Hi, > I currently have a IPSEC/L2TP setup that uses FreeRadis (for > Active Directory auth). Radius is handing out the IP > addresses to the clients. Is there a way to have it update my > DNS server so it can create reverse-dns entries for them?
Yes it is. In acct_users make a rule that run a custom program at Acct-Start and Acct-Stop time: DEFAULT NAS-IP-Address == A.B.C.D, Acct-Status-Type == Start Exec-Program = "/path/to/dnsupdate/acct-nsupdate.sh" Then your acct-nsupdate.sh can use the "nsupdate" tool to update the DNS server: Note these interresting parameters that are available in the environment: # ACCT_STATUS_TYPE = Start | Stop # FRAMED_IP_ADDRESS = attributed IP address # NAS_PORT # USER_NAME # ACCT_TERMINATE_CAUSE=User-Request (in normal case when Type=Stop) # NAS_IP_ADDRESS These parameters can be used to build the $newhostname, $assignedipaddr and $A, $B, $C, $D decimal octets of the assigne IP addr. For instance adding an IP: nsupdate -k $KEYFILE > /dev/null << EOF server $SERVER zone $ZONE prereq yxdomain $ZONE update delete $newhostname A update add $newhostname $TTL A $assignedipaddr send EOF (This is with secure update, and KEYFILE holds the TSIG key file (man dnssec-keygen)) Then updating reverse DNS: nsupdate -k $KEYFILE > /dev/null << EOF server $SERVER zone $ZONEREV prereq yxdomain $ZONEREV update delete $D.$C.$B.$A.in-addr.arpa. PTR update add $D.$C.$B.$A.in-addr.arpa. $TTL PTR $newhostname send EOF HTH, Thibault - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html