DHCP + sqlpippol test, v2.1.x
Fajar A. Nugraha
list at fajar.net
Tue Jan 24 09:43:48 CET 2012
On Fri, Jan 20, 2012 at 7:39 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Fajar A. Nugraha wrote:
>> c. Implement something like polcies directory (or, following the
>> recent changes on modules, policies-available and policies-enabled).
>
> The policies can go anywhere you want. If you're only running one
> DHCP server, you can put them in sites-enabled/dhcp
Really? How do I put policies it (e.g.) sites-enabled/dhcp? I tried
using another policy {} block (but also on policy.conf), the second
policy block is not loaded.
>> Current version of dhcp config code (with static IP, central config,
>> and comment changes), diff against v2.1.x:
>> https://github.com/fajarnugraha/freeradius-server/commit/fdff057
>
> I've pulled in the changes && pushed updates back.
>
Thanks.
> The changes I made are much simpler than what you had. The extra
> policies you created were site-specific, and not suitable for general
> use. The MySQL example, and the dhcp_sqlippool module went in pretty
> much unchanged.
>
> The rest of the changes are much simpler, and should be easier to
> understand for most people. Please test them out.
Just did. You still need some minor changes though:
(1) Pool-Name. It's needed for sqlipool. something like this works
...
# Do some minor hacks to the request so that it looks
# like a RADIUS request to the SQL IP Pool module.
update control {
Pool-Name = "DHCP-default"
}
update request {
...
(2) policy vs method
In sites-available/dhcp, you used "dhcp_sqlippool". In my test, that
would call the dhcp_sqlipool module instance, bypassing the policy, so
the compatibility code was never used. So I change the policy name to
dhcp_sqlippool.compat, and call that instead in sites-available/dhcp.
(3) NAS-IP-Address is not quoted on policy.conf, and FR fails to start with
/etc/freeradius/policy.conf[210]: ERROR: Failed to find IP address for
%{%{DHCP-Gateway-IP-Address}:-127.0.0.1}
/etc/freeradius/policy.conf[207]: Failed to parse "update" subsection.
Adding quotes fixed the problem:
https://github.com/fajarnugraha/freeradius-server/commit/543ce28#diff-3
Also, I have two questions regarding modules and method:
(1) calling the instance dhcp_sqlippool works, without having to force
it to call the method post-auth (dhcp_sqlippool.post-auth). Does this
mean post-auth is the default method? Is it safe to just call it like
that, or should we explicitly call dhcp_sqlippool.post-auth instead?
(2) Is calling the policy dhcp_sqlippool.post-auth (in your commit) or
dhcp_sqlippool.compat (in my lastest change) considered "safe" enough?
e.g. should the policy be called something else (e.g.
dhcp_sqlippool_compat) to avoid namespace conflict with dhcp_sqlippool
(the module instance)?
--
Fajar
More information about the Freeradius-Devel
mailing list