Nikolaos Milas wrote: > Sorry, I don't know really what a "pull request" is, but googling info > makes me think it means I can submit a proposal for schema changes? If > so, I might, after I become a bit acquainted to the DHCP FreeRadius > component (and to DHCP in general).
A "pull request" means submitting patches via github.com. > In the meantime, I've also found that I should be able to set an IP > Address to a host (connecting through our Cisco 2950/2960 switches) when > doing dot1x/MAB authentication (against FreeRadius), using the > "Framed-IP-Address" attribute in the reply (and I've also set > "radius-server attribute 8 include-in-access-req" as Cisco advises here: > http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrdat1.html). That's only for PPP. > I tried it but the NAS doesn't seem to try to push to the authorized > host the IP Address (-yet the host had already a static IP address). > Should the host (Win Vista in this test case) specify "Obtain an IP > Address automatically"? Would this functionality work without using the > FreeRadius Server DHCP component? "Obtain an IP Address automatically" means "use DHCP". > Also, assuming that the authorized (using MAB) host has already a > (manually -or otherwise- preconfigured) static IP address, is there a > way FreeRadius can know which that is, so it can reject the host during > reauth if that IP Address is different than the one specified in the > host's LDAP entry? Only if the NAS does Accounting packets which contain the Framed-IP-Address attribute. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html