Hi again,
Clarify that DHCP server is running in the same or an other machine,
depends of the stage.
Thanks.
El 14/08/13 12:03, Fernando Pizarro escribió:
Hi all,
I'm using Freeradius version 2.1.12 with MySQL backend and EAP-TLS
authentication to serve dynamic VLAN and a DHCP server to
On 14 Aug 2013, at 11:03, Fernando Pizarro fea...@gmail.com wrote:
Hi all,
I'm using Freeradius version 2.1.12 with MySQL backend and EAP-TLS
authentication to serve dynamic VLAN and a DHCP server to leases this IP
address. This setup work sucefully but IP address of supplicants doesn't
New article on wiki:
http://wiki.freeradius.org/dhcp-for-static-ip-allocation
Please let me know your thoughts.
2013/3/3 Alan DeKok al...@deployingradius.com:
Leo Combes wrote:
As additional information, I tried with PPA version in Debian and do
not work (same problem).
Maybe is a problem
Leo Combes wrote:
As additional information, I tried with PPA version in Debian and do
not work (same problem).
Maybe is a problem in my server.
Maybe. I've just been running it with an Ubuntu 12.04 system, and it
seems to work for me. I didn't install selinux, firewalls, or anything
else.
what configuration options are in the PPA version? something is not right
there
Once installed, the configuration files in /etc/freeradius or
/etc/raddb are the same, or at least the most relevant ones to its
functionality.
I will compare one by one to see if I find any difference.
...and it
Leo Combes wrote:
One important thing! (specially Ubuntu users):(*)
DHCP functionality will not work when installed from PPA, or at least
the package version 2.2.0 + dfsg-ppa10 not work.
Reason: I dont know. I installed and configured without errors, seems
to respond correctly OFFER
That might be an Ubuntu security setting. It seems to work fine on my
systems. So it's hard to track down what's happening on other systems.
Alan DeKok.
As additional information, I tried with PPA version in Debian and do
not work (same problem).
Maybe is a problem in my server.
-
List
Hi,
I installed Freeradius from PPA.
https://launchpad.net/~freeradius/+archive/stable
DHCP functionality not work when installed from PPA, or at least the
package version 2.2.0 + dfsg-ppa10 not work.
Reason: installed and configured without errors, seems to respond
correctly OFFER and
I apollogize for the late response, I have been very busy and I
couldn't keep working on this.
I found the problem!
(at least it works now)
I installed Freeradius from PPA.
https://launchpad.net/~freeradius/+archive/stable
DHCP functionality not work when installed from PPA, or at least the
2013/1/23 a.l.m.bu...@lboro.ac.uk:
hi,
those ID values look a little 'wierd' - vary large and negative
I don't understand where this values came from? which would be the
normal values?
does the DHCP response leave the server? do you have anything
like dHCP snooping on the network that
Leo Combes wrote:
2013/1/23 a.l.m.bu...@lboro.ac.uk:
those ID values look a little 'wierd' - vary large and negative
I don't understand where this values came from? which would be the
normal values?
It's fine. Don't worry about it.
does the DHCP response leave the server? do you
Thanks for your reply.
Fortunately it seems that the segfault is a false alarm.
As it semt strange to me that Freeradius stop working by segfault, I
installed FR in another PC and I copy the same configuration.
Now it seems to be working, except that it stays in loop on DHCP
Discover (no Offer,
hi,
those ID values look a little 'wierd' - vary large and negative
does the DHCP response leave the server? do you have anything
like dHCP snooping on the network that might be blocking the
responses from this new DHCP server or is the client getting
its answers from a.n.another DHCP
Thanks Alan.
I hope to make it work.
As I have little experience with Freeradius, I want to start doing a little
test with the mac2ip module.
I made a file called mac2ip in /etc/freeradius with the following contents:
00:13:96:00:f9:84,10.1.100.1
The /etc/freeradius/sites-enabled/dhcp as
Leo Combes wrote:
Thanks Alan.
I hope to make it work.
As I have little experience with Freeradius, I want to start doing a
little test with the mac2ip module.
I made a file called mac2ip in /etc/freeradius with the following contents:
00:13:96:00:f9:84,10.1.100.1
OK.
I have added
Thanks again Alan.
At last I tried to run freeradius:
Please use radiusd -X, not radiusd -Xx
OK.
Info: server dhcp {
Debug: Trying sub-section dhcp DHCP-Discover {...}
Info: +- entering group DHCP-Discover {...}
Info: ++[reply] returns noop
Info: ++[reply] returns noop
On 22.01.2013 22:58, Leo Combes wrote:
Can you follow doc/bugs? It will tell you how to post more debugging
information so we can see exactly where it's going wrong.
I don't know how to do that. Any link on how to do it?
/usr/share/doc/freeradius/bugs
or
Leo Combes wrote:
Hello.
I successfully run ISC-DHCP server for provisioning modems in an ISP's
network, but what I wanted to try is something more modern and with
database support.
I want to try using Freeradius as DHCP server, but first I want to know
if it is possible with these
: Friday, September 7, 2012 7:40 AM
To: FreeRadius users mailing list
Subject: Re: Freeradius as dhcp; parsing option82
Ilya A. Masandilov wrote:
CPU use by radiusd fell from 70% to 10-15. Great. Thank you Alan for
great dhcp functional ;)
You're welcome.
Version 2.2.0 should have
Здравствуйте, Ilya.
Вы писали 6 сентября 2012 г., 21:52:23:
Hello!
We are using freeradius as dhcp server about two years. Its working
wery well, but.
...
Heh, sorry, I found the solution =)
Somethink like this for example, to ignore vlan #1 (default on most
devices):
if(
Heh, sorry, I found the solution =)
Somethink like this for example, to ignore vlan #1 (default on most
devices):
if( %{DHCP-Relay-Circuit-Id} =~
/^0x([0-9a-f]{4})0001([0-9a-f]{4})$/i ) {
reject
}
Wow. After using this code ^ and also this (filter
Fajar A. Nugraha-2 wrote
... and then on authorize section add something like this (just for check)
if ( (request:User-Name == 00:12:23:56:78:9A)
(control:Agent-Circuit-ID != %{request:Agent-Circuit-ID}) ) {
update control {
Auth-Type := Reject
}
}
then use debug mode
Alan DeKok-2 wrote
IVB wrote:
But I don't see in debug output what exactly was returned in SQL query.
Have you tried running the SQL queries from an SQL client on the
command line?
That's why they're printed out in debugging mode: so you can see them,
and re-run them yourself.
IVB wrote:
Yes, I run queries by hand and see results as strings, non-printable chars
not printed, but attribute itself has non-zero length.
You can't put binary data into an ASCII string field.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Alan DeKok-2 wrote
You can't put binary data into an ASCII string field.
But that was my question!
FreeRADIUS offers following schema for radcheck table:
CREATE TABLE radcheck (
id int(11) unsigned NOT NULL auto_increment,
username varchar(64) NOT NULL default '',
attribute
IVB wrote:
But that was my question!
...
How I can put Opt82 attributes (which contains non-printable bytes) into
database to offer it later for FreeRADIUS using SELECT statement?
You don't.
The database is intended for ASCII data.
You could also edit the dictionaries to make the data
Hello Alan,
Monday, April 2, 2012, 1:59:03 PM, you wrote:
AD IVB wrote:
But that was my question!
AD ...
How I can put Opt82 attributes (which contains non-printable bytes) into
database to offer it later for FreeRADIUS using SELECT statement?
AD You don't.
Are you kidding?
AD The
Igor Belikov wrote:
AD You don't.
Are you kidding?
If you insist on going down that path, you'll be unsubscribed and
banned. I'm tried of people who can't read the documentation, and who
use that ignorance to put me down.
Do you mean that FreeRADIUS can't accept non-ASCII data from
Hello Alan,
Monday, April 2, 2012, 2:53:15 PM, you wrote:
AD2vF Igor Belikov wrote:
AD You don't.
Are you kidding?
AD2vF If you insist on going down that path, you'll be unsubscribed and
AD2vF banned. I'm tried of people who can't read the documentation, and who
AD2vF use that
IVB wrote:
Hello Alan,
Yes, I will be very happy to read how to represent 'octets' data in
DB. And I ask about this several times. I don't find this info in
documentation, sorry.
Please give me link to right place.
I gave you a hint, and you deleted it.
Good luck.
Alan DeKok.
-
This is incorrect:
IVB wrote
INSERT INTO
`radcheck` ( `UserName`, `Attribute`, `Value`, `op` )
VALUES
( '00:12:23:56:78:9A', 'Cleartext-Password', 'Redback', ':=' ),
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', x'000403fc0001', '==' ),
( '00:12:23:56:78:9A', 'Agent-Remote-ID',
IVB wrote:
But I don't see in debug output what exactly was returned in SQL query.
Have you tried running the SQL queries from an SQL client on the
command line?
That's why they're printed out in debugging mode: so you can see them,
and re-run them yourself.
Alan DeKok.
-
List
On Fri, Mar 30, 2012 at 4:29 PM, IVB i...@is.ua wrote:
I need help.
Software: FreeRADIUS v2.1.11, MySQL v5.1.61.
Hardware: RB SE100 under SEOS-6.4.1.4-Release
BRAS sends Opt-82 related attributes in following format:
What format?
Attributes Agent-* described in radius dictionary as
Fajar A. Nugraha-2 wrote
On Fri, Mar 30, 2012 at 4:29 PM, IVB lt;ivb@gt; wrote:
I need help.
Software: FreeRADIUS v2.1.11, MySQL v5.1.61.
Hardware: RB SE100 under SEOS-6.4.1.4-Release
BRAS sends Opt-82 related attributes in following format:
What format?
Agent-Remote-Id =
Debug mode help me nothing.
When I try to connect without Agent-* attributes in DB, I see in debug
output 'User found in radcheck table' after performing check SQL. And
finally I login successfully.
When I try to connect with Agent-* attributes in DB, I don't see message
'User found in radcheck
On Fri, Mar 30, 2012 at 6:12 PM, IVB i...@is.ua wrote:
Agent-Circuit-Id = 0x000403fc0001
let's start with that one.
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', x'000403fc0001', '==' ),
Does that work? Shouldn't it be something like
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', 0x000403fc0001,
Fajar A. Nugraha-2 wrote
On Fri, Mar 30, 2012 at 6:12 PM, IVB lt;ivb@gt; wrote:
Agent-Circuit-Id = 0x000403fc0001
let's start with that one.
( '00:12:23:56:78:9A', 'Agent-Circuit-ID', x'000403fc0001', '==' ),
Does that work?
No. And this is the problem.
Fajar A. Nugraha-2
Start off without it. If it works... it's good enough.
When I require any further pieces of information on this matter what would be
the preferred way of communication, e.g. should I keep using this thread or
open a new one on developer list?
Best regards,
Seppo
Seppo Sandberg wrote:
Start off without it. If it works... it's good enough.
When I require any further pieces of information on this matter what would be
the preferred way of communication, e.g. should I keep using this thread or
open a new one on developer list?
The devel list is
Hello,
maybe I'll try and rephrase my question. Which attribute should I modify with
update reply, e.g. in dhcp DHCP-Discover section of the sites-available/dhcp
file, if I wanted to redirect the message to another DHCP server?
Best regards,
Seppo
-
Seppo Sandberg wrote:
Hello,
maybe I'll try and rephrase my question. Which attribute should I modify with
update reply, e.g. in dhcp DHCP-Discover section of the sites-available/dhcp
file, if I wanted to redirect the message to another DHCP server?
You can't. DHCP relaying is not
Thank you for your swift reply.
You can't. DHCP relaying is not supported.
It shouldn't be hard to add, though. Patches are welcome.
If I was inclined to create such a patch how would we begin to tackle the
issue? I guess you would tell me how you would like to have it implemented?
Best
Seppo Sandberg wrote:
If I was inclined to create such a patch how would we begin to tackle the
issue? I guess you would tell me how you would like to have it implemented?
See src/main/dhcpd.c
Look for relay. Add a cache (hash table or rbtree) for XID, and
maybe (XID,MAC). Add entries
On 13/01/11 11:03, Alan DeKok wrote:
Seppo Sandberg wrote:
If I was inclined to create such a patch how would we begin to tackle the
issue? I guess you would tell me how you would like to have it implemented?
See src/main/dhcpd.c
Look for relay. Add a cache (hash table or rbtree) for
Phil Mayers wrote:
What's the rationale for keeping state?
Some security, IIRC.
I was under the impression that
DHCP relays could be stateless. Since you can chain relays, but replies
go straight back to the first one (via the giaddr field)
Yes. The ISC DHCP relay code doesn't store
For our purposes, storing state would allow us to know where to send
the reply. The ISC server walks through it's list of interfaces for
every reply. This is simple, but it would be safer to maintain state.
Is the bottom line that when implementing the dhcp relay there should be
caching
Seppo Sandberg wrote:
Is the bottom line that when implementing the dhcp relay there should be
caching included?
Start off without it. If it works... it's good enough.
What data exactly should be stored in the cache?
I'll have to think about that.
Alan DeKok.
-
List
IIRC there were problems binding the server to IP addresses. Try just
binding to an interface or being promiscuous.
On 13/10/2010, Zietz, Marco marco.zi...@pfalzkom-manet.de wrote:
Hi,
I'm playing with freeradius acting as DHCP-server - which is a
magnificent idea!
Got a little problem
Hi,
I'm playing with freeradius acting as DHCP-server - which is a
magnificent idea!
Got a little problem getting it up and running. Already checked any
comments in sources, list archive, recent git patches related to dhcp
and my favourite search engine. Also used two different
01.08.2010 16:06, Alan DeKok пишет:
Urazaev Vadim wrote:
I`m trying to set up freeradius as dhcp server and everythins seem to be
ok, in radiusd -X I can see the DHCP-Discover packets that comes from
client and DHCP-Offer that server sending to client.
When I tried to find out to which
Urazaev Vadim wrote:
I`m trying to set up freeradius as dhcp server and everythins seem to be
ok, in radiusd -X I can see the DHCP-Discover packets that comes from
client and DHCP-Offer that server sending to client.
When I tried to find out to which interface server send`s responses I
saw
01.08.2010 16:06, Alan DeKok пишет:
Update the FreeRADIUS code so that it uses a BPF socket on FreeBSD.
Or, run on a system with only one interface.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thanks for your answer.
-
List
Urazaev Vadim wrote:
Hello all.
I tried to configure freeradius to operate as dhcp server and reach the
point from where I can`t proceed.
the version of freeradius is 2.1.9
I have two situation
1. DHCP Discover packet comes from client who directly connected to
network which freerasdius
30.07.2010 10:27, Alan DeKok wrote:
Urazaev Vadim wrote:
Hello all.
I tried to configure freeradius to operate as dhcp server and reach the
point from where I can`t proceed.
the version of freeradius is 2.1.9
I have two situation
1. DHCP Discover packet comes from client who directly connected
30.07.2010 19:03, Urazaev Vadim пишет:
Hi everybody.
FreeRadius ver. 2.1.10 from git
My problem is string :
===
++[perl] returns reject
from radiusd -X debug
The last strings in perl script that executed :
radiusd::radlog(L_ERR, --- RLM_MODULE_OK
On 07/30/2010 12:57 PM, Urazaev Vadim wrote:
[16 pages of debug output snipped for brevity]
Sorry Guys for disturb you, problem was in eval{} block in my perl
script inside which command return always return reject code.
Anyway Thanks for all.
And for that I had to page through 16 pages of
Kassai Istvan wrote:
I'd like to know how can I get it working? Which DHCP server can
cooperate with freeradius? What have I modify in freeradius?
./configure --with-dhcp
make
make install
It doesn't work with a DHCP server. It *is* a DHCP server.
It works with DHCP clients.
Alan
eradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, November 10, 2009 12:06 PM
To: FreeRadius users mailing list
Subject: Re: Freeradius with DHCP
Kassai Istvan wrote:
I'd like to know how can I get it working? Which DHCP server can
cooperate with freeradius? What have I modify in freeradius
ZHANG Gina wrote:
Does this DHCP server assigns IP addresses from the ip address pool of
radius?
No. It requires code updates to allow the SQL IP pool module to
handle DHCP packets.
You *can* read static IP's from a text file or from an SQL DB. You
just can't dynamically assign them.
@lists.fre
eradius.org] On Behalf Of Alan DeKok
Sent: Tuesday, November 10, 2009 1:28 PM
To: FreeRadius users mailing list
Subject: Re: Freeradius with DHCP
ZHANG Gina wrote:
Does this DHCP server assigns IP addresses from the ip address pool of
radius?
No. It requires code updates to allow the SQL
Thanks. Can I somehow know, is my freeradius compiled with DHCP support?
I dont wanna recompile it if isnt needed.
Can I found an example, how to make this DHCP to assign IP-s from a
postgres database?
2009. 11. 10, kedd keltezéssel 19.06-kor Alan DeKok ezt írta:
Kassai Istvan wrote:
I'd
ZHANG Gina wrote:
Does version 2.1.3 have this functionality? Where is the document
describing the configuration?
It's in 2.1.3. The only documentation is in raddb/sites-available/dhcp
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Kassai Istvan wrote:
Thanks. Can I somehow know, is my freeradius compiled with DHCP support?
Try configuring DHCP. If it doesn't work, it isn't compiled in.
But it's not normally included.
I dont wanna recompile it if isnt needed.
Can I found an example, how to make this DHCP to
, November 10, 2009 2:23 PM
To: FreeRadius users mailing list
Subject: Re: Freeradius with DHCP
ZHANG Gina wrote:
Does version 2.1.3 have this functionality? Where is the document
describing the configuration?
It's in 2.1.3. The only documentation is in
raddb/sites-available/dhcp
Alan DeKok
I dont wanna recompile it if isnt needed.
Can I found an example, how to make this DHCP to assign IP-s from a
postgres database?
No.
So I'm afraid I will ask some further questions about it :-)
Thanks for very quick answering.
-
List info/subscribe/unsubscribe? See
ro0ot [EMAIL PROTECTED] wrote:
Can I configure the system to let freeradius works with dhcp?
No, sorry.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Why not ?
My university implements something that looks like that. A laptop first
gets a DHCP lease, and can address a single IP which is presumably the
address of the server. Then I fire up the Cisco VPN client that
authenticates via an encryption algorithm and then the laptop can access
the
M Singh [EMAIL PROTECTED] wrote:
Why not ?
Because freeradius working with dhcp means freeradius knows about dhcp.
My university implements something that looks like that. A laptop first
gets a DHCP lease, and can address a single IP which is presumably the
address of the server. Then I
Yep, thats what I mean...thanks Alan DeKok, :)
Probabily I have to find another solution, :-(
Regards,
ro0ot
Alan DeKok wrote:
M Singh [EMAIL PROTECTED] wrote:
Why not ?
Because freeradius working with dhcp means freeradius knows about dhcp.
My university implements something that
69 matches
Mail list logo