[RADIATOR] Radiator with Windows Server 2008 DHCP
Hugh Irvine
hugh at open.com.au
Wed Aug 4 05:33:09 CDT 2010
Hello Richard -
The PoolHint declaration in the Radiator configuration file refers to an attribute, the value of which you send to the DHCP server.
As described in section 5.43.2 of the manual ("doc/ref.pdf"), the default is "%{Reply:PoolHint}".
Ie. an attribute in the reply called "PoolHint", the value of which is the name of a pool on the DHCP server.
So in your case with the default ("%{Reply:PoolHint}"), you would need a reply attribute for the user called PoolHint with the value set to RADIUS1.
In your AuthBy FILE, the user record would look like this:
# users file
rfenner Password = somepassword
PoolHint = RADIUS1
…..
There are many different variations possible depending on your exact requirements.
regards
Hugh
On 4 Aug 2010, at 20:15, Richard Fenner wrote:
> Hi Hugh,
>
> Thanks for replying.
>
> I have currently got one pool setup on the DHCP server called RADIUS1.
>
> If I change the PoolHint option in the config file to the following
> however as shown in the Reference Manual, the PoolHint is declared as
> incorrect.
>
> PoolHint RADIUS1
>
> As far as the firewall on the DHCP server goes, the logs show that the
> DISCOVER request is allowed through and accepted. Therefore it would
> seem logical (as you have said) that the problem is to do with the
> PoolHint.
>
> I will do some further research into the use of naming pools in Windows.
>
> If you can think of anything else that may be the problem then it would
> be greatly appreciated if you could let me know.
>
> Cheers,
>
> Richard
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: 04 August 2010 10:54
> To: Richard Fenner
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] Radiator with Windows Server 2008 DHCP
>
>
> Hello Richard -
>
> If there is nothing in the DHCP server logs I would suspect a firewall
> problem.
>
> Until the DHCP server actually receives the requests there isn't much it
> can do.
>
> The PoolHint refers to a pool that has been defined on the DHCP server.
>
> See section 5.43.2 in the Radiator 4.6 reference manual ("doc/ref.pdf").
>
> As the DHCP server can deal with multiple pools, the PoolHint tells the
> DHCP server which pool to allocate from.
>
> You will need to check your DHCP server documentation for how to
> configure and name the IP address pools it manages.
>
> regards
>
> Hugh
>
>
> On 4 Aug 2010, at 19:15, Richard Fenner wrote:
>
>> Hi Hugh,
>>
>> Looking at the DHCP server logs, there is no mention of any DISCOVER
>> requests ever being received which is slightly worrying.
>>
>> I currently have a Superscope set-up on the DHCP server using subnet
>> 255.255.255.240.
>>
>> There are two scopes under this: 192.168.107.10-14 and
> 192.168.107.15-26
>>
>> What exactly should I be using as the PoolHint for this?
>>
>> I am attempting to authenticate devices connected to a firewall and at
>> the same time allocate them an IP address.
>>
>> Hope you can help.
>>
>> Cheers,
>>
>> Richard
>>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: 04 August 2010 09:57
>> To: Richard Fenner
>> Cc: Alan Buxey; radiator at open.com.au
>> Subject: Re: [RADIATOR] Radiator with Windows Server 2008 DHCP
>>
>>
>> Hello Richard -
>>
>> Yes correct - Radiator is sending a DHCP request, but the DHCP server
> is
>> not responding, presumably because it doesn't understand the request.
>>
>> You will need to check the DHCP server log to find out what it thinks
>> the problem is.
>>
>> I am guessing, like Alan, that the problem is the PoolHint you are
>> sending is not matching any address pools defined on the DHCP server.
>>
>> BTW - what exactly are you wanting to do? It is more usual to have
> your
>> NAS equipment set up to allocate IP addresses directly.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 4 Aug 2010, at 18:32, Richard Fenner wrote:
>>
>>> Hi Alan,
>>>
>>> Just run a test using Wireshark on the DHCP end and all I get is the
>>> confirmation of 4 DHCP DISCOVER packets being received by the DHCP
>>> server and then no response. Presumably this means that Radiator is
>>> attempting to make a connection 4 times with each one failing for
> some
>>> reason?
>>>
>>> Cheers,
>>>
>>> Richard
>>>
>>> -----Original Message-----
>>> From: radiator-bounces at open.com.au
>> [mailto:radiator-bounces at open.com.au]
>>> On Behalf Of Richard Fenner
>>> Sent: 04 August 2010 09:16
>>> To: Alan Buxey
>>> Cc: radiator at open.com.au
>>> Subject: Re: [RADIATOR] Radiator with Windows Server 2008 DHCP
>>>
>>> Hi Alan,
>>>
>>> I don't quite follow what you mean regarding the PoolHint?
>>>
>>> Also, I can confirm that the DISCOVER packets are being received at
>> the
>>> DHCP server as they appear in the Windows Firewall logs. Will get
>>> Wireshark out and test where they go from there in a bit.
>>>
>>> Cheers,
>>>
>>> Richard
>>>
>>> -----Original Message-----
>>> From: Alan Buxey [mailto:A.L.M.Buxey at lboro.ac.uk]
>>> Sent: 03 August 2010 18:53
>>> To: Richard Fenner
>>> Cc: radiator at open.com.au
>>> Subject: Re: [RADIATOR] Radiator with Windows Server 2008 DHCP
>>>
>>> Hi,
>>>
>>>> <AuthBy DYNADDRESS>
>>>> AddressAllocator dhcpallocator
>>>> PoolHint 255.255.255.240
>>>> </AuthBy>
>>>
>>> from the manual:
>>>
>>> Note: the PoolHint supplied in the AuthBy DYNADDRESS clause must be a
>>> subnet
>>> definition that is understood by the DHCP server for the purposes of
>>> address allocation
>>>
>>>
>>> goodies/addressallocatordhcp.cfg has a nice example config to look
>>> at.... I find
>>> if you are having issues and make no progress just looking at the
>>> RADIATOR
>>> debug logs, then look at the other end - see what your DHCP server is
>>> bleating
>>> about and check with eg wireshark, tcpdump or snoop, that traffic is
>>> going
>>> between the hosts involved!
>>>
>>> alan
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list