(RADIATOR) IP Accounting
doc@dcclrt.co.uk
davidandrew at dcclrt.co.uk
Sun Dec 5 06:42:02 CST 2004
Hi All,
Having got the idea of handlers etc. thanks to Hugh, I would like to know about how Radiator can allocate IP addresses to wireless clients.
I have read the addressallocationdhcp config file in /goodies and other documentation but as ever the penny doesn't drop until the last minute.
In my config file I have numerous sites configured to auth by ldap to NDS with a return attribute giving a vlan ID. Also with that return I would like the clients to be allocated a dynamic IP from a given range. Please would you point me in the right direction as to how each site would need configuring in order to achieve this. And am I right in thinking that the Radiator server does NOT need a DHCP service installed and that it is fully handled by Radiator ?
Many thanks.
Dave
---------------------------
Foreground
LogStdout
LogDir /var/log/radius
LogFile %L/%Y-%m-log
DbDir /etc/radiator
Trace 4
AuthPort 1812
AcctPort 1813
<Client xxx.xxx.xxx.xxx>
IdenticalClients xxx.xxx.xxx.xxx
Secret 1234
DupInterval 0
Identifier site
</Client>
<Client xxx.xxx.xxx.xxx>
IdenticalClients xxx.xxx.xxx.xxx
Secret x
DupInterval 0
Identifier site1
</Client>
<Client xxx.xxx.xxx.xxx>
IdenticalClients xxx.xxx.xxx.xxx
Secret x
DupInterval 0
Identifier site2
</Client>
# ISU
<Handler Client-Identifier=site>
<AuthBy LDAP2>
# Tell Radiator how to talk to the LDAP server
ServerChecksPassword 1
Host xxx.xxx.xxx.xxx
Port 389
BaseDN o=xxx
UsernameAttr cn
# You can enable debugging of the Net::LDAP
# module with this:
#Debug 255
# With LDAP2, You can enable SSL or TLS with perl-ldap 0.22 and better
# by setting UseSSL or UseTLS. Not supported on Windows
#UseSSL
#UseTLS
#If you set UseSSL or UseTLS, also need to set these:
#SSLCAClientCert /etc/radiator/certificates/cert-clt.pem
#SSLCAClientKey whatever
# (certificates in PEM format)
# Also need to set one of:
#SSLCAFile /etc/radiator/certificates/demoCA/cacert.pem
#SSLCAPath /etc/radiator/certificates/demoCA
# (certificates in PEM format)
# These set the corresponding parameters in the
# LDAPS connection (see perl-ldap docs)
# Requires IO::Socket::SSL, Net::SSLeay and openssl
EAPType TTLS
EAPTLS_CAFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_CertificateFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_PrivateKeyPassword xxxxxxxxxx
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
StripFromReply Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group
AddToReply Tunnel-Type=13,Tunnel-Medium-Type=802,Tunnel-Private-Group=3
</AuthBy>
# This is a hook to change the Tunnel-Private-Group-ID information\
# into a value for non RFC 3850 compliant Access Points
# PostAuthHook file:"%D/hooks/vlan-ascii-to-binary-postauth"
</Handler>
# SITE 1
<Handler Client-Identifier=site1>
<AuthBy LDAP2>
# Tell Radiator how to talk to the LDAP server
ServerChecksPassword 1
Host xxx.xxx.xxx.xxx
Port 389
BaseDN o=xxx
UsernameAttr cn
# You can enable debugging of the Net::LDAP
# module with this:
#Debug 255
# With LDAP2, You can enable SSL or TLS with perl-ldap 0.22 and better
# by setting UseSSL or UseTLS. Not supported on Windows
#UseSSL
#UseTLS
#If you set UseSSL or UseTLS, also need to set these:
#SSLCAClientCert /etc/radiator/certificates/cert-clt.pem
#SSLCAClientKey whatever
# (certificates in PEM format)
# Also need to set one of:
#SSLCAFile /etc/radiator/certificates/demoCA/cacert.pem
#SSLCAPath /etc/radiator/certificates/demoCA
# (certificates in PEM format)
# These set the corresponding parameters in the
# LDAPS connection (see perl-ldap docs)
# Requires IO::Socket::SSL, Net::SSLeay and openssl
EAPType TTLS
EAPTLS_CAFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_CertificateFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_PrivateKeyPassword xxxxxxxxxx
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
StripFromReply Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group
AddToReply Tunnel-Type=13,Tunnel-Medium-Type=802,Tunnel-Private-Group=3
</AuthBy>
# This is a hook to change the Tunnel-Private-Group-ID information\
# into a value for non RFC 3850 compliant Access Points
# PostAuthHook file:"%D/hooks/vlan-ascii-to-binary-postauth"
</Handler>
# SITE 2
<Handler Client-Identifier=site2>
<AuthBy LDAP2>
# Tell Radiator how to talk to the LDAP server
ServerChecksPassword 1
Host xxx.xxx.xxx.xxx
Port 389
BaseDN o=xxx
UsernameAttr cn
# You can enable debugging of the Net::LDAP
# module with this:
#Debug 255
# With LDAP2, You can enable SSL or TLS with perl-ldap 0.22 and better
# by setting UseSSL or UseTLS. Not supported on Windows
#UseSSL
#UseTLS
#If you set UseSSL or UseTLS, also need to set these:
#SSLCAClientCert /etc/radiator/certificates/cert-clt.pem
#SSLCAClientKey whatever
# (certificates in PEM format)
# Also need to set one of:
#SSLCAFile /etc/radiator/certificates/demoCA/cacert.pem
#SSLCAPath /etc/radiator/certificates/demoCA
# (certificates in PEM format)
# These set the corresponding parameters in the
# LDAPS connection (see perl-ldap docs)
# Requires IO::Socket::SSL, Net::SSLeay and openssl
EAPType TTLS
EAPTLS_CAFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_CertificateFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile /etc/radiator/certificates/xxxxxxxxxx
EAPTLS_PrivateKeyPassword xxxxxxxxxx
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
StripFromReply Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group
AddToReply Tunnel-Type=13,Tunnel-Medium-Type=802,Tunnel-Private-Group=3
</AuthBy>
# This is a hook to change the Tunnel-Private-Group-ID information\
# into a value for non RFC 3850 compliant Access Points
# PostAuthHook file:"%D/hooks/vlan-ascii-to-binary-postauth"
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20041205/f78092cc/attachment.html>
More information about the radiator
mailing list