Freeradius as DHCP server (static IP + some options)

Leo Combes combesl at gmail.com
Tue Jan 22 21:52:33 CET 2013


Thanks Alan.
I hope to make it work.

As I have little experience with Freeradius, I want to start doing a little
test with the "mac2ip" module.

I made a file called mac2ip in /etc/freeradius with the following contents:

00:13:96:00:f9:84,10.1.100.1

The /etc/freeradius/sites-enabled/dhcp as follows:

server dhcp {
    listen {
        type = dhcp
        ipaddr = 255.255.255.255
        port = 67
        interface = eth0
        #broadcast = no
}

dhcp DHCP-Discover {
    update reply {
           DHCP-Message-Type = DHCP-Offer
    }

    #  The contents here are invented.  Change them!
    update reply {
        DHCP-Domain-Name-Server = 8.8.8.8
        DHCP-Domain-Name-Server += 8.8.4.4
        DHCP-Subnet-Mask = 255.255.0.0
        DHCP-Router-Address = 10.1.1.3
        DHCP-IP-Address-Lease-Time = 7200
        DHCP-DHCP-Server-Identifier = 10.1.2.10
    }

    mac2ip

    #  Or, allocate IPs from the DHCP pool in SQL.
    #dhcp_sqlippool.postauth
    ok
}

dhcp DHCP-Request {
    update reply {
           DHCP-Message-Type = DHCP-Ack
    }

    #  The contents here are invented.  Change them!
    update reply {
        DHCP-Domain-Name-Server = 8.8.8.8
        DHCP-Domain-Name-Server += 8.8.4.4
        DHCP-Router-Address = 10.1.1.3
        DHCP-IP-Address-Lease-Time = 7200
        DHCP-DHCP-Server-Identifier = 10.1.2.10
    }

    mac2ip

    #  Or, allocate IPs from the DHCP pool in SQL.
    #dhcp_sqlippool.postauth
    ok
}

#  If there's no named section for the packet type, then the packet
#  is processed through this section.
dhcp {
    # send a DHCP NAK.
    reject
}
}

passwd mac2ip {
    filename = ${confdir}/mac2ip
    format = "*DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address"
    delimiter = ","
}


I have added the dhcp.dictionary.
At last I tried to run freeradius:


Info: Starting - reading configuration files ...
Debug: including configuration file /etc/freeradius/radiusd.conf
Debug: including configuration file /etc/freeradius/clients.conf
Debug: including files in directory /etc/freeradius/mods-enabled/
Debug: including configuration file /etc/freeradius/mods-enabled/rediswho
Debug: including configuration file /etc/freeradius/mods-enabled/replicate
Debug: including configuration file /etc/freeradius/mods-enabled/linelog
Debug: including configuration file /etc/freeradius/mods-enabled/redis
Debug: including configuration file /etc/freeradius/mods-enabled/counter
Debug: including configuration file /etc/freeradius/mods-enabled/sradutmp
Debug: including configuration file /etc/freeradius/mods-enabled/sql_log
Debug: including configuration file /etc/freeradius/mods-enabled/echo
Debug: including configuration file /etc/freeradius/mods-enabled/files
Debug: including configuration file /etc/freeradius/mods-enabled/mac2vlan
Debug: including configuration file /etc/freeradius/mods-enabled/ntlm_auth
Debug: including configuration file /etc/freeradius/mods-enabled/always
Debug: including configuration file /etc/freeradius/mods-enabled/soh
Debug: including configuration file /etc/freeradius/mods-enabled/detail.log
Debug: including configuration file /etc/freeradius/mods-enabled/unix
Debug: including configuration file /etc/freeradius/mods-enabled/inner-eap
Debug: including configuration file /etc/freeradius/mods-enabled/exec
Debug: including configuration file /etc/freeradius/mods-enabled/krb5
Debug: including configuration file /etc/freeradius/mods-enabled/smbpasswd
Debug: including configuration file /etc/freeradius/mods-enabled/cui
Debug: including configuration file /etc/freeradius/mods-enabled/expiration
Debug: including configuration file /etc/freeradius/mods-enabled/perl
Debug: including configuration file /etc/freeradius/mods-enabled/mac2ip
Debug: including configuration file /etc/freeradius/mods-enabled/digest
Debug: including configuration file /etc/freeradius/mods-enabled/smsotp
Debug: including configuration file /etc/freeradius/mods-enabled/pam
Debug: including configuration file /etc/freeradius/mods-enabled/wimax
Debug: including configuration file /etc/freeradius/mods-enabled/mschap
Debug: including configuration file /etc/freeradius/mods-enabled/checkval
Debug: including configuration file /etc/freeradius/mods-enabled/otp
Debug: including configuration file /etc/freeradius/mods-enabled/radutmp
Debug: including configuration file /etc/freeradius/mods-enabled/preprocess
Debug: including configuration file /etc/freeradius/mods-enabled/ippool
Debug: including configuration file /etc/freeradius/mods-enabled/ldap
Debug: including configuration file /etc/freeradius/mods-enabled/logintime
Debug: including configuration file
/etc/freeradius/mods-enabled/sqlcounter_expire_on_login
Debug: including configuration file /etc/freeradius/mods-enabled/detail
Debug: including configuration file /etc/freeradius/mods-enabled/acct_unique
Debug: including configuration file /etc/freeradius/mods-enabled/passwd
Debug: including configuration file /etc/freeradius/mods-enabled/chap
Debug: including configuration file
/etc/freeradius/mods-enabled/dhcp_sqlippool
Debug: including configuration file
/etc/freeradius/sql/mysql/ippool-dhcp.conf
Debug: including configuration file /etc/freeradius/mods-enabled/realm
Debug: including configuration file
/etc/freeradius/mods-enabled/opendirectory
Debug: including configuration file /etc/freeradius/mods-enabled/policy
Debug: including configuration file
/etc/freeradius/mods-enabled/attr_rewrite
Debug: including configuration file
/etc/freeradius/mods-enabled/dynamic_clients
Debug: including configuration file /etc/freeradius/mods-enabled/attr_filter
Debug: including configuration file /etc/freeradius/mods-enabled/expr
Debug: including configuration file /etc/freeradius/mods-enabled/etc_group
Debug: including configuration file /etc/freeradius/mods-enabled/cache
Debug: including configuration file /etc/freeradius/mods-enabled/radrelay
Debug: including configuration file /etc/freeradius/mods-enabled/pap
Debug: including configuration file /etc/freeradius/mods-enabled/
detail.example.com
Debug: including configuration file /etc/freeradius/eap.conf
Debug: including configuration file /etc/freeradius/sqlippool.conf
Debug: including configuration file /etc/freeradius/sql/mysql/ippool.conf
Debug: including configuration file /etc/freeradius/policy.conf
Debug: including files in directory /etc/freeradius/sites-enabled/
Debug: including configuration file /etc/freeradius/sites-enabled/dhcp
Debug: main {
Debug:     user = "root"
Debug:     group = "freerad"
Debug:     allow_core_dumps = no
Debug: }
Debug: including dictionary file /etc/freeradius/dictionary
Debug: main {
Debug:     name = "freeradius"
Debug:     prefix = "/usr"
Debug:     localstatedir = "/var"
Debug:     sbindir = "/usr/sbin"
Debug:     logdir = "/var/log/freeradius"
Debug:     run_dir = "/var/run/freeradius"
Debug:     libdir = "/usr/lib/freeradius"
Debug:     radacctdir = "/var/log/freeradius/radacct"
Debug:     hostname_lookups = no
Debug:     max_request_time = 30
Debug:     cleanup_delay = 5
Debug:     max_requests = 1024
Debug:     pidfile = "/var/run/freeradius/freeradius.pid"
Debug:     checkrad = "/usr/sbin/checkrad"
Debug:     debug_level = 0
Debug:     proxy_requests = yes
Debug:  log {
Debug:     stripped_names = no
Debug:     auth = no
Debug:     auth_badpass = no
Debug:     auth_goodpass = no
Debug:  }
Debug:  security {
Debug:     max_attributes = 200
Debug:     reject_delay = 1
Debug:     status_server = yes
Debug:  }
Debug: }
Debug: radiusd: #### Loading Realms and Home Servers ####
Debug: radiusd: #### Loading Clients ####
Debug:  client localhost {
Debug:     ipaddr = 127.0.0.1
Debug:     require_message_authenticator = no
Debug:     secret = "testing123"
Debug:     nastype = "other"
Debug:  }
Debug: radiusd: #### Instantiating modules ####
Debug:  instantiate {
Debug:     (Loaded rlm_exec, checking if it's valid)
Debug:  Module: Linked to module rlm_exec
Debug:  Module: Instantiating module "exec" from file
/etc/freeradius/mods-enabled/exec
Debug:   exec {
Debug:     wait = no
Debug:     input_pairs = "request"
Debug:     shell_escape = yes
Debug:   }
Debug:     (Loaded rlm_expr, checking if it's valid)
Debug:  Module: Linked to module rlm_expr
Debug:  Module: Instantiating module "expr" from file
/etc/freeradius/mods-enabled/expr
Debug:     (Loaded rlm_expiration, checking if it's valid)
Debug:  Module: Linked to module rlm_expiration
Debug:  Module: Instantiating module "expiration" from file
/etc/freeradius/mods-enabled/expiration
Debug:   expiration {
Debug:     reply-message = "Password Has Expired  "
Debug:   }
Debug:     (Loaded rlm_logintime, checking if it's valid)
Debug:  Module: Linked to module rlm_logintime
Debug:  Module: Instantiating module "logintime" from file
/etc/freeradius/mods-enabled/logintime
Debug:   logintime {
Debug:     reply-message = "You are calling outside your allowed timespan  "
Debug:     minimum-timeout = 60
Debug:   }
Debug:  }
Debug: radiusd: #### Loading Virtual Servers ####
Debug: server { # from file /etc/freeradius/radiusd.conf
Debug:  modules {
Debug:  } # modules
Debug: } # server
Debug: server dhcp { # from file /etc/freeradius/sites-enabled/dhcp
Debug:  modules {
Debug:  Module: Checking dhcp DHCP-Discover {...} for more modules to load
Debug:     (Loaded rlm_passwd, checking if it's valid)
Debug:  Module: Linked to module rlm_passwd
Debug:  Module: Instantiating module "mac2ip" from file
/etc/freeradius/mods-enabled/mac2ip
Debug:   passwd mac2ip {
Debug:     filename = "/etc/freeradius/mac2ip"
Debug:     format = "*DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address"
Debug:     delimiter = ","
Debug:     ignorenislike = yes
Debug:     ignoreempty = yes
Debug:     allowmultiplekeys = no
Debug:     hashsize = 100
Debug:   }
Debug: rlm_passwd: nfields: 2 keyfield 0(DHCP-Client-Hardware-Address)
listable: no
Debug:     (Loaded rlm_always, checking if it's valid)
Debug:  Module: Linked to module rlm_always
Debug:  Module: Instantiating module "ok" from file
/etc/freeradius/mods-enabled/always
Debug:   always ok {
Debug:     rcode = "ok"
Debug:     simulcount = 0
Debug:     mpp = no
Debug:   }
Debug:  Module: Checking dhcp DHCP-Request {...} for more modules to load
Debug:  Module: Checking dhcp (null) {...} for more modules to load
Error: /etc/freeradius/sites-enabled/dhcp[153]: No name specified for
Post-Auth-Type block
Debug:  } # modules
Debug: } # server
Debug: radiusd: #### Opening IP addresses and Ports ####
Debug: listen {
Debug:     type = "auth"
Debug:     ipaddr = *
Debug:     port = 0
Debug: }
Debug: listen {
Debug:     type = "acct"
Debug:     ipaddr = *
Debug:     port = 0
Debug: }
Debug: listen {
Debug:     type = "dhcp"
Debug:     ipaddr = 255.255.255.255
Debug:     port = 67
Debug: }
Debug: Listening on authentication address * port 1812
Debug: Listening on accounting address * port 1813
Debug: Listening on dhcp interface eth0 address 255.255.255.255 port 67 as
server dhcp
Debug: Listening on proxy address * port 1814
Info: Ready to process requests.



Received DHCP-Discover of id 8e22cb4d from 0.0.0.0:68 to 255.255.255.255:67
01 01 06 00 8e 22 cb 4d 00 00 80 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 13 96 00
f9 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63
35 01 01 3d 08 01 00 13 96 00 f9 84 00 33 04 ff
ff ff 00 33 04 ff ff ff ff 37 0b 01 03 06 0f 12
42 78 87 d5 d6 d7 ff 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00 00 00 00
    DHCP-Opcode = Client-Message
    DHCP-Hardware-Type = Ethernet
    DHCP-Hardware-Address-Length = 6
    DHCP-Hop-Count = 0
    DHCP-Transaction-Id = 2384644941
    DHCP-Number-of-Seconds = 0
    DHCP-Flags = Broadcast
    DHCP-Client-IP-Address = 0.0.0.0
    DHCP-Your-IP-Address = 0.0.0.0
    DHCP-Server-IP-Address = 0.0.0.0
    DHCP-Gateway-IP-Address = 0.0.0.0
    DHCP-Client-Hardware-Address = 00:13:96:00:f9:84
    DHCP-Message-Type = DHCP-Discover
    DHCP-Client-Identifier = 0x0100139600f98400
    DHCP-IP-Address-Lease-Time = 4294967040
    DHCP-IP-Address-Lease-Time = 4294967295
    DHCP-Parameter-Request-List = DHCP-Subnet-Mask
    DHCP-Parameter-Request-List = DHCP-Router-Address
    DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
    DHCP-Parameter-Request-List = DHCP-Domain-Name
    DHCP-Parameter-Request-List = DHCP-Bootp-Extensions-Path
    DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name
    DHCP-Parameter-Request-List = DHCP-SIP-Servers-DHCP-Option
    DHCP-Parameter-Request-List = DHCP-HTTP-Proxy
    DHCP-Parameter-Request-List = 213
    DHCP-Parameter-Request-List = 214
    DHCP-Parameter-Request-List = 215
Info: server dhcp {
Debug: Trying sub-section dhcp DHCP-Discover {...}
Info: +- entering group DHCP-Discover {...}
Info: ++[reply] returns noop
Info: ++[reply] returns noop
Segmentation fault


I'm missing something obvious?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130122/1c07b5f7/attachment-0001.html>


More information about the Freeradius-Users mailing list