Re: DHCP howto

2013-04-03 Thread Alan DeKok 
Igor Smitran wrote:
> Any plans to implement ipv6 support any time soon?

  Sure.  Send a patch. :)

  There are ways to prioritize DHCPv6 support.  One is to ensure that
the current code works, is documented, and gets wide-spread usage.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-04-03 Thread Igor Smitran 

On 02/21/2013 07:56 PM, Alan DeKok wrote:

2. Is freeradius ready to work as dhcp server for IPv6? Would it be
enough to insert some new words into dictionary and change configuration
appropriately?

   It doesn't do DHCPv6.  It's possible, but a lot of work.

Any plans to implement ipv6 support any time soon?

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-21 Thread Alan DeKok 
Igor Smitran wrote:
> Does this mean that only thing needed is to create innodb tables? Module
> will use transactions automaticaly?

  Yes.

> 2. Is freeradius ready to work as dhcp server for IPv6? Would it be
> enough to insert some new words into dictionary and change configuration
> appropriately?

  It doesn't do DHCPv6.  It's possible, but a lot of work.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-21 Thread Igor Smitran 

1. In sqlippool.conf is stated:

 
 #
 #  WARNING: MySQL has certain limitations that means it can
 #   hand out the same IP address to 2 different users.
 #
 #   We suggest using an SQL DB with proper transaction
 #   support, such as PostgreSQL, or using MySQL
 #   with InnoDB.
 #
 

Does this mean that only thing needed is to create innodb tables? Module 
will use transactions automaticaly?


2. Is freeradius ready to work as dhcp server for IPv6? Would it be 
enough to insert some new words into dictionary and change configuration 
appropriately?


Igor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-19 Thread Alan DeKok 
Igor Smitran wrote:
> Freeradius puts everything into ENV.

  For running external scripts.

> Because of the same key only last
> value is used, other ones are overwritten.
> So, ENV in this example will have only this:

  Yes.  So don't run a script.  Use the policies in the server.  Or the
Perl module.  Or the Python module.  Or the Ruby module.

> DHCP-Parameter-Request-List = DHCP-NTP-Servers
> 
> PHP script will be able to read that client asked only for
> DHCP-NTP-Servers value.
> This is PHP error or Freeradius error?
> Or am i missing something?

  There are limitations when running an external script.  That's why the
server has plugin modules.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-19 Thread Igor Smitran 

On 02/19/2013 03:41 PM, Alan DeKok wrote:

   Use +=, not =

   Alan DeKok.


Request from client is this:

DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-NTP-Servers

Freeradius puts everything into ENV. Because of the same key only last 
value is used, other ones are overwritten.

So, ENV in this example will have only this:

DHCP-Parameter-Request-List = DHCP-NTP-Servers

PHP script will be able to read that client asked only for 
DHCP-NTP-Servers value.

This is PHP error or Freeradius error?
Or am i missing something?

Igor
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-19 Thread Alan DeKok 
Igor Smitran wrote:
...
> But, when i call exec script (phh for example) this array only contains
> last key:
> 
> DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name
> 
> It is logical that those values will be overwritten but...
> 
> Is there a way to work around this problem?

  Use +=, not =

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-19 Thread Igor Smitran 

During debug session (radiusd -X) beside other things i can see this:

DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-NTP-Servers
DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
DHCP-Parameter-Request-List = DHCP-Log-Server
DHCP-Parameter-Request-List = DHCP-Domain-Name
DHCP-Parameter-Request-List = DHCP-Renewal-Time
DHCP-Parameter-Request-List = DHCP-Rebinding-Time
DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers
DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name

But, when i call exec script (phh for example) this array only contains 
last key:


DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name

It is logical that those values will be overwritten but...

Is there a way to work around this problem?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-15 Thread Alan DeKok 
Duane Cox wrote:
> I've managed to get parts of it working, and will be spending some more time 
> on it to finish it up.
> If interested, let's try to consolidate and document the efforts.

  Any configuration changes / additions can make it into the next
release.  Send them over, and I'll add them in.

  The Wiki could also be updated to add DHCP howto's

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: DHCP howto

2013-02-15 Thread Duane Cox 
I am working on this as well.

I have a spare CMTS, cable modems, and linux box next to me, with the intention 
of replacing ISC dhcp with freeradius (as freeradius already does the auth on 
the cablemodems).

I've managed to get parts of it working, and will be spending some more time on 
it to finish it up.
If interested, let's try to consolidate and document the efforts.

Duane


-Original Message-
From: freeradius-users-bounces+duanecox=gmail@lists.freeradius.org 
[mailto:freeradius-users-bounces+duanecox=gmail@lists.freeradius.org] On 
Behalf Of Igor Smitran
Sent: Friday, February 15, 2013 4:52 AM
To: FreeRadius users mailing list
Subject: DHCP howto

What would need to be done in dhcp setup in order to have 
radusergroup/radcheck/radreply/radacct-alike behavior?

I am trying to make it work with cable equipment (CM,MTA,CPE) but i am not sure 
how to start. CM and MTA would have static IP addresses (sql prefered because 
of additional replies: boot-file,dns,gateway etc.) and CPE's would have dynamic 
IP address assigned.

I am willing to do some serious tests and get back with results because if 
everything works ok i would switch to freeradius from standard ISC dhcpd.

Thank you
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-15 Thread Alan DeKok 
Igor Smitran wrote:
> What would need to be done in dhcp setup in order to have
> radusergroup/radcheck/radreply/radacct-alike behavior?

  Phil's response is good.

> I am trying to make it work with cable equipment (CM,MTA,CPE) but i am
> not sure how to start. CM and MTA would have static IP addresses (sql
> prefered because of additional replies: boot-file,dns,gateway etc.) and
> CPE's would have dynamic IP address assigned.

  This gets into policies (if/then/else), which are complicated.

  My suggestion is to split the problem into pieces.  The first piece is
to identify which "group" a device belongs to.  This can be done by
looking at information in the packet.  Or, it can be done by putting the
MAC addresses into a table, and mapping MAC -> group-name.  SQL can be
used here, with a custom schema.  The "unlang" code can be used to grab
the group-name based on the MAC:

update control {
my-group-Name = "%{sql: SELECT ...}"
}

  You'll have to define My-group-name in raddb/dictionary.  See the
comments there for examples.

  This step lets you simplify the problem.  Instead of applying policies
to 10's of 1000's of devices, you can now apply it to 3-4 groups.

  The next step is to apply the per-group policy.  Key off of the group
name, and apply group-specific policies.

> I am willing to do some serious tests and get back with results because
> if everything works ok i would switch to freeradius from standard ISC
> dhcpd.

  That's the goal.  Thanks for the help.

  The DHCP code *should* work.  But having more documentation, examples,
and real-world tests will help a lot.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DHCP howto

2013-02-15 Thread Phil Mayers 

On 15/02/13 10:52, Igor Smitran wrote:

What would need to be done in dhcp setup in order to have
radusergroup/radcheck/radreply/radacct-alike behavior?


As far as I can tell:

 1. Figure our the SQL queries that return the "check/reply" and group 
items you want for the values in the DHCP packet

 2. Configure those queries on an instance of the SQL module
 3. Use the config:

dhcp ... {
  ...
  # do radcheck/radreply
  sql.authorize
  ...
  # do radacct-like behaviour
  sql.accounting
}

The latter is necessary because "dhcp" blocks are post-auth blocks 
internally, so you need to specify that you want "authorize" not 
post-auth behaviour.




I am trying to make it work with cable equipment (CM,MTA,CPE) but i am
not sure how to start. CM and MTA would have static IP addresses (sql
prefered because of additional replies: boot-file,dns,gateway etc.) and
CPE's would have dynamic IP address assigned.


Dynamic IP assignment might require the sqlippool module; the server 
comes with examples for this.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html