DHCP + sqlpippol test, v2.1.x

Alan DeKok aland at deployingradius.com
Tue Jan 24 15:57:42 CET 2012

Fajar A. Nugraha wrote:
> Really? How do I put policies it (e.g.) sites-enabled/dhcp? I tried
> using another policy {} block (but also on policy.conf), the second
> policy block is not loaded.

  You can just write "unlang" blocks.

  My main objection to your code was that it's fairly site-specific.
Other people may want to do something else.

> Just did. You still need some minor changes though:
> (1) Pool-Name. It's needed for sqlipool. something like this works

  I'll go fix that.

> (2) policy vs method
> In sites-available/dhcp, you used "dhcp_sqlippool". In my test, that
> would call the dhcp_sqlipool module instance, bypassing the policy, so
> the compatibility code was never used. So I change the policy name to
> dhcp_sqlippool.compat, and call that instead in sites-available/dhcp.

  That's a typo.  The policy *should* be "dhcp_sqlippool.post-auth".  It
will take care of over-riding the dhcp_sqlippool call.

> (3) NAS-IP-Address is not quoted on policy.conf, and FR fails to start with

  I've committed a fix.

> Also, I have two questions regarding modules and method:
> (1) calling the instance dhcp_sqlippool works, without having to force
> it to call the method post-auth (dhcp_sqlippool.post-auth). Does this
> mean post-auth is the default method? Is it safe to just call it like
> that, or should we explicitly call dhcp_sqlippool.post-auth instead?

  It's the default method for DHCP.  You should just use the module name.

> (2) Is calling the policy dhcp_sqlippool.post-auth (in your commit) or
> dhcp_sqlippool.compat (in my lastest change) considered "safe" enough?
> e.g. should the policy be called something else (e.g.
> dhcp_sqlippool_compat) to avoid namespace conflict with dhcp_sqlippool
> (the module instance)?

  The idea is that the DHCP SQL stuff is in dhcp_sqlippool.  The user
sees that, and manages DHCP like that.  The "magic" to glue DHCP to
RADIUS is in policy.conf, in the dhcp_sqlippool.post-auth method

  Alan DeKok.

More information about the Freeradius-Devel mailing list