freeradius and dynamic ip allocation

Paul Robinson paul at iconoplex.co.uk
Wed May 28 17:28:45 BST 2003


On Wed, May 28, 2003 at 12:13:59PM +0100, Robin Garbutt wrote:

> does anyone know how to configure freeradius so that it dynamically asigns ip addresses from a pool as opposed to allocating a static ip address?

Firstly, freeradius isn't very good. Personally, I'd reccomend XTradius as 
it just gives you a lot more flexibility. but, you probably have it for a 
reason, so...
 
> my users in the users file look like the following at present:-
> 
> robing Auth-Type := Local, User-Password == "password"
>        Service-Type = Framed-User,
>        Framed-Protocol = PPP,
>        Framed-IP-Address = 195.8.182.0,
>        Framed-IP-Netmask = 255.255.255.0,
>        Framed-Routing = Broadcast-Listen,
>        Framed-Filter-Id = "std.ppp",
>        Framed-MTU = 1500,
>        Framed-Compression = Van-Jacobsen-TCP-IP

Not being funny, but that's horrible. What NAS/RAS kit are you using with 
that?

If your RAS is configured with a pool of IPs it can dole out, the magic line 
to edit is:

Framed-IP-Address - 255.255.255.254

In fact, I would strongly urge you to read:

http://www.oreilly.com/catalog/radius/chapter/ch05.html

Simply because it might help you clean up your config file a bit.

If you don't want the RAS to assign it (or you're using kit that can't
pool), but you want to assign it at the radius server first check you're
never going to have more than one NAS, or if you do, you can handle dynamic
IPs being moved across from one box to another. Otherwise, I'd recommend
moving over to something with more intelligence built-in, like XtRaius which
allows you to craft the packets you send back with any program of your
choice - so you could write a Perl script that takes an IP out of a pool you
store in MySQL or something and throws that back. Gives more flexibility

It's been a few years since I was last doing RADIUS and on an IETF WG for 
this stuff, but I hope this helps...

-- 
Paul Robinson




More information about the Ukfreebsd mailing list