make use of external DHCP server or ip address provisioning
r.stoutjesdijk at gmail.com
Sun Jun 5 12:40:39 CEST 2016
thx for your response.
Yes i'm aware that also periodic updates have to be made towards the DNS
server.Your suggestion about using the accounting packets was also what i
had in mind when i was referring to making use of the nsupdate cli. The
periodic updates isn't that difficult in our setup, as i do log the
accounting packets in a SQL db with timestamps, so scheduled periodic
updates for DNS can be done from a scripts based upon these entries.
But thx again for your thoughts and i keep on focussing on the accounting
The primarily goal is to get the entries within DNS, as i do have a a mgmt
system which needs to access the clients, and with dynamic address it's
very hard to achieve without making use of DNS.
On Sun, Jun 5, 2016 at 12:00 PM, Nathan Ward <lists+freeradius at daork.net>
> Nathan Ward
> > On 5/06/2016, at 21:23, Rene Stoutjesdijk <r.stoutjesdijk at gmail.com>
> > Hello,
> > i do have a question (my first on this list) or described situation below
> > is possible, and if yes can somebody provide me tips how to do the
> > freeradius part.
> > I do have a freeradius daemon up and running with only authentication and
> > accounting.
> > I would like to change the setup that also ip address are provided (via
> > AVP Framed-IP-Address) towards the client.
> > This seems to be possible, but i would like to get the ip address from an
> > external DHCP server. So basically what i would like to achieve is:
> > if authentication request comes in:
> > - let the radius daemon do a request for an ip address from an external
> > dhcp server with the following characteristics
> > - the client mac address should contain the IMSI/MSISDN from the
> > subscriber (request is coming from a GGSN (mobile network)) so doesn't
> > contain a valid client mac address
> > - the username AVP should be used as (i think option 61) within DHCP
> > it can also be used with the DHCP/DNS integration for name resolving
> > - if the ip address is provided towards the free radius daemon, take
> > this ip address and provide it back within the framed-ip-addres AVP
> > the radius client (GGSN)
> > I do have maybe an alternative and that's provide the ip address from the
> > free radius daemon and execute a nsupdate update script to update the
> > but i think the above described situation is better.
> To my knowledge, FreeRADIUS doesn’t implement a DHCP client, the closest
> it gets is a relay.
> It sounds like your solution has quite a few moving parts, and I can see a
> couple of places where it might go wonky.
> If I were you I would simplify this to assign addresses out of FreeRADIUS,
> or even from a pool on the GGSN and look to accounting packets for IP
> address information, then sync your online user information with your DNS
> if that is a requirement. You touched on nsupdate which is a way to achieve
> this as users come online, but you should look at a way to sync
> periodically also - how you achieve that really depends on your DNS server.
> If you are really determined to do it with DHCP, perhaps the FreeRADIUS
> “dhcpclient” binary would help you in building a fake client. Remember you
> will need to maintain leases and so on so might want to do this on
> accounting or something. It’s all very fiddly, and will surely break! I
> haven’t ever done this, so YMWV.
> Nathan Ward
> List info/subscribe/unsubscribe? See
More information about the Freeradius-Users