"Brent Wilkinson" <br...@air2data.com> writes: > I unfortunately have a large amount of hotspots that are behind dynamic > ip's. We have tried to get as many of them onto statics as possible but are > having issues with that. After having read through a few dozen different > threads and readmes does freeradius have something that has been put into > place to address this?( I assume the answer is no or I glazed over while > reading and missed the answer) . > > > > If there is no built in feature is there a best practice for this?
If you can get the hotspots to report back to you whenever they change their address, then you can put something together by using the dynamic-clients feature. raddb/sites-available/dynamic-clients contains some documentation. You could e.g. combine that with letting the hotspots update their own clients entry in a database when their address changes, of course over a channel you see as secure enough, e.g https, ldaps or mysql over ssl. The advantage compared to the "ip range client" solution is that you get to keep unique shortnames and secrets per hotspot. But I don't want to estimate any security gain, since you must allow the clients to update their own client entry. If one of hotspots is insecure, then the whole network will be insecure. Bjørn - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html