При наличии нескольких IP-пулов с одинаковым именем порядок выдачи адресов из них регулируется параметром named_pool_shuffle (см. UTM5 RADIUS: named_pool_shuffle). В более ранних версиях UTM (до 5.2.1-009-update2) поведение системы в этом случае было непредсказуемо.
НО! в /netup/utm5/radius5.cfg данная строка отсутствует
Вопрос Данный функционал реализован?##
## /netup/utm5/radius5.cfg
## UTM5 RADIUS server configuration file
##
## =============================================================================
## MAIN RADIUS SERVER PARAMETERS
## =============================================================================
## core_host
## Description: IP address of a host running the utm5_core
## Possible values: an IP address
## Required field.
core_host=127.0.0.1
## core_port
## Description: UTM5 core listening port. Equal to stream_bind_port parameter
## in utm5.cfg.
## Possible values: an integer from 1 to 65534
## Required field.
core_port=12758
## radius_login
## Description: A system user login to access the UTM5 core.
## Possible values: <string>
## Default value: radius
## radius_password
## Description: A system user password to access the UTM5 core.
## Possible values: <string>
## Default value: radius
## radius_ssl_type
## Description: SSL connection type. If 'none' is set, the connection
## is unencrypted.
## Possible values: tls1, ssl3, none
## Default value: none
#radius_ssl_type=none
## radius_acct_host
## Description: IP address of the host receiving Accounting-Requests.
## Possible values: interface IP address or 0.0.0.0
## Default value: 0.0.0.0
## radius_acct_port
## Description: Port of the host receiving Accounting-Requests.
## Possible values: an integer from 1 to 65534
## Default value: 1813
## radius_auth_host
## Description: IP address of the host receiving Access-Requests.
## Possible values: interface IP address or 0.0.0.0
## Default value: 0.0.0.0
## radius_auth_port
## Description: Port of the host receiving Access-Requests.
## Possible values: an integer from 1 to 65534
## Default value: 1812
## radius_auth_mppe
## Description: Enables MPPE 128 bit key generation used for authorization
## via MS-CHAP-v2 protocol.
## Possible values: enable
## Default value: the keys are not generated
radius_auth_mppe=enable
## radius_auth_vap
## Description: If the value is set, authorization of blocked users, whose
## logins are set in IP traffic service link, is disallowed.
## Possible values: 1
## Default value: authorization is allowed
## radius_ippool_acct_timeout
## Description: A time interval during which the IP address is labeled as
## occupied after sending Access-Accept.
## Possible values: time in seconds
## Default value: 30
## radius_ippool_timeout
## Description: A time interval during which the IP address is labeled as
## occupied after receiving Accounting-Start.
## Possible values: time in seconds
## Default value: The address is labeled as occupied until coming of the
## Stop packet
## radius_auth_null
## Description: If enabled, the RADIUS server authorizes requests without
## User-Password(2) attribute, if the user's password, defined in the
## service link, is empty.
## Possible values: yes, enable
## Default value: authorization without a password is not performed
#radius_auth_null=yes
## radius_auth_h323_remote_address
## Description: If enabled, then telephone calls authentication is performed
## using h323-remote-address(9;23) attribute value, but not using
## User-Name(1) attribute. The attribute value is used as a login.
## Possible values: enable, on, yes
## Default value: replacement of login with h323-remote-address is not
## performed
## radius_nas_port_vpn
## Description: This parameter is checked against NAS-Port-Type(61) attribute
## value when connecting using the login specified in the IP traffic service
## link. Several values can be set.
## Possible values: a positive integer
## Default value: Checking against NAS-Port-Type for the IP traffic service
## link is not performed
## radius_nas_port_dialup
## Description: This parameter is checked against NAS-Port-Type(61) attribute
## value when connecting using the login specified in the Dial-up service
## link. Several values can be set.
## Possible values: a positive integer
## Default value: checking against NAS-Port-Type for the Dial-up service link
## is not performed
## radius_nas_port_tel
## Description: This parameter is checked against NAS-Port-Type(61) attribute
## value when connecting using the login specified in the Telephony service
## link. Several values can be set.
## Possible values: a positive integer
## Default value: checking against NAS-Port-Type for the Telephony service
## link is not performed
## radius_card_autoadd
## Description: If 'yes' is set, the automatic registration of users is
## enabled via the RADIUS server using prepaid cards. In this case in the
## Login field a user enters the card number and in the Password field - the
## PIN code. In case of the Telephony service, in the Login field it is
## entered the PIN code or its first part and the remainder is used as a
## password.
## Possible values: yes, on, enable
## Default value: automatic registration is not performed
radius_card_autoadd=no
## send_xpgk_ep_number
## Description: If this option is enabled, for the Telephony service, when a
## user is being authorized, in Access-Accept it is transmitted the
## Cisco-AVPair(9;1) attribute with the value:
## xpgk-ep-number=<a semicolon separated list of telephone numbers>.
## Possible values: <any>
## Default value: telephone numbers are not transmitted in affirmative replies
## to authorization requests
## send_h323_ivr_in
## Description: If this option is enabled, for the Telephony service, when a
## user is being authorized, in Access-Accept it is transmitted the
## Cisco-AVPair(9;1) attribute with the value: h323-ivr-in=terminal-alias:
## <a semicolon separated list of telephone numbers>.
## Possible values: <any>
## Default value: telephone numbers are not transmitted in affirmative replies
## to authorization requests
## enable_fast_telephony
## Description: This option enables the rapid mechanism for determination of
## directions and zones when rating telephone calls. In this case templates
## for telephone directions must contain the digits from 0 to 9 and the
## symbols: ^ $ + )( |.
## Possible values: enable, yes
## Default value: the default mechanism for determination of zone/direction
## is used
## h323_origin_reject
## Description: Sets zero cost for Accounting-Requests in which the
## h323-call-origin(9;26) attribute equals the value of this parameter.
## Possible values: <string>
## Default value: unset
#h323_origin_reject=originate {answer|callback|etc}
## interim_update_interval
## Description: Enables session control mechanism using Interim-Update
## packets. The value is transmitted in the Acct-Interim-Interval(85)
## attribute of the Access-Accept packet.
## Possible values: time in seconds, more than 61
## Default value: the default session closure control mechanism is used
## radius_default_session_timeout
## Description: A value of the Session-Timeout(27) attribute transmitted in
## Access-Accept for the IP traffic service link.
## Possible values: a positive integer
## Default value: 86400
## radius_callback_avpair_enable
## Description: Enables transmission of the Cisco-AVPair(9;1) attribute with
## the value lcp:callback-dialstring=<callback number>, where
## <callback number> is the part of the login from the beginning to the
## ':'-symbol.
## Possible values: <any>
## Default value: unset
## radius_acct_rewrite_login_answer
## Description: If the value of the h323-call-origin(9;26) attribute is
## 'originate', then setting this parameter enables replacing of the login
## with the value of the h323-remote-address(9;23) attribute when processing
## Accounting-Request packets.
## Possible values: enable, on, true
## Default value: unset
## radius_acct_rewrite_login_originate
## Description: If the value of the h323-call-origin(9;26) attribute is
## 'answer', then setting this parameter enables replacing of the login with
## the value of the h323-remote-address(9;23) attribute when processing
## Accounting-Request packets.
## Possible values: enable, on, true
## Default value: unset
## =============================================================================
## LOGGING (valid if logfile rotation is enabled)
## =============================================================================
## log_level
## Description: Logging level.
## Possible values: 0, 1, 2, 3
## Default value: 1
## log_file_main
## Description: Main logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_main=/netup/utm5/log/radius.log
## log_file_debug
## Description: Debug logfile path.
## Possible values: <filename>
## Default value: STDERR
log_file_debug=/netup/utm5/log/radius.log
## log_file_critical
## Description: Critical logfile path.
## Possible values: <filename>
## Default value: STDERR
## rotate_logs
## Description: Enables rotation of logfiles.
## Possible values: yes, on, enable
## Default value: rotation is disabled
## max_logfile_size
## Description: Maximum logfile size. When logfile size reaches this limit,
## a rotation is performed.
## Possible values: a size in bytes
## Default value: 10485760
## max_logfile_count
## Description: Maximum number of logfiles to retain. Valid if logfile rotation
## is on.
## Default value: not limited
## guest_pool_name
## Description: named IP pool of guest users
## Possible values: pool name
## Authorize unknown users as IP pool users and assign IP address from this pool if it's set
## Default value: not set
## blocked_pool_name
## Description: named IP pool of blocked users
## Possible values: pool name
## Authorize blocked users as IP pool users and assign IP address from this pool if it's set
## Default value: not set
## radius_auth_tel_ext_reg
## Description: process telephony registration request when Called-Station-Id is equal to Called-Station-Id
## if it's set
## Possible values: yes, on, enable
## Default value: disabled
## tls_certificate_path
## Description: path to server certificate file for EAP-TTLS authentication algorithm
## Possible values: <filename>
## Default value: not set
## tls_private_key_path
## Description: path to server private key file for EAP-TTLS authentication algorithm
## Possible values: <filename>
## Default value: not set
## tel_session_timeout
## Description: longest duration of VoIP call
## Possible values: time in seconds
## Default value: 86400
## disconnect_request_timeout
## Description: timeout for PoD response to happen, when session has been dropped manually
## Possible values: time in seconds
## Default value: 5
## incoming_trunk_format
## Description: telephony incoming trunk disposition in format vendor_id:attribute_id:regexp
## Possible values: 2h323-incoming-trunk=([0-9]{7})
## Default value: not used
## outgoing_trunk_format
## Description: telephony outgouing trunk disposition in format vendor_id:attribute_id:regexp
## Possible values: 2:101:h323-outgoing-trunk=([0-9]{7})
## Default value: not used
## pbx_id_format
## Description: tepehhony pbx id disposition in format vendor_id:attribute_id:regexp
## Possible data: 2:102:h323-pbx-id=([0-9]{7})
## Default value: not used
## dac_bind_host
## Description: IP address of the host receiving DAC
## Possible values: interface IP address or 0.0.0.0
## Default value: 0.0.0.0
## override_service_type
## Description: if parameter is set, use SERVICE_TYPE attribute value from request,
## otherwise mark this attribute as FRAMED in response packet
## Possible values: yes, on, enable
## Default value: false
## h323_currency
## Description: returned in attribute 110 of vendor 9 in authorization response packet
## Possible values: ISO 4217 alpha currency codes
## Default value: USD
h323_return_code_positive=no
h323-incoming-trunk=([0-9]{7})