dhcp sqlippool reauthenticate users every minute

Alan DeKok aland at deployingradius.com
Fri Jan 11 22:34:39 CET 2013

Ethan Hayon wrote:
> Hi, I'm trying to set up FreeRADIUS 2.2 to act as an authentication and accounting system as well as a DHCP server. (I'm relaying DHCP requests from a pfSense box).

  Are you doing DHCP *and* RADIUS?

> I am trying to use sqlippools on FreeRADIUS, but I have noticed that my ippools are filling up quickly (I am only testing with two devices). I have pfSense configured to reauthenticate user every minute, so I believe that FreeRADIUS is running post-auth dhcp leasing each time the user is reauthenticated. FreeRADIUS is serving the same client a new IP address each minute. 

  There's no need to "believe" anything.  Run the server in debugging
mode to see exactly what it's doing.

  Any IP allocation MUST be done on a key which is unique to each
device.  That key should remain the same across multiple re-authentications.

  So... is it?  Please check.

> I want to have multiple pools on different subnets. When a new client connects to the network (they don't yet have a radius account) they are sent to a default (pending) pool. This may be on the 192.168.1/24 subnet. After they have set up their account and have been added to the RADIUS database, they will be given a pool-name, maybe `pool2`. `pool2` will be on a different subnet, for example, 192168.2/24. The pfsense box knows how to route these subnets, so that is not a problem. I only want clients to receive a different IP address if their pool-name changes for whatever reason, if there are no changes to their account, they shouldn't be leased a new IP every time they reauthenticate (every minute).

  This is what databases are for.  If you want to map each client to a
pool, you'll need a table with a "client identifier" column, and a
"pool-name" column.  Then, assign IPs based on the pool name, as looked
up in the table.

> Am I approaching this problem correctly? I have written some un-lang in the policy.conf file for handling some of this. I am getting hung up on this problem. The pool is getting exhausted in minutes since each client is leased a new ip every minute.

  Solve that problem first.  Run the server in debugging mode to see
*why* it's assigning a new IP.

  Alan DeKok.

More information about the Freeradius-Users mailing list