I am currently evaluating Radiator and have configure it to authenticate
with a Zywall USG300 on a static-IP basis.
I am now attempting to move on and integrate the system with a DHCP
server in order to allocate IP addresses to users attached to the USG300
from a pool of addresses. The DHCP server is set up on a separate server
but on the same LAN as the RADIUS server.
Having now edited the config file to add the DHCP request features, I am
getting errors saying that the DHCP server is not responding to DISCOVER
requests, however I find this very odd seeing as the DHCP server will
allocate IP addresses to PC's connected to its network.
My configuration file is as follows:
Foreground
LogStdout
LogDir c:/Program Files/Radiator
DbDir c:/Program Files/Radiator
# This will log at DEBUG level: very verbose # User a lower trace level
in production systems, typically use 3
Trace 4
# You will probably want to add other Clients to suit your site, # one
for each NAS you want to work with. This will work # at least with
radpwtst running on the local machine
<Client DEFAULT>
Secret ********
DupInterval 0
</Client>
<AddressAllocator DHCP>
Identifier dhcpallocator
Host 192.168.107.4
#Local Address 192.168.107.2
#SubnetSelectionOption 118
#SubnetSelectionOption 221
</AddressAllocator>
#Authenticate all realms with this
<Realm DEFAULT>
# Look up user details in a flat file
AuthByPolicy ContinueWhileAccept
<AuthBy FILE>
# %D is replaced by DbDir above
Filename %D/users
</AuthBy>
<AuthBy DYNADDRESS>
AddressAllocator dhcpallocator
PoolHint 255.255.255.240
</AuthBy>
# Log accounting to a detail file. %D is replaced by DbDir above
AcctLogFileName %D/detail
</Realm>
The log output for a request is as follows:
Tue Aug 3 17:05:44 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'
Tue Aug 3 17:05:44 2010: DEBUG: Deleting session for mikem, {IP OF
REQUEST PC HERE}, 1750 Tue Aug 3 17:05:44 2010: DEBUG: Handling with
Radius::AuthFILE:
Tue Aug 3 17:05:44 2010: DEBUG: Radius::AuthFILE looks for match with
mikem [mikem] Tue Aug 3 17:05:44 2010: DEBUG: Radius::AuthFILE ACCEPT:
: mikem [mikem] Tue Aug 3 17:05:44 2010: DEBUG: AuthBy FILE result:
ACCEPT, Tue Aug 3 17:05:44 2010: DEBUG: Handling with
Radius::AuthDYNADDRESS Tue Aug 3 17:05:44 2010: DEBUG: Sending
DHCPDISCOVER to
192.168.107.4:67 with xid 5
Tue Aug 3 17:05:44 2010: DEBUG: AuthBy DYNADDRESS result: IGNORE, Tue
Aug 3 17:06:14 2010: INFO: AddressAllocatorDHCP: No reply from DHCP
server 192.168.107.4 Tue Aug 3 17:06:14 2010: INFO: Access rejected for
mikem: No reply from DHCP server Tue Aug 3 17:06:14 2010: DEBUG: Packet
dump:
*** Sending to {IP OF REQUEST PC HERE} port 2775 ....
Code: Access-Reject
Identifier: 141
Authentic: <6>\<175><233>k<187><26><205>V9<9>*<158><222>/<193>
Attributes:
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Reply-Message = "Request Denied"
I hope you will be able to provide some assistance as to what is going
on here?
Thanks in advance,
Richard Fennah
IDS
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
