Update reply to DHCP-Ack
Leo Combes
combesl at gmail.com
Mon Mar 25 17:37:28 CET 2013
I have a small problem that I do not know how to solve.
Freeradius works correctly as DHCP server delivering static IPs, but I
need to write a log in the PostAuth database if the transaction
finalizes with a DHCP-Ack.
Currently when transaction ends with a DHCP-Ack, this configuration
log a "DHCP-Request" instead of "DHCP-Ack".
This is my setup:
server dhcp {
listen {
type = dhcp
ipaddr = 255.255.255.255
port = 67
interface = eth1.2
broadcast = yes
}
dhcp DHCP-Discover {
update reply {
DHCP-Message-Type = DHCP-Offer
}
update reply {
DHCP-Domain-Name-Server = 0.0.0.0
DHCP-IP-Address-Lease-Time = 7200
DHCP-DHCP-Server-Identifier = 172.31.1.1
}
deselabs_dhcp_cpes.authorize
ok
}
dhcp DHCP-Request {
update reply { # Is not the type supposed to be changed here?
DHCP-Message-Type = DHCP-Ack
}
update reply {
DHCP-Domain-Name-Server = 0.0.0.0
DHCP-IP-Address-Lease-Time = 7200
DHCP-DHCP-Server-Identifier = 172.31.1.1
Reply-Message = "Framed protocol is"
}
deselabs_dhcp_cpes.authorize
deselabs_dhcp_cpes.post-auth
ok
}
dhcp {
# send a DHCP NAK.
reject
}
}
This is the debug output:
Received DHCP-Discover of id 7ca9d708 from 0.0.0.0:68 to 255.255.255.255:67
DHCP-Opcode = Client-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 0
DHCP-Transaction-Id = 2091505416
DHCP-Number-of-Seconds = 0
DHCP-Flags = Broadcast
DHCP-Client-IP-Address = 0.0.0.0
DHCP-Your-IP-Address = 0.0.0.0
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 0.0.0.0
DHCP-Client-Hardware-Address = 00:50:c2:31:24:4f
DHCP-Message-Type = DHCP-Discover
DHCP-Client-Identifier = 0x010050c231244f00
DHCP-IP-Address-Lease-Time = 4294967040
DHCP-IP-Address-Lease-Time = 4294967295
DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
DHCP-Parameter-Request-List = DHCP-Domain-Name
DHCP-Parameter-Request-List = DHCP-Bootp-Extensions-Path
DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name
DHCP-Parameter-Request-List = DHCP-SIP-Servers-DHCP-Option
DHCP-Parameter-Request-List = DHCP-HTTP-Proxy
DHCP-Parameter-Request-List = 213
DHCP-Parameter-Request-List = 214
DHCP-Parameter-Request-List = 215
server dhcp {
Trying sub-section dhcp DHCP-Discover {...}
+- entering group DHCP-Discover {...}
++[reply] returns noop
++[reply] returns noop
[deselabs_dhcp_cpes] expand: %{DHCP-Client-Hardware-Address} ->
00:50:c2:31:24:4f
[deselabs_dhcp_cpes] sql_set_user escaped user --> '00:50:c2:31:24:4f'
rlm_sql (deselabs_dhcp_cpes): Reserving sql socket id: 4
[deselabs_dhcp_cpes] expand: SELECT '1', mac_address,
'Cleartext-Password', REPLACE('%{SQL-User-Name}', ':', ''), ':='
FROM cpes WHERE mac_address = REPLACE('%{SQL-User-Name}', ':', '')
UNION SELECT '2', mac_address, 'Auth-Type', 'Accept', ':=' FROM
cpes WHERE mac_address = REPLACE('%{SQL-User-Name}', ':', '') ->
SELECT '1', mac_address, 'Cleartext-Password',
REPLACE('00:50:c2:31:24:4f', ':', ''), ':=' FROM cpes WHERE
mac_address = REPLACE('00:50:c2:31:24:4f', ':', '') UNION SELECT
'2', mac_address, 'Auth-Type', 'Accept', ':=' FROM cpes WHERE
mac_address = REPLACE('00:50:c2:31:24:4f', ':', '')
[deselabs_dhcp_cpes] User found in radcheck table
[deselabs_dhcp_cpes] expand: SELECT '1', mac_address as username,
'DHCP-Your-IP-Address' AS attribute, CONCAT_WS('.', nets.net_prefix,
cpes.ip_host) AS value, '=' AS op FROM cpes LEFT OUTER JOIN nets
ON cpes.net=nets.net_id WHERE cpes.mac_address =
REPLACE('%{SQL-User-Name}', ':', '') UNION SELECT '2' as id,
mac_address, 'DHCP-Subnet-Mask' AS attribute, nets.netmask AS value,
'=' AS op FROM cpes LEFT OUTER JOIN nets ON cpes.net=nets.net_id
WHERE cpes.mac_address = REPLACE('%{SQL-User-Name}', ':', '') UNION
SELECT '3' as id, mac_address, 'DHCP-Router-Address' AS attribute,
nets.gateway AS value, '=' AS op FROM cpes LEFT OUTER JOIN nets
ON cpes.net=nets.net_id WHERE cpes.mac_address =
REPLACE('%{SQL-User-Name}', ':', '') UNION SELECT '4' as id,
mac_address, 'DHCP-Bootp-Extensions-Path' AS attribute,
cpes_profiles.acf_name AS value, '=' AS op FROM cpes LEFT OUTER
JOIN cpes_profiles ON cpes.profile=cpes_profiles.profile_id WHERE
cpes.mac_address = REPLACE('%{SQL-User-Name}', ':', '
rlm_sql (deselabs_dhcp_cpes): Released sql socket id: 4
++[deselabs_dhcp_cpes.authorize] returns ok
++[ok] returns ok
} # server dhcp
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 172.31.1.1
DHCP-Domain-Name-Server = 0.0.0.0
DHCP-Bootp-Extensions-Path = "slave_clear.acf"
DHCP-IP-Address-Lease-Time = 7200
DHCP-DHCP-Server-Identifier = 172.31.1.1
DHCP-TFTP-Server-Name = "172.31.1.1"
Sending DHCP-Offer of id 7ca9d708 to 255.255.255.255:68
Finished request 0.
Cleaning up request 0 ID 2091505416 with timestamp +6
Going to the next request
Ready to process requests.
Received DHCP-Request of id 7da9d708 from 0.0.0.0:68 to 255.255.255.255:67
DHCP-Opcode = Client-Message
DHCP-Hardware-Type = Ethernet
DHCP-Hardware-Address-Length = 6
DHCP-Hop-Count = 0
DHCP-Transaction-Id = 2108282632
DHCP-Number-of-Seconds = 0
DHCP-Flags = Broadcast
DHCP-Client-IP-Address = 0.0.0.0
DHCP-Your-IP-Address = 0.0.0.0
DHCP-Server-IP-Address = 0.0.0.0
DHCP-Gateway-IP-Address = 0.0.0.0
DHCP-Client-Hardware-Address = 00:50:c2:31:24:4f
DHCP-Message-Type = DHCP-Request
DHCP-Client-Identifier = 0x010050c231244f00
DHCP-IP-Address-Lease-Time = 4294967040
DHCP-Requested-IP-Address = 172.31.1.12
DHCP-DHCP-Server-Identifier = 172.31.1.1
DHCP-IP-Address-Lease-Time = 4294967295
DHCP-Parameter-Request-List = DHCP-Subnet-Mask
DHCP-Parameter-Request-List = DHCP-Router-Address
DHCP-Parameter-Request-List = DHCP-Domain-Name-Server
DHCP-Parameter-Request-List = DHCP-Domain-Name
DHCP-Parameter-Request-List = DHCP-Bootp-Extensions-Path
DHCP-Parameter-Request-List = DHCP-TFTP-Server-Name
DHCP-Parameter-Request-List = DHCP-SIP-Servers-DHCP-Option
DHCP-Parameter-Request-List = DHCP-HTTP-Proxy
DHCP-Parameter-Request-List = 213
DHCP-Parameter-Request-List = 214
DHCP-Parameter-Request-List = 215
server dhcp {
Trying sub-section dhcp DHCP-Request {...}
+- entering group DHCP-Request {...}
++[reply] returns noop
++[reply] returns noop
[deselabs_dhcp_cpes] expand: %{DHCP-Client-Hardware-Address} ->
00:50:c2:31:24:4f
[deselabs_dhcp_cpes] sql_set_user escaped user --> '00:50:c2:31:24:4f'
rlm_sql (deselabs_dhcp_cpes): Reserving sql socket id: 3
[deselabs_dhcp_cpes] expand: SELECT '1', mac_address,
'Cleartext-Password', REPLACE('%{SQL-User-Name}', ':', ''), ':='
FROM cpes WHERE mac_address = REPLACE('%{SQL-User-Name}', ':', '')
UNION SELECT '2', mac_address, 'Auth-Type', 'Accept', ':=' FROM
cpes WHERE mac_address = REPLACE('%{SQL-User-Name}', ':', '') ->
SELECT '1', mac_address, 'Cleartext-Password',
REPLACE('00:50:c2:31:24:4f', ':', ''), ':=' FROM cpes WHERE
mac_address = REPLACE('00:50:c2:31:24:4f', ':', '') UNION SELECT
'2', mac_address, 'Auth-Type', 'Accept', ':=' FROM cpes WHERE
mac_address = REPLACE('00:50:c2:31:24:4f', ':', '')
[deselabs_dhcp_cpes] User found in radcheck table
[deselabs_dhcp_cpes] expand: SELECT '1', mac_address as username,
'DHCP-Your-IP-Address' AS attribute, CONCAT_WS('.', nets.net_prefix,
cpes.ip_host) AS value, '=' AS op FROM cpes LEFT OUTER JOIN nets
ON cpes.net=nets.net_id WHERE cpes.mac_address =
REPLACE('%{SQL-User-Name}', ':', '') UNION SELECT '2' as id,
mac_address, 'DHCP-Subnet-Mask' AS attribute, nets.netmask AS value,
'=' AS op FROM cpes LEFT OUTER JOIN nets ON cpes.net=nets.net_id
WHERE cpes.mac_address = REPLACE('%{SQL-User-Name}', ':', '') UNION
SELECT '3' as id, mac_address, 'DHCP-Router-Address' AS attribute,
nets.gateway AS value, '=' AS op FROM cpes LEFT OUTER JOIN nets
ON cpes.net=nets.net_id WHERE cpes.mac_address =
REPLACE('%{SQL-User-Name}', ':', '') UNION SELECT '4' as id,
mac_address, 'DHCP-Bootp-Extensions-Path' AS attribute,
cpes_profiles.acf_name AS value, '=' AS op FROM cpes LEFT OUTER
JOIN cpes_profiles ON cpes.profile=cpes_profiles.profile_id WHERE
cpes.mac_address = REPLACE('%{SQL-User-Name}', ':', '
rlm_sql (deselabs_dhcp_cpes): Released sql socket id: 3
++[deselabs_dhcp_cpes.authorize] returns ok
[deselabs_dhcp_cpes] expand: %{DHCP-Client-Hardware-Address} ->
00:50:c2:31:24:4f
[deselabs_dhcp_cpes] sql_set_user escaped user --> '00:50:c2:31:24:4f'
[deselabs_dhcp_cpes] expand: %{User-Password} ->
[deselabs_dhcp_cpes] ... expanding second conditional
[deselabs_dhcp_cpes] expand: %{Chap-Password} ->
[deselabs_dhcp_cpes] expand: INSERT INTO radius_postauth (username,
password, reply, authdate) VALUES
(UPPER(REPLACE('%{SQL-User-Name}', ':', '')),
'%{%{User-Password}:-%{Chap-Password}}', '%{DHCP-Message-Type}', '%S')
-> INSERT INTO radius_postauth (username, password, reply, authdate)
VALUES (UPPER(REPLACE('00:50:c2:31:24:4f', ':', '')), '',
'DHCP-Request', '2013-03-25 12:53:15')
rlm_sql (deselabs_dhcp_cpes) in sql_postauth: query is INSERT INTO
radius_postauth (username, password, reply, authdate) VALUES
(UPPER(REPLACE('00:50:c2:31:24:4f', ':', '')), '', 'DHCP-Request',
'2013-03-25 12:53:15')
rlm_sql (deselabs_dhcp_cpes): Reserving sql socket id: 2
rlm_sql (deselabs_dhcp_cpes): Released sql socket id: 2
++[deselabs_dhcp_cpes.post-auth] returns ok
++[ok] returns ok
} # server dhcp
DHCP-Subnet-Mask = 255.255.255.0
DHCP-Router-Address = 172.31.1.1
DHCP-Domain-Name-Server = 0.0.0.0
DHCP-Bootp-Extensions-Path = "slave_clear.acf"
DHCP-IP-Address-Lease-Time = 7200
DHCP-DHCP-Server-Identifier = 172.31.1.1
DHCP-TFTP-Server-Name = "172.31.1.1"
Sending DHCP-Ack of id 7da9d708 to 255.255.255.255:68
Finished request 1.
Cleaning up request 1 ID 2108282632 with timestamp +7
Going to the next request
Ready to process requests.
What should I change in my config if I want to change the
DHCP-Message-Type to "DHCP-Ack" in order to get the correct log
information?
I tried using the ":=" operator with no luck.
More information about the Freeradius-Users
mailing list