IP assignment based on AD group

Dave Funk dbfunk at engineering.uiowa.edu
Wed Oct 30 16:56:53 UTC 2024 

On Wed, 30 Oct 2024, Rodrigo Abrantes Antunes wrote:

> Citando Alan DeKok <aland at deployingradius.com>:
>
>> On Oct 30, 2024, at 11:10 AM, Rodrigo Abrantes Antunes 
>> <rodrigoantunes at pelotas.ifsul.edu.br> wrote:
>>> Ok, so what it is doing in this guide? 
>>> https://wiki.freeradius.org/guide/Ippool-and-radius-clients
>>> 
>>> It looks a lot of what I would like.
>>
>>  Are you running mikrotik equipment?  No?  Then it won't work.  That Wiki 
>> page is extremely clear on that.
>
> The wiki says the opposite actually.
>
> "The example here is based on a using a Mikrotik router client but the 
> principles are the same as for any client."

That specific text from that page: "principles are the same as for any client."
is a bit misleading insofar as it's talking about 'any client' which is an 
integrated wireless-AP+router+DHCP-server in one box (EG the mikrotik).

The box being used needs to understand radius AND can note the Framed-IP 
attributes in the access request reply AND store them in its internal DHCP 
server's database AND will hand that back to the client WHEN the client sends a 
DHCP request to the 'router'.

>> 
>>> There is a wireless client that asks for ip to the dhcp server, the 
>>> dhcpserver then sends an access request to freeradius which replies with 
>>> the right IP for the wireless client.
[snip..]
>
> No, I'm talking about the case in the wiki: There is a wireless client that 
> asks for ip to the dhcp server, the dhcpserver then sends an access request 
> to freeradius which replies with the right IP for the wireless client.
>
> That case looks a lot like mine, thats why I didn't undestood why you said is 
> impossible for radius to assign ip to clients with dhcp. I just wanted to 
> know why.

The DHCP server never sends an access request to freeradius. The access request 
happens at the EAPOL level, the AP talking to FR.
If the AP and DHCP server are "joined at the hip" in the same device then you 
can get this integrated functionality.

If you're using classical stand-alone APs and classical separate DHCP server (EG 
an ISC based critter) then you do NOT have the infrastructure which that wiki 
article is talking about.


-- 
Dave Funk                               University of Iowa
<dbfunk (at) engineering.uiowa.edu>     College of Engineering
319/335-5751   FAX: 319/384-0549        1256 Seamans Center, 103 S Capitol St.
Sys_admin/Postmaster/cell_admin         Iowa City, IA 52242-1527
#include <std_disclaimer.h>
Better is not better, 'standard' is better. B{

More information about the Freeradius-Users mailing list