DHCP + sqlpippol test, v2.1.x

Arran Cudbard-Bell a.cudbardb at freeradius.org
Tue Jan 24 17:16:01 CET 2012


If you want to split policies into distinct files, use a $INCLUDE statement in the policy.conf policy stanza and then create a directory that contains your additional policy files.

Use a distinct namespace prefix if the unlang policies are for a specific purpose.

The configuration preprocessor will take care of including all the files in the subdirectory before parsing the configuration, so you just write the unlang as if it already had a policy {} wrapper around it.

I've been meaning to do that for a while.


On 24 Jan 2012, at 15:57, Alan DeKok wrote:

> Fajar A. Nugraha wrote:
>> Really? How do I put policies it (e.g.) sites-enabled/dhcp? I tried
>> using another policy {} block (but also on policy.conf), the second
>> policy block is not loaded.
>  You can just write "unlang" blocks.
>  My main objection to your code was that it's fairly site-specific.
> Other people may want to do something else.
>> Just did. You still need some minor changes though:
>> (1) Pool-Name. It's needed for sqlipool. something like this works
>  I'll go fix that.
>> (2) policy vs method
>> In sites-available/dhcp, you used "dhcp_sqlippool". In my test, that
>> would call the dhcp_sqlipool module instance, bypassing the policy, so
>> the compatibility code was never used. So I change the policy name to
>> dhcp_sqlippool.compat, and call that instead in sites-available/dhcp.
>  That's a typo.  The policy *should* be "dhcp_sqlippool.post-auth".  It
> will take care of over-riding the dhcp_sqlippool call.
>> (3) NAS-IP-Address is not quoted on policy.conf, and FR fails to start with
>  I've committed a fix.
>> Also, I have two questions regarding modules and method:
>> (1) calling the instance dhcp_sqlippool works, without having to force
>> it to call the method post-auth (dhcp_sqlippool.post-auth). Does this
>> mean post-auth is the default method? Is it safe to just call it like
>> that, or should we explicitly call dhcp_sqlippool.post-auth instead?
>  It's the default method for DHCP.  You should just use the module name.
>> (2) Is calling the policy dhcp_sqlippool.post-auth (in your commit) or
>> dhcp_sqlippool.compat (in my lastest change) considered "safe" enough?
>> e.g. should the policy be called something else (e.g.
>> dhcp_sqlippool_compat) to avoid namespace conflict with dhcp_sqlippool
>> (the module instance)?
>  The idea is that the DHCP SQL stuff is in dhcp_sqlippool.  The user
> sees that, and manages DHCP like that.  The "magic" to glue DHCP to
> RADIUS is in policy.conf, in the dhcp_sqlippool.post-auth method
>  Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html

Arran Cudbard-Bell
a.cudbardb at networkradius.com

Technical consultant and solutions architect

15 Ave. du Granier, Meylan, France
+33 4 69 66 54 50

More information about the Freeradius-Devel mailing list