Re: Binding FreeRadius to the DHCP Server
"Elie Hani" <[EMAIL PROTECTED]> wrote: > I'm not one of them, but I'm a ccie certificated and it was an insult. You asked the same question. Repeatedly. You ignored every answer, and asked the same question again. And again. Every time someone on this list (including me) tried to help you, you didn't respond to what they said. Instead, you used their answer as a reason to ask the same question again. If you're not going to read the responses on this list, then there's no reason to ask questions here, either. The people here told you it was impossible in the current configuration, and you made it clear that you thought they were lying to you. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Binding FreeRadius to the DHCP Server
Josh Howlett <[EMAIL PROTECTED]> wrote: > I'm sure I've seen at least a couple of other similar DHCP queries in > the last couple of weeks. I wonder how difficult it would be to add a > simple DHCP client to FreeRADIUS? Perl modules exist to do 99% of that work. > OTOH, I think these queries have been in the context of 802.1x in > which case this doesn't help (or else we need an EAP-DHCP :-) No, we need a RADIUS server that does DHCP, too. I don't think it's that hard, especially with the recent 2-octet "type" support for VSA's. i.e. ISC DHCPd is huge, complex, and doesn't support leases in a DB. FreeRADIUS already has a multi-threaded UDP server core with a generic policy engine, that back-ends to multiple DB's. The CVS head already has sql_ippool. It's not hard... really. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Binding FreeRadius to the DHCP Server
Hi Josh, > I'm sure I've seen at least a couple of other similar DHCP queries in > the last couple of weeks. I wonder how difficult it would be to add a > simple DHCP client to FreeRADIUS? Thanks for the on-topic question, I was already fearing a flamewar coming up. I guess if you really want to this, you could use rlm_perl or Exec-Program-Wait, write a script that uses the client's MAC address to generate a fake DHCP query (assumption: the DHCP server or a relay is on the FR server's LAN), listen to the DHCP server's response, encapsulate this answer back into the Framed-IP-Address attribute and that's it (leaving out all the really painful stuff with expiring leases, renewals and whatnot; it would be a non-trivial task). The remaining question really is: Why on earth would you _want_ to do that? rlm_ippool exists and works. Greetings, Stefan -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpo0jm9KYxD8.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Binding FreeRadius to the DHCP Server
On 26 Jul 2006, at 10:27, Stefan Winter wrote: The RADIUS protocol doesn't interact with DHCP. FreeRADIUS doesn't do it. There is no place to configure any such thing. I'm sure I've seen at least a couple of other similar DHCP queries in the last couple of weeks. I wonder how difficult it would be to add a simple DHCP client to FreeRADIUS? OTOH, I think these queries have been in the context of 802.1x in which case this doesn't help (or else we need an EAP-DHCP :-) josh. Josh Howlett, Networking Specialist, University of Bristol. email: [EMAIL PROTECTED] | phone: +44 (0)7867 907076 | internal: 7850 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Binding FreeRadius to the DHCP Server
Thanks Stephan, I really appreciate it. As a matter of fact, if anyone in here has the full knowledge of the Radius, he wouldnt be registered in this list. I'm not one of them, but I'm a ccie certificated and it was an insult. Anyways, thanks again Stephan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stefan Winter Sent: Wednesday, July 26, 2006 11:28 AM To: FreeRadius users mailing list Subject: Re: Binding FreeRadius to the DHCP Server Hi, >> > Thanks Michal,I will try this one, but still one more thing. To for >> > the Freeradius to talk to the DHCP, there's a place where I should >> > configure the DHCP's address. Where should I configure the DHCP >> > address on the radius so the last one will use the DHCP's Ips. >> >> What part of "no there is no way to do that" did you not understand? > Wel Phil, since ur not talking in a profession way, and since you feel > that you are the expert in here, you don't have the right to answer me > like that. If you know how to read, what part of this you did not understand " > Thanks Michal,I will try this one, but still one more thing". > If you were so genius, you would read between the lines and therefore > recognize that this mail is not destined to you. The RADIUS protocol doesn't interact with DHCP. FreeRADIUS doesn't do it. There is no place to configure any such thing. You probably are confused about how stuff works. This was the verbose version of what Phil answered. And to my best knowledge, he is completely right with it. Greetings, Stefan Winter (hoping that I have the right to answer to you, wherever your definition of having the right to answer you comes from) -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Binding FreeRadius to the DHCP Server
Hi, >> > Thanks Michal,I will try this one, but still one more thing. To for >> > the Freeradius to talk to the DHCP, there's a place where I should >> > configure the DHCP's address. Where should I configure the DHCP >> > address on the radius so the last one will use the DHCP's Ips. >> >> What part of "no there is no way to do that" did you not understand? > Wel Phil, since ur not talking in a profession way, and since you feel that > you are the expert in here, you don't have the right to answer me like > that. If you know how to read, what part of this you did not understand " > Thanks Michal,I will try this one, but still one more thing". > If you were so genius, you would read between the lines and therefore > recognize that this mail is not destined to you. The RADIUS protocol doesn't interact with DHCP. FreeRADIUS doesn't do it. There is no place to configure any such thing. You probably are confused about how stuff works. This was the verbose version of what Phil answered. And to my best knowledge, he is completely right with it. Greetings, Stefan Winter (hoping that I have the right to answer to you, wherever your definition of having the right to answer you comes from) -- Stefan WINTER Stiftung RESTENA - Réseau Téléinformatique de l'Education Nationale et de la Recherche Ingenieur Forschung & Entwicklung 6, rue Richard Coudenhove-Kalergi L-1359 Luxembourg E-Mail: [EMAIL PROTECTED] Tel.: +352 424409-1 http://www.restena.lu Fax: +352 422473 pgpOpQoJbIifR.pgp Description: PGP signature - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Binding FreeRadius to the DHCP Server
Wel Phil, since ur not talking in a profession way, and since you feel that you are the expert in here, you don't have the right to answer me like that. If you know how to read, what part of this you did not understand " Thanks Michal,I will try this one, but still one more thing". If you were so genius, you would read between the lines and therefore recognize that this mail is not destined to you. Anyway, I will not low my answers to your level more than that. So cheer up. Regards Elie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Mayers Sent: Wednesday, July 26, 2006 10:46 AM To: FreeRadius users mailing list Subject: Re: Binding FreeRadius to the DHCP Server Elie Hani wrote: > Thanks Michal,I will try this one, but still one more thing. To for > the Freeradius to talk to the DHCP, there's a place where I should > configure the DHCP's address. Where should I configure the DHCP > address on the radius so the last one will use the DHCP's Ips. > What part of "no there is no way to do that" did you not understand? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Binding FreeRadius to the DHCP Server
Elie Hani wrote: Thanks Michal,I will try this one, but still one more thing. To for the Freeradius to talk to the DHCP, there's a place where I should configure the DHCP's address. Where should I configure the DHCP address on the radius so the last one will use the DHCP's Ips. What part of "no there is no way to do that" did you not understand? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Binding FreeRadius to the DHCP Server
Thanks Michal,I will try this one, but still one more thing. To for the
Freeradius to talk to the DHCP, there's a place where I should configure the
DHCP's address. Where should I configure the DHCP address on the radius so
the last one will use the DHCP's Ips.
Thanks
Elie
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Michael J. Hartwick
Sent: Tuesday, July 25, 2006 5:22 PM
To: FreeRadius users mailing list
Subject: RE: Binding FreeRadius to the DHCP Server
On Tue, 25 Jul 2006 at 13:46 (+0200), Elie Hani wrote:
EH> As a matter of fact, for the first login, the users will have an IP
EH> from a certain pool X, once the informations are entered, and after
EH> redialing, the users will get the new IP from the second pool Y.
EH>
EH> All I want to know is if it's possible to bind the radius to a DHCP
EH> server, if yes how it can be done? Otherwise, is there any other
EH> pssible method to configure 2 pools of Ips X and Y and relay it to the
DHCP?
I think you could do this without involving a DHCP server (can a PPP
connection even use DHCP??). Their is a module rlm_ippool which looks like
it would do what you want. I haven't used this since I haven't needed
multiple pools, but it looks like it would work.
In radiusd.conf something like:
ippool fake {
range-start = 192.168.1.1 # I assume you are meaning
range-stop = 192.168.1.254 # RFC1918 space when you
netmask = 255.255.255.0 # say faked.
cache-size = 254
session-db = ${raddbdir}/db.ippool-fake
ip-index = ${raddbdir}/db.ipindex-fake
override = yes
maximum-timeout = 0
}
ippool real {
range-start = 10.10.10.1
range-stop = 10.10.10.254
netmask = 255.255.255.0
cache-size = 254
session-db = ${raddbdir}/db.ippool-real
ip-index = ${raddbdir}/db.ipindex-real
override = no
maximum-timeout = 0
}
And in users something like:
guest User-Password := "guest", Pool-Name := "fake"
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Auth-Type := System, Pool-Name := "real"
Service-Type = Framed-User,
Framed-Protocol = PPP
I have not tested any of this, it may cause Bad Things(tm) to happen, adjust
accordingly to use the correct IP ranges, etc.
#include
Michael
--
Michael J. Hartwick, VE3SLQ [EMAIL PROTECTED]
Hartwick Communications Consulting (519) 396-7719
Kincardine, ON, CA http://www.hartwick.com
--
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Binding FreeRadius to the DHCP Server
On Tue, 25 Jul 2006 at 13:46 (+0200), Elie Hani wrote:
EH> As a matter of fact, for the first login, the users will have an IP from a
EH> certain pool X, once the informations are entered, and after redialing, the
EH> users will get the new IP from the second pool Y.
EH>
EH> All I want to know is if it's possible to bind the radius to a DHCP server,
EH> if yes how it can be done? Otherwise, is there any other pssible method to
EH> configure 2 pools of Ips X and Y and relay it to the DHCP?
I think you could do this without involving a DHCP server (can a PPP
connection even use DHCP??). Their is a module rlm_ippool which looks
like it would do what you want. I haven't used this since I haven't
needed multiple pools, but it looks like it would work.
In radiusd.conf something like:
ippool fake {
range-start = 192.168.1.1 # I assume you are meaning
range-stop = 192.168.1.254 # RFC1918 space when you
netmask = 255.255.255.0 # say faked.
cache-size = 254
session-db = ${raddbdir}/db.ippool-fake
ip-index = ${raddbdir}/db.ipindex-fake
override = yes
maximum-timeout = 0
}
ippool real {
range-start = 10.10.10.1
range-stop = 10.10.10.254
netmask = 255.255.255.0
cache-size = 254
session-db = ${raddbdir}/db.ippool-real
ip-index = ${raddbdir}/db.ipindex-real
override = no
maximum-timeout = 0
}
And in users something like:
guest User-Password := "guest", Pool-Name := "fake"
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Auth-Type := System, Pool-Name := "real"
Service-Type = Framed-User,
Framed-Protocol = PPP
I have not tested any of this, it may cause Bad Things(tm) to happen,
adjust accordingly to use the correct IP ranges, etc.
#include
Michael
--
Michael J. Hartwick, VE3SLQ [EMAIL PROTECTED]
Hartwick Communications Consulting (519) 396-7719
Kincardine, ON, CA http://www.hartwick.com
--
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Binding FreeRadius to the DHCP Server
As a matter of fact, for the first login, the users will have an IP from a certain pool X, once the informations are entered, and after redialing, the users will get the new IP from the second pool Y. All I want to know is if it's possible to bind the radius to a DHCP server, if yes how it can be done? Otherwise, is there any other pssible method to configure 2 pools of Ips X and Y and relay it to the DHCP? Thanks Elie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alan DeKok Sent: Tuesday, July 25, 2006 12:23 PM To: FreeRadius users mailing list Subject: Re: Binding FreeRadius to the DHCP Server "Elie Hani" <[EMAIL PROTECTED]> wrote: > I have a patton RAS, when a dial up user connects to this server, he > should get a faked IP and he will be redirected to a site where he > should enter all the necessary information. Sounds like a captive portal to me. > So I have to configure a DHCP server and bind it to the FreeRadius in > a manner that when the user dials in to the RAS for the first time, he > will be using a common username and password (user: guest pass: guest > for example), he will get a fake IP from a pool configured on the DHCP server. Write a script. The server doesn't normally interact with DHCP. > Once he enteres all the necessary informations, he will reconnect > using the desired authentication entered previousely, and he will get > a real IP from another pool also configured on the DHCP. What you're saying is a very convoluted way of: a) some users get IP's from pool X b) other users get IP's from pool Y Alan DeKOk. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Binding FreeRadius to the DHCP Server
"Elie Hani" <[EMAIL PROTECTED]> wrote: > I have a patton RAS, when a dial up user connects to this server, he should > get a faked IP and he will be redirected to a site where he should enter all > the necessary information. Sounds like a captive portal to me. > So I have to configure a DHCP server and bind it to the FreeRadius in a > manner that when the user dials in to the RAS for the first time, he will be > using a common username and password (user: guest pass: guest for example), > he will get a fake IP from a pool configured on the DHCP server. Write a script. The server doesn't normally interact with DHCP. > Once he enteres all the necessary informations, he will reconnect using the > desired authentication entered previousely, and he will get a real IP from > another pool also configured on the DHCP. What you're saying is a very convoluted way of: a) some users get IP's from pool X b) other users get IP's from pool Y Alan DeKOk. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Binding FreeRadius to the DHCP Server
What I mean is the following: I have a patton RAS, when a dial up user connects to this server, he should get a faked IP and he will be redirected to a site where he should enter all the necessary information. First of all, I have configured the FreeRadius and it's working great with this RAS, but the pool of Ips that the dial up user is configured on the Patton RAS, where only one pool can be configured, and this RAS doens not support DHCP in it. So I have to configure a DHCP server and bind it to the FreeRadius in a manner that when the user dials in to the RAS for the first time, he will be using a common username and password (user: guest pass: guest for example), he will get a fake IP from a pool configured on the DHCP server. Once he enteres all the necessary informations, he will reconnect using the desired authentication entered previousely, and he will get a real IP from another pool also configured on the DHCP. What I want to do is to bind the freeradius and the DHCP server so this process takes place. Thanks in advance Elie -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Phil Mayers Sent: Tuesday, July 25, 2006 10:27 AM To: FreeRadius users mailing list Subject: Re: Binding FreeRadius to the DHCP Server Elie Hani wrote: > Hi; > > > > I want to bind the FreeRadius to the DHCP, is there a way to do that? What do you mean? Do you mean - I want FreeRadius to assign IPs, and DHCP to hand them out? In which case, no there is no way to do that. You could *make* something that did it, e.g. using ISC DHCPd and their omapi, but you would have to make it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Binding FreeRadius to the DHCP Server
Elie Hani wrote: Hi; I want to bind the FreeRadius to the DHCP, is there a way to do that? What do you mean? Do you mean - I want FreeRadius to assign IPs, and DHCP to hand them out? In which case, no there is no way to do that. You could *make* something that did it, e.g. using ISC DHCPd and their omapi, but you would have to make it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
