Freeradius dhcp module configuration

Mon Feb 5 04:57:34 CET 2018

Hello,

You mention that I should "create a "files_dhcp" which is a variant of 
the "files" module for DHCP users."

I have tried several times, but if I just define it as

files {

}

Freeradius will report that

Duplicate module "files files", in file /etc/freeradius/3.0/mods-enabled/files:9 and file /etc/freeradius/3.0/mods-enabled/files_dhcp:9

If I try to define it as

files_dhcp {

}

then the result is:

/etc/freeradius/3.0/mods-enabled/files_dhcp[9]: Failed to link to module 'rlm_files_dhcp': /usr/lib/freeradius/rlm_files_dhcp.so: cannot open shared object file: No such file or directory

Let's say that I would just have a file that uses as key the string 
"%{DHCP-Relay-Circuit-Id}%{DHCP-Relay-Remote-Id}" (Option 82 user 
identification) as a key, then some kind of delimiter, then the IP 
address that should be statically assigned to this user.

If the user is not found in the list, he should be assigned an IP 
address from a single, simple pool. That's all I need from the DHCP 
Virtual Server. Could you please, please perhaps hint about how the 
syntax of the relevant dhcp configuration files should look like? I am 
really stuck, I have read every file in mods-available/, 
sites-available/, I have read all the wiki on 
http://networkradius.com/doc/current/ , but I am still stuck.

I would be extremely grateful for any advice.

Thank you in advance.

-- 
S pozdravem,
Daniel Ryšlink
System Administrator

Dial Telecom a. s.
Křižíkova 36a/237
186 00 Praha 3, Česká Republika
Tel.:+420.226204627
daniel.ryslink at dialtelecom.cz
-----------------------------------------------
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
-----------------------------------------------

On 29.1.2018 14:54, Alan DeKok wrote:
> On Jan 29, 2018, at 7:23 AM, Daniel Ryšlink <ryslink at dialtelecom.cz> wrote:
>> First of all, I apologize for anything wrong in my approach or method (there is probably plenty), but my time is running short and so I come here to ask for advice.
>>
>> I am trying to setup a Freeradius server with a DHCP virtual server. An example from my users file:
>>
>> Gi0/19:10.010B465454582D535749544348    Cleartext-Password := "juniper-bng1"
>    You don't need passwords for DCHCP.
>
>>          ERX-Ingress-Policy-Name := FF-1M,
>>          ERX-CoS-Shaping-Pmt-Type = "T02 2m",
>>          ERX-Cos-Scheduler-Pmt-Type = "VOIP-SCH T10 100k",
>    These attributes don't go into DHCP packets/
>
>> The idea behind the "key" line is that the user should be identified by both the combination of Circuit-ID and Remote-ID (Option 82), and ADSL-Agent-Circuit-Id and ADSL-Agent-Remote-Id are present in the Radius packet but absent from the DHCP packet, but DHCP-Relay-Circuit-Id and DHCP-Relay-Remote-Id are present in the DHCP packet and absent from the Radius packet. Thus, no matter if the pool is called by the Radius or the DHCP virtual server, this line always expand to the same key for a given user.
>    OK.
>
>> I have read in the docs that there is the DHCP configuration (mods-available/dhcp) file that allows to "decode the Option 82 values", but I did not manage to get it working since there is no working example in the documentation, and I could not even google one up.
>>
>> My questions:
>>
>> 1) If the address is in the static Framed-IP-Address in the users (files/authorize) file, how do I tell the DHCP server to use it for the given user via the ippool module when the DHCP request comes?
>    Read raddb/sites-available/dhcp.  Just list "ippool" in the virtual server.  And also, create a "files_dhcp" which is a variant of the "files" module for DHCP users.
>
>> 2) When assigning a dynamic address from the 'hohola' pool, I managed to get it working, but the Radius assigns one address and creates an entry in the ippool database, and then the DHCP server discovers that for a given key there is already an entry, but decides it is "stale", and assigns another IP address.
>    Because it hasn't been updated with the appropriate DHCP information.
>
>    You can't just create one set of policies / modules, and have them work for *both* DHCP and RADIUS.  The protocols are different, and need different management.
>
>    Alan DeKok.
>
>