Re: [NTISP] Win2000 RRAS & IP assignment

Glen Harvy ( )
Fri, 12 May 2000 09:52:02 +1000

At 11:09 11/05/2000 -0700, you wrote:

The difference between NT4 and NT2000 is that NT2000 requires you to alter
the registry setting rather than ticking a box in NT4.

I agree with you however that this is not a good option.

Exactly how do I assign their IP address in RadiusNT 2.5 . I presume I need
to assign special attributes but being a complete novice in this regard
baffles me.

The Emerald On-Line window shows the user selected IP address. So the IP
address is being passed to RadiusNT.

According to MS Documentation, Framed-IP-Address is not listed in the
Access-Request list. It is recorded in the Access-Accept List as follows:

"The only acceptable values are 0xFFFFFFFF (user selects address) and
0xFFFFFFFE (remote access server selects address). If any other
Framed-IP-Address is received, the call is dropped."

I'm currently only using User-Service and Framed-Protocol for the default
attributes. From your message I presume I could add Framed-IP-Address for
the users that can select their own IP address and use the actual IP
address as the value. Is that correct?

Here's an excerpt form the RadiusNT log for the authentication:

radrecv: Request from host cb3a1978 code=1, id=82, length=125
NAS-Identifier =
User-Service = Framed-User
Framed-Protocol = PPP
NAS-Port = 126
MS-RAS-Vendor = 311
MS-RAS-Version = "MSRASV5.00"
NAS-Port-Type = Async
Connect-Info = "\015\012CONNECT 37333\015\012"
User-Name = "chev59"
Password = "\261:Vw\250\016\341\362\260\346\245\211\201\017\242\227"

SQL Statement: Select DateDiff(Minute, GetDate(), DateAdd(Day,
(ma.Extension+ma.OverDue+1), maExpireDate)), DateDiff(Minute, GetDate(),
DateAdd(Day, sa.Extension+1, saExpireDate)), sa.AccountID, sa.AccountType,
sa.Password, sa.Login, sa.Shell, sa.TimeLeft, ma.Balance, ma.OverLimit From
MasterAccounts ma, SubAccounts sa Where sa.Login='chev59' AND
ma.CustomerID=sa.CustomerID and sa.Active<>0 and ma.Active<>0

Checking for duplicate logins.

SQL Statement: RadCheckOnline 'chev59'

chev59 found on-line 0 time(s).

SQL Statement: RadGetConfigs 453

SQL Statement: RadGetATConfigs 'PPP Unlimited'

Sending Ack of id 82 to cb3a1978 (Hermes)
User-Service = Framed-User
Framed-Protocol = PPP
Resp Time: 190 Auth: 301/33 -> 334 Acct: 483/0/216 -> 699

>Glen Harvy wrote:
>> I have a problem that someone on this list may be able to help me with :-)
>> I have installed a Digiboard with 60 ports on it. I need to allow dialin
>> users to request their own IP address. This was OK in NT 4 but I can't
>> locate that option in 2000.
>> I use RadiusNT 2.5 fine as my authenticator and am concerned that I may
>> have to use MS2000's radius server to do the allocation.
>> Any ideas/suggestions would be welcomed.
>What set of attributes are you returning for the user's authentication?
>>From a RADIUS POV, you should be able to return as the
>Framed-Address to allow them to request thier own IP. However, this is
>really not a good choice, as they can select any IP, which can have
>serious consequences if they select the wrong one (like say they enter
>your DNS server for thier IP address on accident).
>If the user is getting the SAME ip (ie, static), then just assign them
>that IP in their profile. If they ask for a specific IP and its the
>one you assign them, the NAS will give it to them.
>Dale E. Reed Jr. Emerald and RadiusNT/X
>IEA Software, Inc.
>For more information about this list (including removal) go to:
AQUARIUS Communications for all your Internet needs
voice(02)9977-3788 fax(02)9977-3844

For more information about this list (including removal) go to: