DHCP + sqlpippol test, v2.1.x
Fajar A. Nugraha
list at fajar.net
Tue Jan 24 16:13:00 CET 2012
On Tue, Jan 24, 2012 at 9:57 PM, Alan DeKok <aland at deployingradius.com> wrote:
> Fajar A. Nugraha wrote:
>> Really? How do I put policies it (e.g.) sites-enabled/dhcp? I tried
>> using another policy {} block (but also on policy.conf), the second
>> policy block is not loaded.
>
> You can just write "unlang" blocks.
Do you mean I can assign a name to an unlang block and call it
elsewhere, without it needing to be on policy section?
Or do you mean I need to put the unlang blocks wherever I need to call
it (thus the possible code duplication)?
>> (2) policy vs method
>> In sites-available/dhcp, you used "dhcp_sqlippool". In my test, that
>> would call the dhcp_sqlipool module instance, bypassing the policy, so
>> the compatibility code was never used. So I change the policy name to
>> dhcp_sqlippool.compat, and call that instead in sites-available/dhcp.
>
> That's a typo. The policy *should* be "dhcp_sqlippool.post-auth". It
> will take care of over-riding the dhcp_sqlippool call.
I see
>> Also, I have two questions regarding modules and method:
>> (1) calling the instance dhcp_sqlippool works, without having to force
>> it to call the method post-auth (dhcp_sqlippool.post-auth). Does this
>> mean post-auth is the default method? Is it safe to just call it like
>> that, or should we explicitly call dhcp_sqlippool.post-auth instead?
>
> It's the default method for DHCP. You should just use the module name.
Noted.
>
>> (2) Is calling the policy dhcp_sqlippool.post-auth (in your commit) or
>> dhcp_sqlippool.compat (in my lastest change) considered "safe" enough?
>> e.g. should the policy be called something else (e.g.
>> dhcp_sqlippool_compat) to avoid namespace conflict with dhcp_sqlippool
>> (the module instance)?
>
> The idea is that the DHCP SQL stuff is in dhcp_sqlippool. The user
> sees that, and manages DHCP like that. The "magic" to glue DHCP to
> RADIUS is in policy.conf, in the dhcp_sqlippool.post-auth method
Thanks, will try it again tomorrow.
--
Fajar
More information about the Freeradius-Devel
mailing list