Setting up FreeRADIUS accounting with IP address logging

Fajar A. Nugraha list at fajar.net
Sun Apr 15 03:06:31 CEST 2012


On Sat, Apr 14, 2012 at 5:06 PM, Johan Swetzén <johan at swetzen.com> wrote:
> Hi!
>
> I'm setting up wifi internet in my student dorm (90 people) and thought wpa2 enterprise with FreeRADIUS (version 2.1.8 running on Ubuntu) would be a good solution, together with the incredibly stable Linksys WRT54GL and dd-wrt. There are a few problems I cannot figure out though:
>
> 1. How to set up plain-text accounting.
> I saw in the configuration that the log directory is set to /var/log/freeradius/radacct so I created the directory and made writable (777 to be sure) but alas, there are no logs.

Your NAS needs to send accounting packets. IIRC dd-wrt does NOT send
accounting packets when used in 802.1x/WPA2-enterprise. chilispot,
however, DOES send accounting packets. So you either need to change
your NAS, or change your setup with dd-wrt to use captive portal with
chillispot.

>
> 2. How to get freeRADIUS to work with a DHCP server.
> I'm not asking about the experimental built-in DHCP server, as it seems very limited, but is it possible to somehow log the IP addresses that each user is assigned? We need to know who was using a certain IP address at a certain time.
>

The easiest way? Use v2.1.x branch from git, activate its DHCP server,
and use dhcp_sqlippool, which would use DB to hand out IP addresses :)

AFAIK some NAS (e.g. mikrotik:
http://wiki.mikrotik.com/wiki/Manual:IP/DHCP_Server ) can ask a radius
server for IP address (in standard framed-ip-address attribute), and
hand it to DHCP clients. But since you say you use dd-wrt, it might
not apply to you.

> 3. How to connect using Windows.
> It's dead simple to connect to the network with linux, mac and smartphones but for Windows it seems impossible to find the right combination of settings. I haven't googled this issue so much, so maybe there's a simple answer. Also, it's a later problem.

If you use captive portal setup, it's easy.
If you use 802.1x, you probably need to make sure that FR tries
PEAP-MSCHAP first (e.g. by changing default EAP type di eap.conf?)

-- 
Fajar


More information about the Freeradius-Users mailing list