(RADIATOR) IP Accounting

doc@dcclrt.co.uk davidandrew at dcclrt.co.uk
Sun Dec 5 06:42:02 CST 2004


Hi All,

Having got the idea of handlers etc. thanks to Hugh, I would like to know about how Radiator can allocate IP addresses to wireless clients.
I have read the addressallocationdhcp config file in /goodies and other documentation but as ever the penny doesn't drop until the last minute.
In my config file I have numerous sites configured to auth by ldap to NDS with a return attribute giving a vlan ID. Also with that return I would like the clients to be allocated a dynamic IP from a given range. Please would you point me in the right direction as to how each site would need configuring in order to achieve this. And am I right in thinking that the Radiator server does NOT need a DHCP service installed and that it is fully handled by Radiator ?

Many thanks.
Dave

---------------------------
Foreground
LogStdout
LogDir  /var/log/radius
LogFile  %L/%Y-%m-log
DbDir  /etc/radiator
Trace  4
AuthPort 1812
AcctPort 1813

<Client xxx.xxx.xxx.xxx>
 IdenticalClients xxx.xxx.xxx.xxx
 Secret  1234
 DupInterval 0
 Identifier site
</Client>

<Client xxx.xxx.xxx.xxx>
 IdenticalClients xxx.xxx.xxx.xxx
 Secret  x
 DupInterval 0
 Identifier site1
</Client>

<Client xxx.xxx.xxx.xxx>
 IdenticalClients xxx.xxx.xxx.xxx
 Secret  x
 DupInterval 0
 Identifier site2
</Client>

# ISU
<Handler Client-Identifier=site>
  <AuthBy LDAP2>
  # Tell Radiator how to talk to the LDAP server
  ServerChecksPassword 1
  Host  xxx.xxx.xxx.xxx
  Port  389
  BaseDN  o=xxx
  UsernameAttr cn

  # You can enable debugging of the Net::LDAP
  # module with this:
  #Debug 255

  # With LDAP2, You can enable SSL or TLS with perl-ldap 0.22 and better
  # by setting UseSSL or UseTLS. Not supported on Windows
  #UseSSL
  #UseTLS
  #If you set UseSSL or UseTLS, also need to set these:
  #SSLCAClientCert /etc/radiator/certificates/cert-clt.pem
  #SSLCAClientKey whatever
  #  (certificates in PEM format)
  # Also need to set one of:
  #SSLCAFile /etc/radiator/certificates/demoCA/cacert.pem
  #SSLCAPath /etc/radiator/certificates/demoCA
  #  (certificates in PEM format)
  # These set the corresponding parameters in the 
  # LDAPS connection (see perl-ldap docs)
  # Requires IO::Socket::SSL, Net::SSLeay and openssl

  EAPType TTLS
  EAPTLS_CAFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_CertificateFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_CertificateType PEM
  EAPTLS_PrivateKeyFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_PrivateKeyPassword xxxxxxxxxx
  EAPTLS_MaxFragmentSize 1000
  AutoMPPEKeys

  StripFromReply  Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group
  AddToReply  Tunnel-Type=13,Tunnel-Medium-Type=802,Tunnel-Private-Group=3

 </AuthBy>

# This is a hook to change the Tunnel-Private-Group-ID information\
# into a value for non RFC 3850 compliant Access Points
# PostAuthHook file:"%D/hooks/vlan-ascii-to-binary-postauth"

</Handler>

# SITE 1
<Handler Client-Identifier=site1>
 <AuthBy LDAP2>
  # Tell Radiator how to talk to the LDAP server
  ServerChecksPassword 1
  Host  xxx.xxx.xxx.xxx
  Port  389
  BaseDN  o=xxx
  UsernameAttr cn

  # You can enable debugging of the Net::LDAP
  # module with this:
  #Debug 255

  # With LDAP2, You can enable SSL or TLS with perl-ldap 0.22 and better
  # by setting UseSSL or UseTLS. Not supported on Windows
  #UseSSL
  #UseTLS
  #If you set UseSSL or UseTLS, also need to set these:
  #SSLCAClientCert /etc/radiator/certificates/cert-clt.pem
  #SSLCAClientKey whatever
  #  (certificates in PEM format)
  # Also need to set one of:
  #SSLCAFile /etc/radiator/certificates/demoCA/cacert.pem
  #SSLCAPath /etc/radiator/certificates/demoCA
  #  (certificates in PEM format)
  # These set the corresponding parameters in the 
  # LDAPS connection (see perl-ldap docs)
  # Requires IO::Socket::SSL, Net::SSLeay and openssl

  EAPType TTLS
  EAPTLS_CAFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_CertificateFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_CertificateType PEM
  EAPTLS_PrivateKeyFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_PrivateKeyPassword xxxxxxxxxx
  EAPTLS_MaxFragmentSize 1000
  AutoMPPEKeys

  StripFromReply  Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group
  AddToReply  Tunnel-Type=13,Tunnel-Medium-Type=802,Tunnel-Private-Group=3

 </AuthBy>

# This is a hook to change the Tunnel-Private-Group-ID information\
# into a value for non RFC 3850 compliant Access Points
# PostAuthHook file:"%D/hooks/vlan-ascii-to-binary-postauth"

</Handler>

# SITE 2
<Handler Client-Identifier=site2>
 <AuthBy LDAP2>
  # Tell Radiator how to talk to the LDAP server
  ServerChecksPassword 1
  Host  xxx.xxx.xxx.xxx
  Port  389
  BaseDN  o=xxx
  UsernameAttr cn

  # You can enable debugging of the Net::LDAP
  # module with this:
  #Debug 255

  # With LDAP2, You can enable SSL or TLS with perl-ldap 0.22 and better
  # by setting UseSSL or UseTLS. Not supported on Windows
  #UseSSL
  #UseTLS
  #If you set UseSSL or UseTLS, also need to set these:
  #SSLCAClientCert /etc/radiator/certificates/cert-clt.pem
  #SSLCAClientKey whatever
  #  (certificates in PEM format)
  # Also need to set one of:
  #SSLCAFile /etc/radiator/certificates/demoCA/cacert.pem
  #SSLCAPath /etc/radiator/certificates/demoCA
  #  (certificates in PEM format)
  # These set the corresponding parameters in the 
  # LDAPS connection (see perl-ldap docs)
  # Requires IO::Socket::SSL, Net::SSLeay and openssl

  EAPType TTLS
  EAPTLS_CAFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_CertificateFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_CertificateType PEM
  EAPTLS_PrivateKeyFile /etc/radiator/certificates/xxxxxxxxxx
  EAPTLS_PrivateKeyPassword xxxxxxxxxx
  EAPTLS_MaxFragmentSize 1000
  AutoMPPEKeys

  StripFromReply  Tunnel-Type,Tunnel-Medium-Type,Tunnel-Private-Group
  AddToReply  Tunnel-Type=13,Tunnel-Medium-Type=802,Tunnel-Private-Group=3

 </AuthBy>

# This is a hook to change the Tunnel-Private-Group-ID information\
# into a value for non RFC 3850 compliant Access Points
# PostAuthHook file:"%D/hooks/vlan-ascii-to-binary-postauth"

</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20041205/f78092cc/attachment.html>


More information about the radiator mailing list