[RADIATOR] Radiator with Windows Server 2008 DHCP

2010-08-03 Thread Richard Fenner
I am currently evaluating Radiator and have configure it to authenticate
with a Zywall USG300 on a static-IP basis.

 

I am now attempting to move on and integrate the system with a DHCP
server in order to allocate IP addresses to users attached to the USG300
from a pool of addresses. The DHCP server is set up on a separate server
but on the same LAN as the RADIUS server.

 

Having now edited the config file to add the DHCP request features, I am
getting errors saying that the DHCP server is not responding to DISCOVER
requests, however I find this very odd seeing as the DHCP server will
allocate IP addresses to PC's connected to its network.

 

My configuration file is as follows:

 

Foreground

LogStdout

LogDirc:/Program Files/Radiator

DbDir   c:/Program Files/Radiator

 

# This will log at DEBUG level: very verbose # User a lower trace level
in production systems, typically use 3

Trace 4

 

# You will probably want to add other Clients to suit your site, # one
for each NAS you want to work with. This will work # at least with
radpwtst running on the local machine 

 



  Secret  

  DupInterval 0



 



 

Identifier dhcpallocator

 

Host  192.168.107.4

 

#Local Address 192.168.107.2

 

#SubnetSelectionOption 118

#SubnetSelectionOption 221

 



 

 #Authenticate all realms with this



  # Look up user details in a flat file

  AuthByPolicy ContinueWhileAccept

 

 

# %D is replaced by DbDir above

Filename %D/users

  

 

  

 

  AddressAllocator dhcpallocator

  PoolHint 255.255.255.240

 

  

 

  # Log accounting to a detail file. %D is replaced by DbDir above

  AcctLogFileName   %D/detail



 

The log output for a request is as follows:

 

Tue Aug  3 17:05:44 2010: DEBUG: Handling request with Handler
'Realm=DEFAULT'

Tue Aug  3 17:05:44 2010: DEBUG:  Deleting session for mikem, {IP OF
REQUEST PC HERE}, 1750 Tue Aug  3 17:05:44 2010: DEBUG: Handling with
Radius::AuthFILE:

Tue Aug  3 17:05:44 2010: DEBUG: Radius::AuthFILE looks for match with
mikem [mikem] Tue Aug  3 17:05:44 2010: DEBUG: Radius::AuthFILE ACCEPT:
: mikem [mikem] Tue Aug  3 17:05:44 2010: DEBUG: AuthBy FILE result:
ACCEPT, Tue Aug  3 17:05:44 2010: DEBUG: Handling with
Radius::AuthDYNADDRESS Tue Aug  3 17:05:44 2010: DEBUG: Sending
DHCPDISCOVER to

192.168.107.4:67 with xid 5

Tue Aug  3 17:05:44 2010: DEBUG: AuthBy DYNADDRESS result: IGNORE, Tue
Aug  3 17:06:14 2010: INFO: AddressAllocatorDHCP: No reply from DHCP
server 192.168.107.4 Tue Aug  3 17:06:14 2010: INFO: Access rejected for
mikem: No reply from DHCP server Tue Aug  3 17:06:14 2010: DEBUG: Packet
dump:

*** Sending to {IP OF REQUEST PC HERE} port 2775 

Code:   Access-Reject

Identifier: 141

Authentic:  <6>\<175><233>k<187><26><205>V9<9>*<158><222>/<193>

Attributes:

  Service-Type = Framed-User

  Framed-Protocol = PPP

  Framed-IP-Netmask = 255.255.255.255

  Framed-Routing = None

  Framed-MTU = 1500

  Framed-Compression = Van-Jacobson-TCP-IP

  Reply-Message = "Request Denied"

 

 

I hope you will be able to provide some assistance as to what is going
on here?

 

Thanks in advance,

 

Richard Fennah

 

IDS

___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator

Re: [RADIATOR] Radiator with Windows Server 2008 DHCP

2010-08-03 Thread Alan Buxey
Hi,

>   
>   AddressAllocator dhcpallocator
>   PoolHint 255.255.255.240
>   

from the manual:

Note: the PoolHint supplied in the AuthBy DYNADDRESS clause must be a subnet
definition that is understood by the DHCP server for the purposes of address 
allocation


goodies/addressallocatordhcp.cfg  has a nice example config to look at  I 
find
if you are having issues and make no progress just looking at the RADIATOR
debug logs, then look at the other end - see what your DHCP server is bleating
about and check with eg wireshark, tcpdump or snoop, that traffic is going
between the hosts involved!

alan
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator