"No PoolHint found. No address will be allocated" using <AddressAllocator DHCP> Date: Sat, 26 Jul 2003 19:00:55 +0100

[fcontreiras]

Hi,

I'm still trying to assign and Framed-IP-Adress. I stoped using the
 FramedGroup because the manual advise to do use the <AuthBy DYNADDRESS>.

I'm using the DHCPD deamon on 10000 port and Radiator configured to use it to
 deliver the IP.

I don't know what to do with the POOL HINT part, I have just one pool
 configured in dhcpd.conf.

I always the message "No PoolHint found. No address will be allocated" and my
 suplicant is unable to get a valid IP, netmask, gateway, dns, etc.

What do I have to do?

My final objective is to have the suplicant IP in the accounting file to add
 this IP to IPTALBES with a hook file.

INCLUDE: dhcpd.conf / users file / radius.cfg / logfile

############# dhcpd.conf ##########
# defalt-lease-time 86400;
# max-lease-time 604800;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.0.255;
option routers 192.168.0.254;
option domain-name-servers 193.136.222.1, 193.136.132.2;
option domain-name "lx.it.pt";
ddns-update-style ad-hoc;
subnet 192.168.0.0 netmask 255.255.255.0 {
        range 192.168.0.10 192.168.0.50;
        default-lease-time 86400;
        max-lease-time 604800;
}
host ap {
        hardware ethernet 00:0b:be:4c:e3:66;
        fixed-address 192.168.0.1;
}
############################################3

########### users files ##########################
testUser at ist.utl.pt User-Password = "******"
###################################

########### radius.cfg ###########################3
AuthPort                1812
AcctPort                1813
LogDir                  /var/log/radius
DbDir                   /etc/radius
DictionaryFile          %D/dictionary,%D/dictionary.ascend
PidFile                 /var/run/radiusd.pid
Trace                   4
<Client DEFAULT>
        Secret *********
        DupInterval 0
</Client>
<AddressAllocator DHCP>
        Identifier DHCPallocator
        Host 192.168.0.254
        Port 10000
        DefaultLease 86400
</AddressAllocator>
#Pedidos "internos", vindos de um tu'nel PEAP
<Handler TunnelledByPEAP=1>
        <AuthBy FILE>
                Filename /etc/radius/users
                EAPType MSCHAP-V2
        </AuthBy>
</Handler>
#Pedidos internos enviados por tu'nel TTLS
<Handler TunnelledByTTLS=1>
        <AuthBy FILE>
                Filename /etc/radius/users
                EAPType PAP
                # TLS requere a config abaixo
                EAPTLS_CAFile             /etc/radius/cert/demoCA/cacert.pem
                EAPTLS_CertificateFile    /etc/radius/cert/cert-srv.pem
                EAPTLS_CertificateType    PEM
                EAPTLS_PrivateKeyFile     /etc/radius/cert/cert-srv.pem
                EAPTLS_PrivateKeyPassword whatever
        </AuthBy>
</Handler>
<Handler Realm = ist.utl.pt>
        MaxSessions  1
        AuthByPolicy ContinueWhileAccept
        <AuthBy FILE>
                Filename                   /etc/radius/users
                                                                #Para ja'
 permite PEAP, TTLS # adicionar outras variantes de EAP aqui EAPType         
           PEAP, TTLS
                                                               
 #mkcertificate.sh, em goodies/ EAPTLS_CAFile             
 /etc/radius/cert/demoCA/cacert.pem EAPTLS_CertificateFile    
 /etc/radius/cert/cert-srv.pem EAPTLS_CertificateType     PEM
                EAPTLS_PrivateKeyFile      /etc/radius/cert/cert-srv.pem
                EAPTLS_PrivateKeyPassword  whatever
                EAPTLS_MaxFragmentSize     1024
                AutoMPPEKeys
                SSLeayTrace                4
#               FramedGroup                0
        </AuthBy>
        <AuthBy DYNADDRESS>
                AddressAllocator DHCPallocator
                PoolHint %{Reply:PoolHint}
                MapAttribute yiaddr, Framed-IP-Address
                MapAttribute subnetmask, Framed-IP-Netmask
                StripFromReply PoolHint
        </AuthBy>
        AcctLogFileFormat %{Framed-IP-Address} %d/%v-%H:%M %{User-Name} %C
 %{Timestamp} %{Acct-Session-Id} %{Acct-Status-Type} %{Ac AcctLogFileName
 %L/accounting-%v-%y
</Handler>
#proxies other requests
#Handler abaixo trata redireccionamento de pedidos
#os dados apresentados *sao* os reais
#tem de estar no radius local, para haver redireccionamento
<Handler>
        <AuthBy RADIUS>
                Host         **********.pt
                                                #cliente e servidor tem de
 partilhar o secret #para testes, vamos usar para qualquer cliente externo
 Secret       **********
                AuthPort     1812
                AcctPort     1813
                RetryTimeout 5
                Retries      3
        </AuthBy>
        AcctLogFileName %L/accounting_proxy-%v-%y
</Handler>

##############################333

############### log ###########################
......
*** Received from 192.168.0.1 port 1645 ....
Code:       Access-Request
Identifier: 147
Authentic:  i<127><242><211><0>IxU<29>E<180><204>h<212>v<25>
Attributes:
        User-Name = "testUser at ist.utl.pt"
        Framed-MTU = 1400
        Called-Station-Id = "0002.8a21.9173"
        Calling-Station-Id = "000b.fd60.56c9"
        Message-Authenticator =
 <139>t<151><226><159>7<154><19><7>x<190>V\<251><13>R EAP-Message =
 <2><10><0>&<25><0><23><3><1><0><27><19><15>'<143><167>h!<166>~<159><211>e'<1
62><228><11><17><169><25> "<221><173>#q<245>, NAS-Port-Type = Virtual
        NAS-Port = 446
        NAS-IP-Address = 192.168.0.1
        NAS-Identifier = "ap8021x"
Sat Jul 26 19:49:22 2003: DEBUG: Handling request with Handler 'Realm =
 ist.utl.pt' Sat Jul 26 19:49:22 2003: DEBUG:  Deleting session for
 testUser at ist.utl.pt, 192.168.0.1, 446 Sat Jul 26 19:49:22 2003: DEBUG:
 Handling with Radius::AuthFILE:
Sat Jul 26 19:49:22 2003: DEBUG: Handling with EAP: code 2, 10, 38
Sat Jul 26 19:49:22 2003: DEBUG: Response type 25
Sat Jul 26 19:49:22 2003: DEBUG: Handling with Radius::AuthDYNADDRESS
Sat Jul 26 19:49:22 2003: DEBUG: No PoolHint found. No address will be
 allocated Sat Jul 26 19:49:22 2003: DEBUG: Access accepted for
 testUser at ist.utl.pt Sat Jul 26 19:49:22 2003: DEBUG: Packet dump:
*** Sending to 192.168.0.1 port 1645 ....
Code:       Access-Accept
Identifier: 147
Authentic:  i<127><242><211><0>IxU<29>E<180><204>h<212>v<25>
Attributes:
        MS-MPPE-Send-Key =
 "<137>6`6<174><27><197><189><146>w)<250>m<137><249><188>1<184>Q:<2>~)e<217><
162><164><194>5<26>=<187>3QZ<231><187><253>,<149><236><211><23><211><151><212
>eNS%" MS-MPPE-Recv-Key =
 "<215>bc<130>n<223>%<15>D<141><232>x8<249><147><179><247>6<241>/<149><138>H<
159>k^<186><145><245><181>lj<190><1>)<191>P<179><130>LK<218><23><234><213><13
8><152>1<244><204>" EAP-Message = <3><10><0><4>
        Message-Authenticator =
 <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
 ##############################33

Thank's
Francisco Contreiras

-------------------------------------------------------

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.