DHCP server failing to add ARP entry?

[Toby Walsh]

I have a box running Freeradius as a backend to pfSense. I'd like to use FR
as a DHCP server. With Alan's help I set up DHCP and EAP on separate sql
modules. It works OK when pfSense is serving IPs (FR fails to add an ARP
entry but pfSense's DHCP server overrides/ignores FR's anyway). When I turn
off the DHCP server on pfSense and try to run exclusively FR's, I get the
following key message in my debug:

"Failed adding ARP entry: Failed to add entry in ARP cache: Operation not
permitted (1)"

I read the doco for FR's DHCP server and used the command:

"sudo setcap cap_net_admin=ei /usr/sbin/freeradius"

and tried eip as well but it had no effect.

I'm running:

"sudo freeradius -X"

as well, just to make sure the privileges are OK. Here is the debug output
from a sample connection attempt - http://pastebin.com/raw/acNazHPA .

I probably set up my dhcp server incorrectly. Here's an example of my
sites-enabled/dhcp_static : http://pastebin.com/raw/S1mb4bFc

One thing I did not do is obey the comments at the top of that file
instructing to call setfib because I thought the comments implied it was
unnecessary when a config doesn't have multiple interfaces.

It won't surprise me if many of those server settings are completely
incorrect and that is the source of my problem.

More info - when I run:

"arp -s some_ip some_mac"

I get:

"SIOCSARP: Operation not permitted"

So that's a pretty big clue corresponding to my debug output. However when
I run it as sudo it works, obviously. And I run freeradius as sudo so I
presumed along with the set capabilities it _should_ work, right?

The only other time I found a mailing list response referring to my problem
the two solutions were:

(i) set broadcast = no in the dhcp server
(ii) find out why the arp setting isn't working

I'm trying to work out (ii) but the OP never responded in that thread so
there was no resolution from them.

Thanks,
Toby