Freeradius dhcp module configuration

Alan Buxey alan.buxey at gmail.com
Mon Feb 5 09:40:11 CET 2018 

files files_dhcp {
}

The named module directive is documented

alan

On 5 Feb 2018 3:57 am, "Daniel Ryšlink" <ryslink at dialtelecom.cz> wrote:

Hello,

You mention that I should "create a "files_dhcp" which is a variant of the
"files" module for DHCP users."

I have tried several times, but if I just define it as

files {

}

Freeradius will report that

Duplicate module "files files", in file
/etc/freeradius/3.0/mods-enabled/files:9
and file /etc/freeradius/3.0/mods-enabled/files_dhcp:9

If I try to define it as

files_dhcp {

}

then the result is:

/etc/freeradius/3.0/mods-enabled/files_dhcp[9]: Failed to link to module
'rlm_files_dhcp': /usr/lib/freeradius/rlm_files_dhcp.so: cannot open shared
object file: No such file or directory

Let's say that I would just have a file that uses as key the string
"%{DHCP-Relay-Circuit-Id}%{DHCP-Relay-Remote-Id}" (Option 82 user
identification) as a key, then some kind of delimiter, then the IP address
that should be statically assigned to this user.

If the user is not found in the list, he should be assigned an IP address
from a single, simple pool. That's all I need from the DHCP Virtual Server.
Could you please, please perhaps hint about how the syntax of the relevant
dhcp configuration files should look like? I am really stuck, I have read
every file in mods-available/, sites-available/, I have read all the wiki
on http://networkradius.com/doc/current/ , but I am still stuck.

I would be extremely grateful for any advice.

Thank you in advance.

-- 
S pozdravem,
Daniel Ryšlink
System Administrator

Dial Telecom a. s.
Křižíkova 36a
<https://maps.google.com/?q=K%C5%99i%C5%BE%C3%ADkova+36a&entry=gmail&source=g>
/237
186 00 Praha 3, Česká Republika
Tel.:+420.226204627
daniel.ryslink at dialtelecom.cz
-----------------------------------------------
www.dialtelecom.cz
Dial Telecom, a.s.
Jednoduše se připojte
-----------------------------------------------

On 29.1.2018 14:54, Alan DeKok wrote:

> On Jan 29, 2018, at 7:23 AM, Daniel Ryšlink <ryslink at dialtelecom.cz>
> wrote:
>
>> First of all, I apologize for anything wrong in my approach or method
>> (there is probably plenty), but my time is running short and so I come here
>> to ask for advice.
>>
>> I am trying to setup a Freeradius server with a DHCP virtual server. An
>> example from my users file:
>>
>> Gi0/19:10.010B465454582D535749544348    Cleartext-Password :=
>> "juniper-bng1"
>>
>    You don't need passwords for DCHCP.
>
>          ERX-Ingress-Policy-Name := FF-1M,
>>          ERX-CoS-Shaping-Pmt-Type = "T02 2m",
>>          ERX-Cos-Scheduler-Pmt-Type = "VOIP-SCH T10 100k",
>>
>    These attributes don't go into DHCP packets/
>
> The idea behind the "key" line is that the user should be identified by
>> both the combination of Circuit-ID and Remote-ID (Option 82), and
>> ADSL-Agent-Circuit-Id and ADSL-Agent-Remote-Id are present in the Radius
>> packet but absent from the DHCP packet, but DHCP-Relay-Circuit-Id and
>> DHCP-Relay-Remote-Id are present in the DHCP packet and absent from the
>> Radius packet. Thus, no matter if the pool is called by the Radius or the
>> DHCP virtual server, this line always expand to the same key for a given
>> user.
>>
>    OK.
>
> I have read in the docs that there is the DHCP configuration
>> (mods-available/dhcp) file that allows to "decode the Option 82 values",
>> but I did not manage to get it working since there is no working example in
>> the documentation, and I could not even google one up.
>>
>> My questions:
>>
>> 1) If the address is in the static Framed-IP-Address in the users
>> (files/authorize) file, how do I tell the DHCP server to use it for the
>> given user via the ippool module when the DHCP request comes?
>>
>    Read raddb/sites-available/dhcp.  Just list "ippool" in the virtual
> server.  And also, create a "files_dhcp" which is a variant of the "files"
> module for DHCP users.
>
> 2) When assigning a dynamic address from the 'hohola' pool, I managed to
>> get it working, but the Radius assigns one address and creates an entry in
>> the ippool database, and then the DHCP server discovers that for a given
>> key there is already an entry, but decides it is "stale", and assigns
>> another IP address.
>>
>    Because it hasn't been updated with the appropriate DHCP information.
>
>    You can't just create one set of policies / modules, and have them work
> for *both* DHCP and RADIUS.  The protocols are different, and need
> different management.
>
>    Alan DeKok.
>
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
/users.html

More information about the Freeradius-Users mailing list