FreeRadius + MySQL + Multiple Dynamic Clients

Peter Lambrechtsen plambrechtsen at gmail.com
Fri Oct 29 00:13:40 CEST 2010


Dynamic Clients would only apply to the NAS's (ie the WNR834v2 Access
Points) and not the workstations connecting to the APs.  As the Workstations
/ users would just be users.

So either you allow anyone from the internet (or restrict it down to certain
IP addresses which the Mobile Provider issues as DHCP addresses) to connect
to your FreeRadius server.

Otherwise perhaps your Mobile provider may offer a "private office" Mobile
broadband offering so by specifying a different APN on the router you get
put into a certain IP address pool by the Telco and you don't route your
FreeRadius AAA over the internet.

On Fri, Oct 29, 2010 at 11:00 AM, Tyler Nally <tnally at technally.com> wrote:

> Hello,
>
> I'm the IT fellow for a bus company that is about to implement WiFi on a
> fleet of a couple dozen buses (or so), so that passengers can pull out their
> laptops, iPhones, iPads, iWhatevers and connect thru the wandering networks
> from inside the comfort of the bus while traveling to their various
> destinations.
>
> We'll be using a Wireless Broadband device that will provide the broadband
> signal to a router.  The router will be configured to use a Radius server so
> that as people connect they'll go through the Radius authentication
> protocols to get their wifi connection to the network.  I'm assuming that
> whenever these power on, they'll be getting a new dynamically assigned IP
> address.  Not to mention that potentially, as the bus roams aruond and as it
> loses and gains service between the different cell sites, I guess it's
> possible that each time it loses/gains a cell site, it might even get a new
> IP address.
>
> So, what I want to avoid is having set each router's access password (which
> would be 1 or 2 at first) each week .. manually.  Up to a maximum of 20 or
> 30 of these .. manually.  I figure that I can capture the the users email
> address (or username) and a password, and make just THAT combination of
> authentication available WHILE their scheduled route is running.
>
> Sooo.. just prior to the dispatch of the bus, I add that list of good
> authentications to the records of FreeRADIUS server setup.  When the route
> is over, I remove the records (or somehow toggle them off).  The idea being
> that they'll only be allowed one login per user while on the bus.  And if
> they don't check/select that they want wifi access, they won't get access
> from a previous user/password combination.
>
> What I've got working is FreeRADIUS with MySQL.  But not with a dynamic
> client.  It's refusing the authentication connection with the client.  Do I
> define 1 dynamic client that maybe 20-30 of these will be using?  Or should
> they be numbered from 01 thru whatever.  Either way, they'll all have
> different IP's as they are traveling down the road.
>
> The error message I see in the logs is:
>
> Thu Oct 28 16:10:26 2010 : Error: Ignoring request to authentication
> address * port 1812 from unknown client 98.212.198.111 port 2048
>
> So.. I know the network is open to get the request, it's just not
> processing it.  I've looked through the WIKI and can't find any specific
> dynamic client setup parameters/settings.  I'm running freeradius v 2.1.8 on
> a Ubuntu 10.04 machine.  With a test connection via a Netgear WNR834v2
> that's been reflashed as a DD-WRT mini hotspot to give me the router
> configuration.
>
> Any help would be appreciated.
>
> --
> Tyler Nally
> tnally at technally.com
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20101029/f9e22faa/attachment.html>


More information about the Freeradius-Users mailing list