run script on dhcp events

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Jan 24 20:00:42 CET 2020



> On 24 Jan 2020, at 13:31, Семёнов Евгений Владимирович <sem at unn.ru> wrote:
> 
> Sorry, my question was too unclear, I will explain.
> 
> I develop new university WiFi captive portal and use freeradius as authentication/accounting and dhcp server. I call script from DHCP-Request section to set firewall rule (because i need supplicant MAC-address and issued IP-address). And i need to know where i can call script to remove firewall rule after supplicant disconnected from WiFi network.
> 
> I tried to call a script (that remove firewall rule) from accounting section when Acct-Status-Type equal Stop, but it is work only for standalone wifi access point without neighbors with same SSID. But when the supplicant passes through the Wi-Fi zone and communicates with one access point, and then with another, the scheme described above stops working, because after receiving the acct-stop packet from the first access point, the firewall rule is deleted, but does not create a new one (there may not be a new dhcp-request).

If that's really what's occurring and you're not just misinterpreting the accounting messages then it's a bug in the RADIUS accounting implementation on your APs and you should complain to your vendor.

The APs should not send a Stop message unless the session is actually terminated.  As the user continues to use the network on the new AP, then the session has not been terminated, and a stop should not have been sent.

I suspect what's actually happening is the original AP is sending a Stop and Start pair, but the Stop from AP1, is arriving after the Start from AP2, and is deleting the active firewall state.  If that's the case, fix your SQL queries so that doesn't happen.

> I want to try to call script that deletes a firewall rule after releasing the IP address of the supplicant or after dhcp decides that the supplicant has not confirmed the address and marks the address as unoccupied. But i don't know where i can do it.
> 
> Maybe you will advise me something?

If a client roams out of range of the wireless network how is it going to send a DHCP release to the DHCP server?

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2




More information about the Freeradius-Users mailing list