make use of external DHCP server or ip address provisioning

Rene Stoutjesdijk r.stoutjesdijk at gmail.com
Sun Jun 5 12:40:39 CEST 2016


Hi Nathan,

thx for your response.

Yes i'm aware that also periodic updates have to be made towards the DNS
server.Your suggestion about using the accounting packets was also what i
had in mind when i was referring to making use of the nsupdate cli. The
periodic updates isn't that difficult in our setup, as i do log the
accounting packets in a SQL db with timestamps, so scheduled periodic
updates for DNS can be done from a scripts based upon these entries.

But thx again for your thoughts and i keep on focussing on the accounting
part.
The primarily goal is to get the entries within DNS, as i do have a a mgmt
system which needs to access the clients, and with dynamic address it's
very hard to achieve without making use of DNS.

wkr
rene

On Sun, Jun 5, 2016 at 12:00 PM, Nathan Ward <lists+freeradius at daork.net>
wrote:

> --
> Nathan Ward
>
> > On 5/06/2016, at 21:23, Rene Stoutjesdijk <r.stoutjesdijk at gmail.com>
> wrote:
> >
> > Hello,
> > i do have a question (my first on this list) or described situation below
> > is possible, and if yes can somebody provide me tips how to do the
> > freeradius part.
> >
> >
> > I do have a freeradius daemon up and running with only authentication and
> > accounting.
> > I would like to change the setup that also ip address are provided (via
> the
> > AVP Framed-IP-Address) towards the client.
> > This seems to be possible, but i would like to get the ip address from an
> > external DHCP server. So basically what i would like to achieve is:
> > if authentication request comes in:
> > - let the radius daemon do a request for an ip address from an external
> > dhcp server with the following characteristics
> >    - the client mac address should contain the IMSI/MSISDN from the
> > subscriber (request is coming from a GGSN (mobile network)) so doesn't
> > contain a valid client mac address
> >    - the username AVP should be used as (i think option 61) within DHCP
> so
> > it can also be used with the DHCP/DNS integration for name resolving
> (DDNS)
> >    - if the ip address is provided towards the free radius daemon, take
> > this ip address and provide it back within the framed-ip-addres AVP
> towards
> > the radius client (GGSN)
> >
> >
> > I do have maybe an alternative and that's provide the ip address from the
> > free radius daemon and execute a nsupdate update script to update the
> DNS,
> > but i think the above described situation is better.
> >
>
>
> Hi,
>
> To my knowledge, FreeRADIUS doesn’t implement a DHCP client, the closest
> it gets is a relay.
>
> It sounds like your solution has quite a few moving parts, and I can see a
> couple of places where it might go wonky.
>
> If I were you I would simplify this to assign addresses out of FreeRADIUS,
> or even from a pool on the GGSN and look to accounting packets for IP
> address information, then sync your online user information with your DNS
> if that is a requirement. You touched on nsupdate which is a way to achieve
> this as users come online, but you should look at a way to sync
> periodically also - how you achieve that really depends on your DNS server.
>
> If you are really determined to do it with DHCP, perhaps the FreeRADIUS
> “dhcpclient” binary would help you in building a fake client. Remember you
> will need to maintain leases and so on so might want to do this on
> accounting or something. It’s all very fiddly, and will surely break! I
> haven’t ever done this, so YMWV.
>
> --
> Nathan Ward
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list