make use of external DHCP server or ip address provisioning

Nathan Ward lists+freeradius at daork.net
Sun Jun 5 12:00:08 CEST 2016


--
Nathan Ward

> On 5/06/2016, at 21:23, Rene Stoutjesdijk <r.stoutjesdijk at gmail.com> wrote:
> 
> Hello,
> i do have a question (my first on this list) or described situation below
> is possible, and if yes can somebody provide me tips how to do the
> freeradius part.
> 
> 
> I do have a freeradius daemon up and running with only authentication and
> accounting.
> I would like to change the setup that also ip address are provided (via the
> AVP Framed-IP-Address) towards the client.
> This seems to be possible, but i would like to get the ip address from an
> external DHCP server. So basically what i would like to achieve is:
> if authentication request comes in:
> - let the radius daemon do a request for an ip address from an external
> dhcp server with the following characteristics
>    - the client mac address should contain the IMSI/MSISDN from the
> subscriber (request is coming from a GGSN (mobile network)) so doesn't
> contain a valid client mac address
>    - the username AVP should be used as (i think option 61) within DHCP so
> it can also be used with the DHCP/DNS integration for name resolving (DDNS)
>    - if the ip address is provided towards the free radius daemon, take
> this ip address and provide it back within the framed-ip-addres AVP towards
> the radius client (GGSN)
> 
> 
> I do have maybe an alternative and that's provide the ip address from the
> free radius daemon and execute a nsupdate update script to update the DNS,
> but i think the above described situation is better.
> 


Hi,

To my knowledge, FreeRADIUS doesn’t implement a DHCP client, the closest it gets is a relay.

It sounds like your solution has quite a few moving parts, and I can see a couple of places where it might go wonky.

If I were you I would simplify this to assign addresses out of FreeRADIUS, or even from a pool on the GGSN and look to accounting packets for IP address information, then sync your online user information with your DNS if that is a requirement. You touched on nsupdate which is a way to achieve this as users come online, but you should look at a way to sync periodically also - how you achieve that really depends on your DNS server.

If you are really determined to do it with DHCP, perhaps the FreeRADIUS “dhcpclient” binary would help you in building a fake client. Remember you will need to maintain leases and so on so might want to do this on accounting or something. It’s all very fiddly, and will surely break! I haven’t ever done this, so YMWV.

--
Nathan Ward




More information about the Freeradius-Users mailing list