Different DHCP Pools based on User
Thore Krüss
thore at scimeda.de
Sat Jun 16 16:18:48 CEST 2018
Good evening,
in a wifi setup we almost had the same requirements (the networks to choose from
where a bit different, but that's beside the point).
What I did was to save an ip-pool name with the user attribute in the radcheck
table
(https://wiki.freeradius.org/guide/SQL-HOWTO-for-freeradius-3.x-on-Debian-Ubuntu).
So now it looks more or less like this (at least the view creating it):
+----+----------------+--------------------+------------------+------+
| id | UserName | Attribute | Value | Op |
+----+----------------+--------------------+------------------+------+
| 1 | fredf | Cleartext-Password | wilma | := |
| 2 | fredf | Pool-Name | vpn | := |
Then the pool name gets logged to radpostauth (you have to alter the query to do
so). The dhcp module then queries radpostauth for the last successful
authentication from the given mac address and now has the pool-name to work with in
the dhcp-ippool module.
Best regards
Thore
P.S: You might have to sanitize the mac address depending on the vendor of the
wifi hardware.
On Sat, Jun 16, 2018 at 03:27:00PM +0200, Paul via Freeradius-Users wrote:
> Hi,
>
> thanks for your answer! I'm using MySQL for my current setup
> (pretty much standard setup with standard schema)
>
> My problem is:
> * How to save the MAC <-> User Associations in the Database?
> * How to configure DHCP to use this Association?
>
> Thanks!
>
> Paul
>
>
> On 16.06.2018 13:51, Alan DeKok wrote:
> > On Jun 16, 2018, at 6:34 AM, Paul via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> > > All Users are authenticated via Radius by an Access-Point (without own
> > > DHCP Server) and need IPs from different Pools.
> > >
> > > I would like to realize this via FreeRadius DHCP.
> >
> > That's possible.
> >
> > > So the FreeRadius Authentication-Server remembers the User with
> > > associated MAC and if the user requests a IP from the FreeRadius DHCP it
> > > would assign the user one from the specified pool
> >
> > When you say "FreeRADIUS remembers the user with associated MAC", what that means is "write the username and MAC to a database".
> >
> > Then, when FreeRADIUS receives a DHCP request with that MAC, it can use that to look up the user. And then apply the pool information.
> >
> > Which database do you want to use? FreeRADIUS doesn't have an in-memory database, so you will need to use something like SQL or Redis.
> >
> > Alan DeKok.
> >
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> >
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list