DHCP + sqlpippol test, v2.1.x

Fajar A. Nugraha list at fajar.net
Tue Jan 24 09:43:48 CET 2012

On Fri, Jan 20, 2012 at 7:39 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Fajar A. Nugraha wrote:
>> c. Implement something like polcies directory (or, following the
>> recent changes on modules, policies-available and policies-enabled).
>  The policies can go anywhere you want.  If you're only running one
> DHCP server, you can put them in sites-enabled/dhcp

Really? How do I put policies it (e.g.) sites-enabled/dhcp? I tried
using another policy {} block (but also on policy.conf), the second
policy block is not loaded.

>> Current version of dhcp config code (with static IP, central config,
>> and comment changes), diff against v2.1.x:
>> https://github.com/fajarnugraha/freeradius-server/commit/fdff057
>  I've pulled in the changes && pushed updates back.


>  The changes I made are much simpler than what you had.  The extra
> policies you created were site-specific, and not suitable for general
> use.  The MySQL example, and the dhcp_sqlippool module went in pretty
> much unchanged.
>  The rest of the changes are much simpler, and should be easier to
> understand for most people.  Please test them out.

Just did. You still need some minor changes though:
(1) Pool-Name. It's needed for sqlipool. something like this works
		#  Do some minor hacks to the request so that it looks
		#  like a RADIUS request to the SQL IP Pool module.
		update control {
			Pool-Name = "DHCP-default"
		update request {

(2) policy vs method
In sites-available/dhcp, you used "dhcp_sqlippool". In my test, that
would call the dhcp_sqlipool module instance, bypassing the policy, so
the compatibility code was never used. So I change the policy name to
dhcp_sqlippool.compat, and call that instead in sites-available/dhcp.

(3) NAS-IP-Address is not quoted on policy.conf, and FR fails to start with

/etc/freeradius/policy.conf[210]: ERROR: Failed to find IP address for
/etc/freeradius/policy.conf[207]: Failed to parse "update" subsection.

Adding quotes fixed the problem:

Also, I have two questions regarding modules and method:
(1) calling the instance dhcp_sqlippool works, without having to force
it to call the method post-auth (dhcp_sqlippool.post-auth). Does this
mean post-auth is the default method? Is it safe to just call it like
that, or should we explicitly call dhcp_sqlippool.post-auth instead?

(2) Is calling the policy dhcp_sqlippool.post-auth (in your commit) or
dhcp_sqlippool.compat (in my lastest change) considered "safe" enough?
e.g. should the policy be called something else (e.g.
dhcp_sqlippool_compat) to avoid namespace conflict with dhcp_sqlippool
(the module instance)?


More information about the Freeradius-Devel mailing list