Igor Smitran wrote: > What would need to be done in dhcp setup in order to have > radusergroup/radcheck/radreply/radacct-alike behavior?
Phil's response is good. > I am trying to make it work with cable equipment (CM,MTA,CPE) but i am > not sure how to start. CM and MTA would have static IP addresses (sql > prefered because of additional replies: boot-file,dns,gateway etc.) and > CPE's would have dynamic IP address assigned. This gets into policies (if/then/else), which are complicated. My suggestion is to split the problem into pieces. The first piece is to identify which "group" a device belongs to. This can be done by looking at information in the packet. Or, it can be done by putting the MAC addresses into a table, and mapping MAC -> group-name. SQL can be used here, with a custom schema. The "unlang" code can be used to grab the group-name based on the MAC: update control { my-group-Name = "%{sql: SELECT ...}" } You'll have to define My-group-name in raddb/dictionary. See the comments there for examples. This step lets you simplify the problem. Instead of applying policies to 10's of 1000's of devices, you can now apply it to 3-4 groups. The next step is to apply the per-group policy. Key off of the group name, and apply group-specific policies. > I am willing to do some serious tests and get back with results because > if everything works ok i would switch to freeradius from standard ISC > dhcpd. That's the goal. Thanks for the help. The DHCP code *should* work. But having more documentation, examples, and real-world tests will help a lot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html