Jump to content

freeradius + динамический пул

Zohan
 Share

Recommended Posts

Zohan

Zohan

Posted
Posted (edited)

mpd5.5

freeradius-mysql-1.1.8

 

Есть динамический пул адресов и статический.

Нужно чтобы тем людям у которых не прописан явно адрес статически в radreply(Framed-IP-Address) выдавался адрес из динамического пула.

Вроды бы freeradius такое умеет :)

 

radiusd.conf

ippool main_pool {

      #  range-start,range-stop: The start and end ip
      #  addresses for the ip pool
      range-start = 1**.***.*.1
      range-stop = 1**.**.*.254

      #  netmask: The network mask used for the ip's
      netmask = 255.255.248.0

      #  cache-size: The gdbm cache size for the db
      #  files. Should be equal to the number of ip's
      #  available in the ip pool
      cache-size = 1021

      # session-db: The main db file used to allocate ip's to clients
      session-db = ${raddbdir}/db.ippool

      # ip-index: Helper db index file used in multilink
      ip-index = ${raddbdir}/db.ipindex

      # override: Will this ippool override a Framed-IP-Address already set
      override = no

      # maximum-timeout: If not zero specifies the maximum time in seconds an
      # entry may be active. Default: 0
      maximum-timeout = 0
   }

...

    #  Return an address to the IP Pool when we see a stop record.
    main_pool
#    sqlippool

...

post-auth {
    #  Get an address from the IP Pool.
    main_pool
#    sqlippool

 

В самом начале users добавил:

 

    DEFAULT Pool-Name := main_pool
            Fall-Through = Yes

 

но все равно после авторизацииб radiusd -X:

 

    modcall: entering group post-auth for request 0
    rlm_ippool: Could not find Pool-Name attribute.
      modcall[post-auth]: module "main_pool" returns noop for request 0

 

 

 

Кто делал такое?

Edited by Zohan
ash

ash

Posted
Posted

делал, работает.

 

Видимо у тебя конструкция

DEFAULT Pool-Name := main_pool

Fall-Through = Yes

 

не работает

 

можно указать в табличке в radcheck или radgroupcheck параметр Pool-Name:= main_pool

и все выдается как надо

 

Вообще на сайте радиуса все расписано )

 

 

  • 2 weeks later...
Zohan

Zohan

Posted
  • Author
Posted

Давно нашел проблему, будьте бдительны, в конфиге по-умолчанию не стоит опция читать файл users при авторизации

Необходимо сделать так:

 

authorize{

...

#Read the 'users' file

files

 

...

}

 

  • 5 years later...
yKpon

yKpon

Posted
Posted (edited)

апну тему

 

фрирадиус 2.2.5

 

принцип тот же как у ТС, не выдаётся IP из пула

....
Module: Checking preacct {...} for more modules to load
Module: Linked to module rlm_acct_unique
Module: Instantiating module "acct_unique" from file /etc/freeradius/modules/acct_unique
 acct_unique {
       key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Identifier, NAS-Port"
 }
Module: Checking accounting {...} for more modules to load
Module: Linked to module rlm_ippool
Module: Instantiating module "main_pool" from file /etc/freeradius/modules/ippool
 ippool main_pool {
       session-db = "/etc/freeradius/db.ippool"
       ip-index = "/etc/freeradius/db.ipindex"
       key = "%{NAS-IP-Address} %{NAS-Port}"
       range-start = 10.169.0.1
       range-stop = 10.169.0.254
       netmask = 255.255.255.255
       cache-size = 800
       override = no
       maximum-timeout = 0
 }
Module: Linked to module rlm_attr_filter
Module: Instantiating module "attr_filter.accounting_response" from file /etc/freeradius/modules/attr_filter
 attr_filter attr_filter.accounting_response {
       attrsfile = "/etc/freeradius/attrs.accounting_response"
       key = "%{User-Name}"
       relaxed = no
 }
reading pairlist file /etc/freeradius/attrs.accounting_response
Module: Checking session {...} for more modules to load
Module: Linked to module rlm_radutmp
Module: Instantiating module "radutmp" from file /etc/freeradius/modules/radutmp
 radutmp {
       filename = "/var/log/freeradius/radutmp"
       username = "%{User-Name}"
       case_sensitive = yes
       check_with_nas = yes
       perm = 384
       callerid = yes

 

авторизация должника

Sending Access-Accept of id 96 to 10.1.0.39 port 52625
       Framed-Protocol = PPP
       Framed-Compression = Van-Jacobson-TCP-IP
       Framed-IP-Netmask := 255.255.255.255
       Framed-MTU := 1480
       Mikrotik-Rate-Limit == "3m/3m"
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Accounting-Request packet from host 10.1.0.39 port 38926, id=97, length=151
       Service-Type = Framed-User
       Framed-Protocol = PPP
       NAS-Port = 1362
       NAS-Port-Type = Ethernet
       User-Name = "bit9"
       Calling-Station-Id = "4C:5E:0C:72:F9:F1"
       Called-Station-Id = "service1"
       NAS-Port-Id = "bridge2"
       Acct-Session-Id = "81e002ef"
       Framed-IP-Address = 0.0.0.0
       Acct-Authentic = RADIUS
       Event-Timestamp = "Mar 25 2016 16:57:43 MSK"
       Acct-Status-Type = Start
       NAS-Identifier = "base_bit"
       Acct-Delay-Time = 0
       NAS-IP-Address = 10.1.0.39

 

клиент получает адрес из диапазона 10.168.0.0/16 =))

 

ippool block_pool {
       range-start = 10.169.0.1
       range-stop = 10.169.0.254
       netmask = 255.255.255.255
       cache-size = 800
       session-db = ${db_dir}/db.ippool
       ip-index = ${db_dir}/db.ipindex
       override = no
       maximum-timeout = 0
}

Edited by yKpon

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...
На сайте используются файлы cookie и сервисы аналитики для корректной работы форума и улучшения качества обслуживания. Продолжая использовать сайт, вы соглашаетесь с использованием файлов cookie и с Политикой конфиденциальности.