dhcp sqlippool reauthenticate users every minute

Alan DeKok aland at deployingradius.com
Sat Jan 12 00:38:36 CET 2013


Ethan Hayon wrote:
> When I run the server in debug mode the Acct-Unique-Session-ID remains
> the same across the interim accounting updates. However,
> re-authentications don't seem to have a unique key associated with them. 

  That makes no sense.  There is *nothing* unique to each user you can
key off of?  Name?  MAC address?

> In my post-auth policy, I am updating control with the proper pool-name
> (with an unlang), changing some other reply attributes, then calling
> dhcp_sqlippool. What I am doing doesn't /feel/ right. I am very new to
> this, does this sound like the proper way of handling the serving of
> ip's on multiple subnets. DHCP-Domain-Name-Server and
> DHCP-Router-Address will change between pools. 

  Get one thing working first.  Only then look at the next thing.

> I guess I'm asking if I am approaching this correctly: Using unlang in
> policy.conf to handle these rules. 

  unlang is for policy rules.  Databases are for data.  You've got some
kind of mixup between the two.

> Sorry to put such a long debug message in here. I pulled out one
> authorization request, but they all look the same. It looks like 

  They don't all look the same.  They contain different information for
each user.  How else does the server tell users apart?

> This is what my authorization looks like:
> 
> The request comes in with a framed ip of 192.168.0.43, but it tries to
> serve it 192.168.0.50.

  The default queries use Calling-Station-Id to track IP addresses.
They *also* assume that the NAS sends accounting packets, so that each
user has an accounting entry in SQL.

> It reallocates a new IP for each auth every minute.

  Probably because the NAS isn't sending accounting data.  So the IP is
never tracked in SQL.

  So... did you look in the SQL database to see what's there?  Is it
tracking the IP?  Does the user have an accounting record?

  Alan DeKok.


More information about the Freeradius-Users mailing list