SoH and DHCP
Francois Gaudreault
fgaudreault at inverse.ca
Wed Jul 20 19:07:14 CEST 2011
Hi,
I am trying to make the SoH statements to work using the FreeRADIUS
DHCP. However, I have issues to get the SoH values from the NAP
client. Maybe someone will be able to help.
On the client side, the DHCP NAP policy is set to enabled.
Thanks!
sites-enabled/dhcp :
listen {
ipaddr = *
port = 67
type = dhcp
# interface = eth0
broadcast = yes
}
dhcp DHCP-Discover {
soh
update reply {
DHCP-Message-Type = DHCP-Offer
}
# The contents here are invented. Change them!
update reply {
DHCP-Domain-Name-Server = 4.2.2.2
DHCP-Domain-Name-Server = 4.2.2.1
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.0.0.1
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 10.0.0.243
}
mac2ip
ok
}
dhcp DHCP-Request {
soh
update reply {
DHCP-Message-Type = DHCP-Ack
}
# The contents here are invented. Change them!
update reply {
DHCP-Domain-Name-Server = 4.2.2.2
DHCP-Domain-Name-Server = 4.2.2.1
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.0.0.1
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 10.0.0.243
}
mac2ip
ok
}
dhcp {
# send a DHCP NAK.
reject
}
}
passwd mac2ip {
filename = ${confdir}/mac2ip
format = "*DHCP-Client-Hardware-Address:=DHCP-Your-IP-Address"
delimiter = ","
}
The Debug :
Received DHCP-Discover of id 6922f808 from 0.0.0.0:68 to 0.0.0.0:67
DHCP-Opcode = Client-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 0
DHCP-Transaction-Id = 1763899400
DHCP-Number-of-Seconds = 0
DHCP-Flags = Broadcast
DHCP-Client-IP-Address = 0.0.0.0
DHCP-Your-IP-Address = 0.0.0.0
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 0.0.0.0
DHCP-Client-Hardware-Address = f0:4d:a2:cb:d9:c5
DHCP-Message-Type = DHCP-Discover
DHCP-Client-Identifier = f0:4d:a2:cb:d9:c5
DHCP-Hostname = "TestingLaptop"
DHCP-Vendor-Class-Identifier = "MSFT 5.0"
DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Domain-Name
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers
DHCP-Parameter-Request-List = DHCP-NETBIOS-Node-Type
DHCP-Parameter-Request-List = DHCP-NETBIOS
DHCP-Parameter-Request-List = DHCP-Perform-Router-Discovery
DHCP-Parameter-Request-List = DHCP-Static-Routes
DHCP-Parameter-Request-List = DHCP-Classless-Static-Route
DHCP-Parameter-Request-List = 249
DHCP-Parameter-Request-List = DHCP-Vendor
DHCP-Vendor = 0xdc00
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+- entering group DHCP-Discover {...}
[soh] SoH adding NAP marker to DHCP reply
++[soh] returns ok
++[reply] returns ok
++[reply] returns ok
[mac2ip] Added DHCP-Your-IP-Address: '10.0.0.245' to reply_items
++[mac2ip] returns ok
++[ok] returns ok
} # server dhcp
Sending DHCP-Offer of id 6922f808 from 0.0.0.0:67 to 255.255.255.255:68
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.0.0.1
DHCP-Domain-Name-Server = 4.2.2.2
DHCP-Vendor = 0xdc0350414e
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 10.0.0.243
Finished request 1767.
Cleaning up request 1767 ID 1763899400 with timestamp +76404
Going to the next request
Ready to process requests.
Received DHCP-Request of id 6922f808 from 0.0.0.0:68 to 0.0.0.0:67
DHCP-Opcode = Client-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 0
DHCP-Transaction-Id = 1763899400
DHCP-Number-of-Seconds = 0
DHCP-Flags = Broadcast
DHCP-Client-IP-Address = 0.0.0.0
DHCP-Your-IP-Address = 0.0.0.0
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 0.0.0.0
DHCP-Client-Hardware-Address = f0:4d:a2:cb:d9:c5
DHCP-Message-Type = DHCP-Request
DHCP-Client-Identifier = f0:4d:a2:cb:d9:c5
DHCP-Requested-IP-Address = 10.0.0.245
DHCP-DHCP-Server-Identifier = 10.0.0.243
DHCP-Hostname = "TestingLaptop"
DHCP-Client-FQDN = "\000\000\000TestingLaptop.inverse.local"
DHCP-Vendor-Class-Identifier = "MSFT 5.0"
DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Domain-Name
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
DHCP-Parameter-Request-List = DHCP-NETBIOS-Name-Servers
DHCP-Parameter-Request-List = DHCP-NETBIOS-Node-Type
DHCP-Parameter-Request-List = DHCP-NETBIOS
DHCP-Parameter-Request-List = DHCP-Perform-Router-Discovery
DHCP-Parameter-Request-List = DHCP-Static-Routes
DHCP-Parameter-Request-List = DHCP-Classless-Static-Route
DHCP-Parameter-Request-List = 249
DHCP-Parameter-Request-List = DHCP-Vendor
server dhcp {
Trying sub-section dhcp DHCP-Request {...}
+- entering group DHCP-Request {...}
++[soh] returns noop
++[reply] returns noop
++[reply] returns noop
[mac2ip] Added DHCP-Your-IP-Address: '10.0.0.245' to reply_items
++[mac2ip] returns ok
++[ok] returns ok
} # server dhcp
Sending DHCP-Ack of id 6922f808 from 0.0.0.0:67 to 255.255.255.255:68
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 10.0.0.1
DHCP-Domain-Name-Server = 4.2.2.2
DHCP-IP-Address-Lease-Time = 86400
DHCP-DHCP-Server-Identifier = 10.0.0.243
Finished request 1768.
--
Francois Gaudreault, ing. jr
fgaudreault at inverse.ca :: +1.514.447.4918 (x130) :: www.inverse.ca
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
More information about the Freeradius-Users
mailing list