Jump to content
Калькуляторы

freeradius + динамический пул

mpd5.5

freeradius-mysql-1.1.8

 

Есть динамический пул адресов и статический.

Нужно чтобы тем людям у которых не прописан явно адрес статически в radreply(Framed-IP-Address) выдавался адрес из динамического пула.

Вроды бы freeradius такое умеет :)

 

radiusd.conf

ippool main_pool {

      #  range-start,range-stop: The start and end ip
      #  addresses for the ip pool
      range-start = 1**.***.*.1
      range-stop = 1**.**.*.254

      #  netmask: The network mask used for the ip's
      netmask = 255.255.248.0

      #  cache-size: The gdbm cache size for the db
      #  files. Should be equal to the number of ip's
      #  available in the ip pool
      cache-size = 1021

      # session-db: The main db file used to allocate ip's to clients
      session-db = ${raddbdir}/db.ippool

      # ip-index: Helper db index file used in multilink
      ip-index = ${raddbdir}/db.ipindex

      # override: Will this ippool override a Framed-IP-Address already set
      override = no

      # maximum-timeout: If not zero specifies the maximum time in seconds an
      # entry may be active. Default: 0
      maximum-timeout = 0
   }

...

    #  Return an address to the IP Pool when we see a stop record.
    main_pool
#    sqlippool

...

post-auth {
    #  Get an address from the IP Pool.
    main_pool
#    sqlippool

 

В самом начале users добавил:

 

    DEFAULT Pool-Name := main_pool
            Fall-Through = Yes

 

но все равно после авторизацииб radiusd -X:

 

    modcall: entering group post-auth for request 0
    rlm_ippool: Could not find Pool-Name attribute.
      modcall[post-auth]: module "main_pool" returns noop for request 0

 

 

 

Кто делал такое?

Edited by Zohan

Share this post


Link to post
Share on other sites

делал, работает.

 

Видимо у тебя конструкция

DEFAULT Pool-Name := main_pool

Fall-Through = Yes

 

не работает

 

можно указать в табличке в radcheck или radgroupcheck параметр Pool-Name:= main_pool

и все выдается как надо

 

Вообще на сайте радиуса все расписано )

 

 

Share this post


Link to post
Share on other sites

Давно нашел проблему, будьте бдительны, в конфиге по-умолчанию не стоит опция читать файл users при авторизации

Необходимо сделать так:

 

authorize{

...

#Read the 'users' file

files

 

...

}

 

Share this post


Link to post
Share on other sites

апну тему

 

фрирадиус 2.2.5

 

принцип тот же как у ТС, не выдаётся IP из пула

....
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
 acct_unique {
       key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
 }
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_ippool
Module: Instantiating module "main_pool" from file /etc/freeradius/modules/ippool
 ippool main_pool {
       session-db = "/etc/freeradius/db.ippool"
       ip-index = "/etc/freeradius/db.ipindex"
       key = "%{NAS-IP-Address} %{NAS-Port}"
       range-start = 10.169.0.1
       range-stop = 10.169.0.254
       netmask = 255.255.255.255
       cache-size = 800
       override = no
       maximum-timeout = 0
 }
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
 attr_filter attr_filter.accounting_response {
       attrsfile = "/etc/freeradius/attrs.accounting_response"
       key = "%{User-Name}"
       relaxed = no
 }
reading pairlist file /etc/freeradius/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
 radutmp {
       filename = "/var/log/freeradius/radutmp"
       username = "%{User-Name}"
       case_sensitive = yes
       check_with_nas = yes
       perm = 384
       callerid = yes

 

авторизация должника

Sending Access-Accept of id 96 to 10.1.0.39 port 52625
       Framed-Protocol = PPP
       Framed-Compression = Van-Jacobson-TCP-IP
       Framed-IP-Netmask := 255.255.255.255
       Framed-MTU := 1480
       Mikrotik-Rate-Limit == "3m/3m"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.1.0.39 port 38926, id=97, length=151
       Service-Type = Framed-User
       Framed-Protocol = PPP
       NAS-Port = 1362
       NAS-Port-Type = Ethernet
       User-Name = "bit9"
       Calling-Station-Id = "4C:5E:0C:72:F9:F1"
       Called-Station-Id = "service1"
       NAS-Port-Id = "bridge2"
       Acct-Session-Id = "81e002ef"
       Framed-IP-Address = 0.0.0.0
       Acct-Authentic = RADIUS
       Event-Timestamp = "Mar 25 2016 16:57:43 MSK"
       Acct-Status-Type = Start
       NAS-Identifier = "base_bit"
       Acct-Delay-Time = 0
       NAS-IP-Address = 10.1.0.39

 

клиент получает адрес из диапазона 10.168.0.0/16 =))

 

ippool block_pool {
       range-start = 10.169.0.1
       range-stop = 10.169.0.254
       netmask = 255.255.255.255
       cache-size = 800
       session-db = ${db_dir}/db.ippool
       ip-index = ${db_dir}/db.ipindex
       override = no
       maximum-timeout = 0
}

Edited by yKpon

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this