Re: DHCP howto
Igor Smitran wrote: > Any plans to implement ipv6 support any time soon? Sure. Send a patch. :) There are ways to prioritize DHCPv6 support. One is to ensure that the current code works, is documented, and gets wide-spread usage. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
On 02/21/2013 07:56 PM, Alan DeKok wrote: 2. Is freeradius ready to work as dhcp server for IPv6? Would it be enough to insert some new words into dictionary and change configuration appropriately? It doesn't do DHCPv6. It's possible, but a lot of work. Any plans to implement ipv6 support any time soon? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
Igor Smitran wrote: > Does this mean that only thing needed is to create innodb tables? Module > will use transactions automaticaly? Yes. > 2. Is freeradius ready to work as dhcp server for IPv6? Would it be > enough to insert some new words into dictionary and change configuration > appropriately? It doesn't do DHCPv6. It's possible, but a lot of work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
1. In sqlippool.conf is stated: # # WARNING: MySQL has certain limitations that means it can # hand out the same IP address to 2 different users. # # We suggest using an SQL DB with proper transaction # support, such as PostgreSQL, or using MySQL # with InnoDB. # Does this mean that only thing needed is to create innodb tables? Module will use transactions automaticaly? 2. Is freeradius ready to work as dhcp server for IPv6? Would it be enough to insert some new words into dictionary and change configuration appropriately? Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
Igor Smitran wrote: > Freeradius puts everything into ENV. For running external scripts. > Because of the same key only last > value is used, other ones are overwritten. > So, ENV in this example will have only this: Yes. So don't run a script. Use the policies in the server. Or the Perl module. Or the Python module. Or the Ruby module. > DHCP-Parameter-Request-List = DHCP-NTP-Servers > > PHP script will be able to read that client asked only for > DHCP-NTP-Servers value. > This is PHP error or Freeradius error? > Or am i missing something? There are limitations when running an external script. That's why the server has plugin modules. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
On 02/19/2013 03:41 PM, Alan DeKok wrote: Use +=, not = Alan DeKok. Request from client is this: DHCP-Parameter-Request-List = DHCP-Subnet-Mask DHCP-Parameter-Request-List = DHCP-Router-Address DHCP-Parameter-Request-List = DHCP-NTP-Servers Freeradius puts everything into ENV. Because of the same key only last value is used, other ones are overwritten. So, ENV in this example will have only this: DHCP-Parameter-Request-List = DHCP-NTP-Servers PHP script will be able to read that client asked only for DHCP-NTP-Servers value. This is PHP error or Freeradius error? Or am i missing something? Igor - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
Igor Smitran wrote: ... > But, when i call exec script (phh for example) this array only contains > last key: > > DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name > > It is logical that those values will be overwritten but... > > Is there a way to work around this problem? Use +=, not = Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
During debug session (radiusd -X) beside other things i can see this: DHCP-Parameter-Request-List = DHCP-Subnet-Mask DHCP-Parameter-Request-List = DHCP-Router-Address DHCP-Parameter-Request-List = DHCP-NTP-Servers DHCP-Parameter-Request-List = DHCP-Domain-Name-Server DHCP-Parameter-Request-List = DHCP-Log-Server DHCP-Parameter-Request-List = DHCP-Domain-Name DHCP-Parameter-Request-List = DHCP-Renewal-Time DHCP-Parameter-Request-List = DHCP-Rebinding-Time DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name But, when i call exec script (phh for example) this array only contains last key: DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name It is logical that those values will be overwritten but... Is there a way to work around this problem? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
Duane Cox wrote: > I've managed to get parts of it working, and will be spending some more time > on it to finish it up. > If interested, let's try to consolidate and document the efforts. Any configuration changes / additions can make it into the next release. Send them over, and I'll add them in. The Wiki could also be updated to add DHCP howto's Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: DHCP howto
I am working on this as well. I have a spare CMTS, cable modems, and linux box next to me, with the intention of replacing ISC dhcp with freeradius (as freeradius already does the auth on the cablemodems). I've managed to get parts of it working, and will be spending some more time on it to finish it up. If interested, let's try to consolidate and document the efforts. Duane -Original Message- From: freeradius-users-bounces+duanecox=gmail@lists.freeradius.org [mailto:freeradius-users-bounces+duanecox=gmail@lists.freeradius.org] On Behalf Of Igor Smitran Sent: Friday, February 15, 2013 4:52 AM To: FreeRadius users mailing list Subject: DHCP howto What would need to be done in dhcp setup in order to have radusergroup/radcheck/radreply/radacct-alike behavior? I am trying to make it work with cable equipment (CM,MTA,CPE) but i am not sure how to start. CM and MTA would have static IP addresses (sql prefered because of additional replies: boot-file,dns,gateway etc.) and CPE's would have dynamic IP address assigned. I am willing to do some serious tests and get back with results because if everything works ok i would switch to freeradius from standard ISC dhcpd. Thank you - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
Igor Smitran wrote: > What would need to be done in dhcp setup in order to have > radusergroup/radcheck/radreply/radacct-alike behavior? Phil's response is good. > I am trying to make it work with cable equipment (CM,MTA,CPE) but i am > not sure how to start. CM and MTA would have static IP addresses (sql > prefered because of additional replies: boot-file,dns,gateway etc.) and > CPE's would have dynamic IP address assigned. This gets into policies (if/then/else), which are complicated. My suggestion is to split the problem into pieces. The first piece is to identify which "group" a device belongs to. This can be done by looking at information in the packet. Or, it can be done by putting the MAC addresses into a table, and mapping MAC -> group-name. SQL can be used here, with a custom schema. The "unlang" code can be used to grab the group-name based on the MAC: update control { my-group-Name = "%{sql: SELECT ...}" } You'll have to define My-group-name in raddb/dictionary. See the comments there for examples. This step lets you simplify the problem. Instead of applying policies to 10's of 1000's of devices, you can now apply it to 3-4 groups. The next step is to apply the per-group policy. Key off of the group name, and apply group-specific policies. > I am willing to do some serious tests and get back with results because > if everything works ok i would switch to freeradius from standard ISC > dhcpd. That's the goal. Thanks for the help. The DHCP code *should* work. But having more documentation, examples, and real-world tests will help a lot. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: DHCP howto
On 15/02/13 10:52, Igor Smitran wrote: What would need to be done in dhcp setup in order to have radusergroup/radcheck/radreply/radacct-alike behavior? As far as I can tell: 1. Figure our the SQL queries that return the "check/reply" and group items you want for the values in the DHCP packet 2. Configure those queries on an instance of the SQL module 3. Use the config: dhcp ... { ... # do radcheck/radreply sql.authorize ... # do radacct-like behaviour sql.accounting } The latter is necessary because "dhcp" blocks are post-auth blocks internally, so you need to specify that you want "authorize" not post-auth behaviour. I am trying to make it work with cable equipment (CM,MTA,CPE) but i am not sure how to start. CM and MTA would have static IP addresses (sql prefered because of additional replies: boot-file,dns,gateway etc.) and CPE's would have dynamic IP address assigned. Dynamic IP assignment might require the sqlippool module; the server comes with examples for this. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html