DHCP server failing to add ARP entry?
Alan DeKok
aland at deployingradius.com
Sun Nov 6 14:26:26 CET 2016
> On Nov 6, 2016, at 7:02 AM, Toby Walsh <walshtj at gmail.com> wrote:
>
> I have a box running Freeradius as a backend to pfSense. I'd like to use FR
> as a DHCP server. With Alan's help I set up DHCP and EAP on separate sql
> modules. It works OK when pfSense is serving IPs (FR fails to add an ARP
> entry but pfSense's DHCP server overrides/ignores FR's anyway). When I turn
> off the DHCP server on pfSense and try to run exclusively FR's, I get the
> following key message in my debug:
>
> "Failed adding ARP entry: Failed to add entry in ARP cache: Operation not
> permitted (1)"
>
> I read the doco for FR's DHCP server and used the command:
>
> "sudo setcap cap_net_admin=ei /usr/sbin/freeradius"
As the docs say, that's a Linux command. pfSense is FreeBSD. The command might do something for Linux compatibility, but it's most likely that it won't work.
> I'm running:
>
> "sudo freeradius -X"
>
> as well, just to make sure the privileges are OK. Here is the debug output
> from a sample connection attempt - http://pastebin.com/raw/acNazHPA .
If it runs as root, it should have permission to update the ARP table entry.
> One thing I did not do is obey the comments at the top of that file
> instructing to call setfib because I thought the comments implied it was
> unnecessary when a config doesn't have multiple interfaces.
It isn't necessary for ARP.
> So that's a pretty big clue corresponding to my debug output. However when
> I run it as sudo it works, obviously. And I run freeradius as sudo so I
> presumed along with the set capabilities it _should_ work, right?
On FreeBSD, you should just run it as root. It should be able to update the ARP table entries.
There is code in the server to create raw DHCP packets, which should mean that it isn't necessary to update the ARP tables. But that code is Linux only. The code for FreeBSD is more complex, and no one has gotten around to implementing it yet.
Alan DeKok.
More information about the Freeradius-Users
mailing list