looking for help on an unusual config
dandenson at gmail.com
Thu Sep 22 19:31:43 UTC 2022
'Alan, thanks for the help here, I appreciate it. Took me a minute to
get freeradius installed and hack my way through the very basics but
here's what I have.
Test setup is ubuntu 22.04 freeradius from repos. Mikrotik routeros
v7 'router' running DHCP with radius pointed to the ubuntu box.
Another mikrotik v7 'bridge' to insert DHCP option 82.
The data it inserts is:
Agent Circuit ID = 'mAP-1 eth 0/2'
Agent Remote ID = 'ether2'
So I'm looking for the Circuit ID here.
freeradius -X -x with the client for the mikrotik router.
I'm using a yealink phone as the target device here because it's handy.
Ready to process requests
(8) Received Accounting-Request Id 76 from 192.168.1.208:50139 to
192.168.1.211:1813 length 216
(8) User-Name = "00:15:65:A4:E0:1F"
(8) NAS-Port-Type = Ethernet
(8) NAS-Port = 2208301057
(8) Service-Type = Framed-User
(8) Calling-Station-Id = "1:0:15:65:a4:e0:1f"
(8) Framed-IP-Address = 100.72.2.199
(8) Called-Station-Id = "APs"
(8) Agent-Remote-Id = 0x657468657232
(8) ADSL-Agent-Remote-Id = 0x657468657232
(8) Agent-Circuit-Id = 0x6d41502d312065746820302f32
(8) ADSL-Agent-Circuit-Id = 0x6d41502d312065746820302f32
(8) Event-Timestamp = "Sep 22 2022 19:15:06 UTC"
(8) Acct-Status-Type = Stop
(8) Acct-Session-Id = "0100a083"
(8) Acct-Authentic = Local
(8) Acct-Session-Time = 2218
(8) NAS-Identifier = "RLB-Access"
(8) Acct-Delay-Time = 0
(8) NAS-IP-Address = 192.168.1.208
Agent-Remote-Id's HEX converts to 'ether2'
Agent-Circuit-Id's HEX converts to 'mAP-1 eth 0/2'
The 'ADSL versions are identical data so either one I think is usable..
On some platforms I can manipulate these two values. On these
Mikrotik's Remote ID is always set to the device id + serialized port
id, 'mAP-1' is the 'bridge' device's identification (I can change
this) and 'eth 0/2' is switch1, port 2 So basically I want to use the
'Agent-Circuit-Id'. Other platforms like cambiums cnwave I manually
put this data into the customer prem radio, so that's likely the
radio's MAC address. On Ubiquiti I can't remember but I think it's
radio name + port number as well. I can verify this later. End of
the day, the HEX value of agent id I think is what I want as the
username *AND* what I want freeradius to reply for Client ID.
On Thu, Sep 22, 2022 at 10:24 AM Alan DeKok <aland at deployingradius.com> wrote:
> On Sep 22, 2022, at 12:12 PM, dan <dandenson at gmail.com> wrote:
> > ie, request comes in with remote id of '00:11:22'
> > so I want freeradius to reply with client id of 00:11:22' and 'dhcp pool =
> > users' and 'accept'.
> OK... I assume there are actual RADIUS attributes for this?
> They're certainly not standard attributes. Maybe Mikrotik has such attributes, but I don't use Mikrotik, so I'm not familiar with them.
> > Then my router will hand out an address from pool
> > 'users' and the lease will show that client id. If another dhcp request
> > comes in with a different MAC but the same option 82 remote ID, radius will
> > do the same thing, reply back with the client id and the lease get's
> > updated/replaced.
> > Does this makes sense?
> That explanation makes a lot more sense than the previous very vague question. Details matter. And giving details helps us give you the correct solution.
> Which here is (as always): run the server in debug mode.
> See which attributes come in the packet. Then, write if / then / else rules to match attributes. And to reply with more attributes.
> See the Mikrotik documentation and/or dictionaries for which attributes need to be in the reply.
> See the FreeRADIUS documentation for how to configure FreeRADIUS.
> There are 1000 vendors, each of which have 1000 different products. We can't document them all, unfortunately.
> Alan DeKok.
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users