DHCP in FreeRadius 3 and logging

Thore Krüss thore at scimeda.de
Wed Mar 28 01:57:43 CEST 2018


Good evening,

we are running a freeradius 3.0.12+dfsg-5+deb9u1 (debian stretch package).

After a bit of hassle I got the dhcp module to work with the sql ippool and the
general authentication. The only thing I'm missing now is a feature logging the
assigned leases into the journal (authentication logging is working fine). I
assumed the section in mods-enabled (see below) would do so, but apparently it
doesn't. In the configuration for the dhcp virtual host I've also found no
parameters which should enable logging.
For convenience I've also appended the log section of freeradius -X. The log
destination is set to syslog.

Any help why the dhcp module does no logging or which option is missing is
really appreciated.

Best regards
Thore


```
/etc/freeradius/3.0/mods-enabled/dhcpippool
-------------------------------------------
sqlippool dhcp_sqlippool {
	sql_module_instance = "sql"

	ippool_table = "radippool"

	lease_duration = 7200

	# Client's MAC address is mapped to Calling-Station-Id in policy.conf
	pool_key = "%{Calling-Station-Id}"

	# Use queries modified for postgres
	$INCLUDE ${modconfdir}/sql/ippool-dhcp/queries.conf

	sqlippool_log_exists = "DHCP: Existing IP: %{reply:Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"

	sqlippool_log_success = "DHCP: Allocated IP: %{reply:Framed-IP-Address} from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"

	sqlippool_log_clear = "DHCP: Released IP %{Framed-IP-Address} (did %{Called-Station-Id} cli %{Calling-Station-Id} user %{User-Name})"

	sqlippool_log_failed = "DHCP: IP Allocation FAILED from %{control:Pool-Name} (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"

	sqlippool_log_nopool = "DHCP: No Pool-Name defined (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} user %{User-Name})"

}
```


```
/etc/freeradius/3.0/sites-enabled/dhcp (this is just the template)
------------------------------------------------------------------
server dhcp {
listen {
	type = dhcp
	ipaddr = {{ ansible_default_ipv4.address }}
	src_ipaddr = {{ ansible_default_ipv4.address }}
	port = 67
	interface = {{ ansible_default_ipv4.interface }}
	broadcast = no
}
dhcp DHCP-Discover {
	update reply {
	       DHCP-Message-Type = DHCP-Offer
	}
	update control {
		&Pool-Name := "%{sql: SELECT pool_name FROM radpostauth WHERE callingstationid ILIKE replace('%{&DHCP-Client-Hardware-Address}', ':','') AND pool_name != '' ORDER BY authdate DESC LIMIT 1;}"
	}
	dhcp_sqlippool

	update reply {
		&DHCP-Domain-Name-Server = 141.70.124.5
		&DHCP-Subnet-Mask = 255.255.255.252
		&DHCP-Router-Address = "%{sql:SELECT framedroute FROM radippool WHERE callingstationid = '%{&DHCP-Client-Hardware-Address}' LIMIT 1;}"
		&DHCP-IP-Address-Lease-Time = 3600
		&DHCP-DHCP-Server-Identifier = {{ ansible_default_ipv4.address }}
	}
	ok
}
dhcp DHCP-Request {
	update reply {
	       &DHCP-Message-Type = DHCP-Ack
	}
	update control {
		&Pool-Name := "%{sql: SELECT pool_name FROM radpostauth WHERE callingstationid ILIKE replace('%{&DHCP-Client-Hardware-Address}', ':','') AND pool_name != '' ORDER BY authdate DESC LIMIT 1;}"
	}

	dhcp_sqlippool
	update reply {
		&DHCP-Domain-Name-Server = 141.70.124.4
		&DHCP-Subnet-Mask = 255.255.255.252
		&DHCP-Router-Address = "%{sql:SELECT framedroute FROM radippool WHERE callingstationid = '%{&DHCP-Client-Hardware-Address}' LIMIT 1;}"
		&DHCP-IP-Address-Lease-Time = 3600
		&DHCP-DHCP-Server-Identifier = {{ ansible_default_ipv4.address }}
	}
	ok
}
dhcp DHCP-Decline {
	update reply {
	       &DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}
dhcp DHCP-Inform {
	update reply {
	       &DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}
dhcp DHCP-Release {
	update reply {
	       &DHCP-Message-Type = DHCP-Do-Not-Respond
	}
	reject
}
}
```

from freeradius -X
```
 log {
 	stripped_names = yes
 	auth = yes
 	auth_badpass = no
 	auth_goodpass = no
 	colourise = yes
 	msg_denied = "You are already logged in - access denied"
 }
```



More information about the Freeradius-Users mailing list