dhcp sqlippool reauthenticate users every minute
aland at deployingradius.com
Fri Jan 11 22:34:39 CET 2013
Ethan Hayon wrote:
> Hi, I'm trying to set up FreeRADIUS 2.2 to act as an authentication and accounting system as well as a DHCP server. (I'm relaying DHCP requests from a pfSense box).
Are you doing DHCP *and* RADIUS?
> I am trying to use sqlippools on FreeRADIUS, but I have noticed that my ippools are filling up quickly (I am only testing with two devices). I have pfSense configured to reauthenticate user every minute, so I believe that FreeRADIUS is running post-auth dhcp leasing each time the user is reauthenticated. FreeRADIUS is serving the same client a new IP address each minute.
There's no need to "believe" anything. Run the server in debugging
mode to see exactly what it's doing.
Any IP allocation MUST be done on a key which is unique to each
device. That key should remain the same across multiple re-authentications.
So... is it? Please check.
> I want to have multiple pools on different subnets. When a new client connects to the network (they don't yet have a radius account) they are sent to a default (pending) pool. This may be on the 192.168.1/24 subnet. After they have set up their account and have been added to the RADIUS database, they will be given a pool-name, maybe `pool2`. `pool2` will be on a different subnet, for example, 192168.2/24. The pfsense box knows how to route these subnets, so that is not a problem. I only want clients to receive a different IP address if their pool-name changes for whatever reason, if there are no changes to their account, they shouldn't be leased a new IP every time they reauthenticate (every minute).
This is what databases are for. If you want to map each client to a
pool, you'll need a table with a "client identifier" column, and a
"pool-name" column. Then, assign IPs based on the pool name, as looked
up in the table.
> Am I approaching this problem correctly? I have written some un-lang in the policy.conf file for handling some of this. I am getting hung up on this problem. The pool is getting exhausted in minutes since each client is leased a new ip every minute.
Solve that problem first. Run the server in debugging mode to see
*why* it's assigning a new IP.
More information about the Freeradius-Users