DHCP Dynamic pool and MAC authentication

Matthew Newton mcn4 at leicester.ac.uk
Thu Mar 20 22:19:15 CET 2014 

On Thu, Mar 20, 2014 at 01:38:12PM -0700, Michael Wisniewski wrote:
> I am having the exact same issue. Can anybody assist with this issue. "anybody
> can connect a device on my network and the Freeradius server reply to DHCP
> Discover, assign an IP address using the mysql radipool table but without
> checking if the mac address is in the radcheck table."

Haven't looked at this directly, but it should be pretty easy. I'm
guessing you want to either copy DHCP-Client-Hardware-Address into
Calling-Station-Id, then call sql (with Calling-Station-Id in the
radcheck table), or just all DHCP-Client-Hardware-Address directly
into the radcheck table, then just call sql.

Based on the result code from sql, you probably then want to
update the DHCP-Message-Type to inhibit a reply if the MAC wasn't
found.

Posting the full output of radiusd -X would help.

Matthew


> On Tue, Mar 18, 2014 at 2:48 AM, Thomas Bru <tbru at afone.com> wrote:
> 
> > Hello Everybody
> >
> > This is my first message on this mailing list so I hope I will do
> > everything right.
> >
> > I need your help because I want to implement Freeradius as a DCHP server
> > with an dynamic IP address pool (using radipool mysql table) and MAC
> > authentication.
> > I successed to install and activate DHCP server and dynamic pool but not
> > authenticate.
> >
> >
> > But, actually, my problem is anybody can connect a device on my network
> > and the Freeradius server reply to DHCP Discover, assign an IP address
> > using the mysql radipool table but without checking if the mac address is
> > in the radcheck table.
> >
> > Before the activation of the dynamic IP pool, I can authenticate and if
> > the authentication is OK, I give a static address to the client. The
> > address was stored into the raply table).
> > Now I can't do that with the dynamic pool.
> >
> > Did anybody can help me ?
> >
> > Thanks in advance for your helps and your replies.
> >
> > Best Regards
> >
> > Thomas
> > -
> > List info/subscribe/unsubscribe? See
> > http://www.freeradius.org/list/users.html
> >

> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


-- 
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>

More information about the Freeradius-Users mailing list