On 06/23/2011 08:24 PM, Brent Wilkinson wrote:
I unfortunately have a large amount of hotspots that are behind dynamic ip’s. We have tried to get as many of them onto statics as possible but are having issues with that. After having read through a few dozen different threads and readmes does freeradius have something that has been put into place to address this?( I assume the answer is no or I glazed over while reading and missed the answer) .
If there is no built in feature is there a best practice for this?
FreeRADIUS has the facility to dynamically create client entries; when a packet from an unknown client is received, a virtual packet is sent through a virtual server, and the reply is used to build a "client" statement. See sites-available/dynamic-clients Because you have the full capability of FreeRADIUS, including SQL/LDAP, scripts, perl/python modules etc. it should be easy to hook any access control system you want in; as long as you have some way to "authenticate" an IP really is a hotspot, or don't care about security ;o) In all seriousness, something like IPSec/GRE is more secure than this. A better solution long-term would be radius-over-TLS, but it's dead certain your APs don't support it.