Igor Smitran wrote:
> What would need to be done in dhcp setup in order to have
> radusergroup/radcheck/radreply/radacct-alike behavior?
Phil's response is good.
> I am trying to make it work with cable equipment (CM,MTA,CPE) but i am
> not sure how to start. CM and MTA would have static IP addresses (sql
> prefered because of additional replies: boot-file,dns,gateway etc.) and
> CPE's would have dynamic IP address assigned.
This gets into policies (if/then/else), which are complicated.
My suggestion is to split the problem into pieces. The first piece is
to identify which "group" a device belongs to. This can be done by
looking at information in the packet. Or, it can be done by putting the
MAC addresses into a table, and mapping MAC -> group-name. SQL can be
used here, with a custom schema. The "unlang" code can be used to grab
the group-name based on the MAC:
update control {
my-group-Name = "%{sql: SELECT ...}"
}
You'll have to define My-group-name in raddb/dictionary. See the
comments there for examples.
This step lets you simplify the problem. Instead of applying policies
to 10's of 1000's of devices, you can now apply it to 3-4 groups.
The next step is to apply the per-group policy. Key off of the group
name, and apply group-specific policies.
> I am willing to do some serious tests and get back with results because
> if everything works ok i would switch to freeradius from standard ISC
> dhcpd.
That's the goal. Thanks for the help.
The DHCP code *should* work. But having more documentation, examples,
and real-world tests will help a lot.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
