FreeRadius DHCP against LDAP
Nikolaos Milas
nmilas at noa.gr
Sat Aug 31 14:49:21 CEST 2013
On 31/8/2013 12:03 πμ, Arran Cudbard-Bell wrote:
>> 1. Is DHCP functionality supported against an LDAP Server (in v2.2.0)?
> Yes.
>
>> >2. If so, is there a planned freeradius ldap schema change (in future versions) to include DHCP-* attributes?
> No. But you're welcome to submit a pull request.
Thanks Arran for your answers.
Sorry, I don't know really what a "pull request" is, but googling info
makes me think it means I can submit a proposal for schema changes? If
so, I might, after I become a bit acquainted to the DHCP FreeRadius
component (and to DHCP in general).
In the meantime, I've also found that I should be able to set an IP
Address to a host (connecting through our Cisco 2950/2960 switches) when
doing dot1x/MAB authentication (against FreeRadius), using the
"Framed-IP-Address" attribute in the reply (and I've also set
"radius-server attribute 8 include-in-access-req" as Cisco advises here:
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrdat1.html).
I tried it but the NAS doesn't seem to try to push to the authorized
host the IP Address (-yet the host had already a static IP address).
Should the host (Win Vista in this test case) specify "Obtain an IP
Address automatically"? Would this functionality work without using the
FreeRadius Server DHCP component?
Also, assuming that the authorized (using MAB) host has already a
(manually -or otherwise- preconfigured) static IP address, is there a
way FreeRadius can know which that is, so it can reject the host during
reauth if that IP Address is different than the one specified in the
host's LDAP entry?
I would appreciate some clarifications on the above.
Best Regards,
Nick
More information about the Freeradius-Users
mailing list