freeradius and dynamic ip allocation

Company 2210 company2210 at hotmail.com
Wed May 28 19:19:09 BST 2003


Another excellent (and platform independant  - runs on perl) radius server
is Open Systems Radiator. We use it for wireless client authentication and
it is superb, worth grabbing the evaluation version for a peek.

One quick question, while I'm here ;), how can you get ipfw to read from a
ruleset in a file? so you don't have to type the rules in again every time
you reboot?

Thanks

Colin.

----- Original Message -----
From: "Paul Robinson" <paul at iconoplex.co.uk>
To: "Robin Garbutt" <robing at netnorth.co.uk>
Cc: <freebsd-users at uk.freebsd.org>
Sent: Wednesday, May 28, 2003 5:28 PM
Subject: Re: freeradius and dynamic ip allocation


> On Wed, May 28, 2003 at 12:13:59PM +0100, Robin Garbutt wrote:
>
> > does anyone know how to configure freeradius so that it dynamically
asigns ip addresses from a pool as opposed to allocating a static ip
address?
>
> Firstly, freeradius isn't very good. Personally, I'd reccomend XTradius as
> it just gives you a lot more flexibility. but, you probably have it for a
> reason, so...
>
> > my users in the users file look like the following at present:-
> >
> > robing Auth-Type := Local, User-Password == "password"
> >        Service-Type = Framed-User,
> >        Framed-Protocol = PPP,
> >        Framed-IP-Address = 195.8.182.0,
> >        Framed-IP-Netmask = 255.255.255.0,
> >        Framed-Routing = Broadcast-Listen,
> >        Framed-Filter-Id = "std.ppp",
> >        Framed-MTU = 1500,
> >        Framed-Compression = Van-Jacobsen-TCP-IP
>
> Not being funny, but that's horrible. What NAS/RAS kit are you using with
> that?
>
> If your RAS is configured with a pool of IPs it can dole out, the magic
line
> to edit is:
>
> Framed-IP-Address - 255.255.255.254
>
> In fact, I would strongly urge you to read:
>
> http://www.oreilly.com/catalog/radius/chapter/ch05.html
>
> Simply because it might help you clean up your config file a bit.
>
> If you don't want the RAS to assign it (or you're using kit that can't
> pool), but you want to assign it at the radius server first check you're
> never going to have more than one NAS, or if you do, you can handle
dynamic
> IPs being moved across from one box to another. Otherwise, I'd recommend
> moving over to something with more intelligence built-in, like XtRaius
which
> allows you to craft the packets you send back with any program of your
> choice - so you could write a Perl script that takes an IP out of a pool
you
> store in MySQL or something and throws that back. Gives more flexibility
>
> It's been a few years since I was last doing RADIUS and on an IETF WG for
> this stuff, but I hope this helps...
>
> --
> Paul Robinson
>
> ------ FreeBSD UK Users' Group  -  Mailing List ------
> http://listserver.uk.freebsd.org/mailman/listinfo/freebsd-users
>




More information about the Ukfreebsd mailing list