FreeRadius DHCP against LDAP

Nikolaos Milas nmilas at noa.gr
Sat Aug 31 14:49:21 CEST 2013


On 31/8/2013 12:03 πμ, Arran Cudbard-Bell wrote:

>> 1. Is DHCP functionality supported against an LDAP Server (in v2.2.0)?
> Yes.
>
>> >2. If so, is there a planned freeradius ldap schema change (in future versions) to include DHCP-* attributes?
> No.  But you're welcome to submit a pull request.

Thanks Arran for your answers.

Sorry, I don't know really what a "pull request" is, but googling info 
makes me think it means I can submit a proposal for schema changes? If 
so, I might, after I become a bit acquainted to the DHCP FreeRadius 
component (and to DHCP in general).

In the meantime, I've also found that I should be able to set an IP 
Address to a host (connecting through our Cisco 2950/2960 switches) when 
doing dot1x/MAB authentication (against FreeRadius), using the 
"Framed-IP-Address" attribute in the reply (and I've also set 
"radius-server attribute 8 include-in-access-req" as Cisco advises here: 
http://www.cisco.com/en/US/docs/ios/12_2/security/configuration/guide/scfrdat1.html). 


I tried it but the NAS doesn't seem to try to push to the authorized 
host the IP Address (-yet the host had already a static IP address). 
Should the host (Win Vista in this test case) specify "Obtain an IP 
Address automatically"? Would this functionality work without using the 
FreeRadius Server DHCP component?

Also, assuming that the authorized (using MAB) host has already a 
(manually -or otherwise- preconfigured) static IP address, is there a 
way FreeRadius can know which that is, so it can reject the host during 
reauth if that IP Address is different than the one specified in the 
host's LDAP entry?

I would appreciate some clarifications on the above.

Best Regards,
Nick


More information about the Freeradius-Users mailing list