DHCP with static IPs and EAP

Alan DeKok aland at deployingradius.com
Sat Nov 5 16:34:33 CET 2016

On Nov 5, 2016, at 9:50 AM, Toby Walsh <walshtj at gmail.com> wrote:
> I'm new to Freeradius. I'm trying to set up a back-end to talk nicely with
> a pfSense router and walking through various tutorials and doco pages. I
> had EAP working nicely but wanted to use DHCP and assign static IPs to
> devices based on MAC stored in either mac2ip or mysql (mostly mysql since
> that's what I'm trying to use for config).

  That should be relatively easy.

> I get to a stage where, after following the DHCP tutorial I set
> sql_user_name = "%{DHCP-Client-Hardware-Address}". This works for the
> purpose of assigning an IP, I assume. But then when FR tries to
> authenticate EAP, it uses sql_user_name as a query into the radcheck table
> and by that stage sql_user_name has been set to '' (an empty string) by the
> EAP process I presume. So my EAP user name is ignored and the
> authentication fails.

  It helps to have clear requirements.  Your first paragraph says you want DHCP, but then now you're saying EAP doesn't work.  Saying the *full* requirements up front would be much better than springing new requirements part-way through the description.

  What you probably need to do (I'm guessing, because you didn't really describe your requirements), is to set up *two* SQL modules:

# normal RADIUS sql module
sql {

# and an SQL module for DHCP
sql sql_dhcp {

  The "sql_dhcp" module should initially be copied from "sql", and then modified to work with DHCP.

  Then, in the DHCP virtual server, use "sql_dhcp" instead of "sql".  And in the RADIUS virtual server, use "sql".

  Using two different configurations like this means that they don't conflict with each other.

  Alan DeKok.

More information about the Freeradius-Users mailing list