Freeradius-Users Digest, Vol 108, Issue 64

Rui Ribeiro ruyrybeyro at gmail.com
Tue Apr 15 10:54:10 CEST 2014 

Yes, of course thanks Allan, just had to confirm there was not any
provision in place, although I already suspected what would the answer
would be.

The point is that I worked for some years in the Internet cable industry
and I dearly miss some of the controls there were in place, like the
equipment placing leasequeries calls to the DHCP server to confirm the
validity of a new IP from a customer, for instance.

About SQL, there used to be also a patched DHCP+TFTP package  with an eye
in the cable industry, called docsis-server. It was also very convenient
interesting in that it mapped the isc-dhcp configuration to well, MySQL
tables, simplifying a lot the development of glue software for customer
provisioning. I used it at least in two sites, until giving up on it
because it was too old and stopped being maintained. You might want to have
a look at it.

Regards,
Rui Ribeiro
http://www.linkedin.com/pub/rui-ribeiro/16/ab8/434


> Message: 4
> Date: Mon, 14 Apr 2014 21:16:15 -0400
> From: Alan DeKok <aland at deployingradius.com>
> To: FreeRadius users mailing list
>         <freeradius-users at lists.freeradius.org>
> Subject: Re: FreeRADIUS DHCP service vs IP users control
> Message-ID: <534C885F.3070309 at deployingradius.com>
> Content-Type: text/plain; charset=UTF-8
>
> Rui Ribeiro wrote:
> > We have noticed that at least in one of our equipments the users can
> > gain access with a fixed-ip-address instead of one gotten via our
> > DHCP-server.
>
>   That's how DHCP works.  If the user doesn't do DHCP, he can use a
> static IP of his choosing.
>
> > Whilst my ISP experience suggest the enforcement of DHCP-only clients
> > belongs to the hardware side, since FreeRadius also implements the DHCP
> > service, I am curious wether someone managed to enforce this via
> > FreeRadius configurations.
>
>   You can't enforce anything with DHCP.  Like RADIUS, it just advises
> the NAS.  If the NAS (or the user) ignores DHCP or RADIUS, there's very
> little you can do on the server.
>
>   What you *can* do is use RADIUS accounting packets to double-check
> users IP addresses.  If the address in the accounting packet was *not*
> assigned by DHCP, then you can do something.  Complain, issue email, etc.
>
>   And which open source DHCP server lets you write IPs into an SQL
> database?  Not ISC.  FreeRADIUS. :)
>
>   That's why we added DHCP.
>
>   Alan DeKok.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140415/e54492b9/attachment.html>

More information about the Freeradius-Users mailing list