_MaxFragmentSize 1024
> AutoMPPEKeys
> SSLeayTrace 4
> # FramedGroup 0
> </AuthBy>
> <AuthBy DYNADDRESS>
> AddressAllocator DHCPallocator
> PoolHint %{Reply:PoolHint}
> MapAttribute yiaddr, Framed-IP-Address
> MapAttribute subnetmask, Framed-IP-Netmask
> StripFromReply PoolHint
> </AuthBy>
> AcctLogFileFormat %{Framed-IP-Address} %d/%v-%H:%M
> %{User-Name} %C %{Timestamp} %{Acct-Session-Id} %{Acct-Status-Type}
> %{Ac
> AcctLogFileName %L/accounting-%v-%y
> </Handler>
> #proxies other requests
> #Handler abaixo trata redireccionamento de pedidos
> #os dados apresentados *sao* os reais
> #tem de estar no radius local, para haver redireccionamento
> <Handler>
> <AuthBy RADIUS>
> Host **********.pt
> #cliente e servidor
> tem de partilhar o secret
> #para testes, vamos
> usar para qualquer cliente externo
> Secret **********
> AuthPort 1812
> AcctPort 1813
> RetryTimeout 5
> Retries 3
> </AuthBy>
> AcctLogFileName %L/accounting_proxy-%v-%y
> </Handler>
>
> ##############################333
>
> ############### log ###########################
> ......
> *** Received from 192.168.0.1 port 1645 ....
> Code: Access-Request
> Identifier: 147
> Authentic: i<127><242><211><0>IxU<29>E<180><204>h<212>v<25>
> Attributes:
> User-Name = "testUser at ist.utl.pt"
> Framed-MTU = 1400
> Called-Station-Id = "0002.8a21.9173"
> Calling-Station-Id = "000b.fd60.56c9"
> Message-Authenticator =
> <139>t<151><226><159>7<154><19><7>x<190>V\<251><13>R
> EAP-Message =
> <2><10><0>&<25><0><23><3><1><0><27><19><15>'<143><167>h!<166>~<159><211
> >e'<162><228><11><17><169><25> "<221><173>#q<245>,
> NAS-Port-Type = Virtual
> NAS-Port = 446
> NAS-IP-Address = 192.168.0.1
> NAS-Identifier = "ap8021x"
> Sat Jul 26 19:49:22 2003: DEBUG: Handling request with Handler 'Realm
> = ist.utl.pt'
> Sat Jul 26 19:49:22 2003: DEBUG: Deleting session for
> testUser at ist.utl.pt, 192.168.0.1, 446
> Sat Jul 26 19:49:22 2003: DEBUG: Handling with Radius::AuthFILE:
> Sat Jul 26 19:49:22 2003: DEBUG: Handling with EAP: code 2, 10, 38
> Sat Jul 26 19:49:22 2003: DEBUG: Response type 25
> Sat Jul 26 19:49:22 2003: DEBUG: Handling with Radius::AuthDYNADDRESS
> Sat Jul 26 19:49:22 2003: DEBUG: No PoolHint found. No address will be
> allocated
> Sat Jul 26 19:49:22 2003: DEBUG: Access accepted for
> testUser at ist.utl.pt
> Sat Jul 26 19:49:22 2003: DEBUG: Packet dump:
> *** Sending to 192.168.0.1 port 1645 ....
> Code: Access-Accept
> Identifier: 147
> Authentic: i<127><242><211><0>IxU<29>E<180><204>h<212>v<25>
> Attributes:
> MS-MPPE-Send-Key =
> "<137>6`6<174><27><197><189><146>w)<250>m<137><249><188>1<184>Q:<2>~)e<
> 217><162><164><194>5<26>=<187>3QZ<231><187><253>,<149><236><211><23><21
> 1><151><212>eNS%"
> MS-MPPE-Recv-Key =
> "<215>bc<130>n<223>%<15>D<141><232>x8<249><147><179><247>6<241>/
> <149><138>H<159>k^<186><145><245><181>lj<190><1>)<191>P<179><130>LK<218
> ><23><234><213><138><152>1<244><204>"
> EAP-Message = <3><10><0><4>
> Message-Authenticator =
> <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
> ##############################33
>
> Thank's
> Francisco Contreiras
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list