[RADIATOR] Assigning IP's directly from the Radius server
Michael
ringo at vianet.ca
Mon Jan 31 10:35:33 CST 2011
I've been working on this to. Got it working, but haven't put it into
production yet. May be a bit messy, but I just haven't got to the
cleansing stage yet.
So, here's how i understand it works:
<AddressAllocator SQL> used to build the sql table rows on startup and
configures the (de)allocating of the IPs.
<AuthBy DYNADDRESS> passes the request to AddressAllocator from a
Handler. The DYNADDRESS needs to be call by your auth/start/and stop
Handler.
NOTE: i used a separate AddressAllocator to build the table rows, and
KEEP IT DISABLED at all times since my ip table is used by multiple
radiator servers so I never really want it to rebuild.
# adds the proper rows for each available IP on startup.
<AddressAllocator SQL>
Identifier init
...
<AddressPool 192.168.1.1>
Subnetmask 255.255.255.255
Range 192.168.1.100 192.168.1.200
</AddressPool>
<AddressPool 192.168.2.1>
Subnetmask 255.255.255.255
Range 192.168.2.100 192.168.2.200
</AddressPool>
CheckPoolQuery select STATE from RADPOOL where YIADDR=?
CheckPoolQueryBindVar %0
AddAddressQuery insert into RADPOOL (STATE, TIME_STAMP, POOL, \
YIADDR, SUBNETMASK, DNSSERVER) values (0, ?, ?, ?, ?, ?)
AddAddressQueryBindVar %t
AddAddressQueryBindVar %0
AddAddressQueryBindVar %1
AddAddressQueryBindVar %2
AddAddressQueryBindVar %3
</AddressAllocator>
# configure allocate/deallocate sql statements.
<AddressAllocator SQL>
Identifier address-allocator.1
...
# sql select statement seems to need the ip address in the
# 2nd slot in the results to satisfy '%3' for 'AllocateQuery'.
# this seems to be an undocumented requirement.
FindQuery select NULL, ip, netmask from ip_pools where pool=? \
and state=0 order by timestamp limit 1
FindQueryBindVar %0
# allocate during 'Access-Request' after sucessful 'FindQuery'
AllocateQuery update ip_pools set state=1,timestamp=?, \
auth_un=? where ip=?
AllocateQueryBindVar %0
AllocateQueryBindVar %2
AllocateQueryBindVar %3
# deallocate with accounting Stop packets
DeallocateQuery update ip_pools set state=0, auth_un=NULL, \
timestamp=? where ip=?
DeallocateQueryBindVar %t
DeallocateQueryBindVar %0
# ReclaimQuery = (blank) ...to disable lease expiring.
ReclaimQuery
# defaults to:
#ReclaimQuery update RADPOOL set STATE=0 where STATE!=0 and \
EXPIRY < ?
#ReclaimQueryBindVar %0
</AddressAllocator>
# middle-man DYNADDRESS used to pass to AddressAllocator
<AuthBy DYNADDRESS>
# specific ip pool for nas defined by 'NAS-IP-Address'
Identifier nas_specific
AddressAllocator address-allocator.1
PoolHint %{Request:NAS-IP-Address}
MapAttribute ip, Framed-IP-Address
MapAttribute netmask, Framed-IP-Netmask
#StripFromReply PoolHint
</AuthBy>
<Handler Request-Type = Access-Request, ...>
...
AuthByPolicy ContinueWhileAccept
AuthBy auth.sql
# send to DYNADDRESS after Accept to get it's ip.
AuthBy nas_specific
...
</Handler>
<Handler Request-Type = "Accounting-Request", \
Acct-Status-Type = Start|Stop ....>
....
# AuthByPolicy (blank): process all AuthBy's
AuthByPolicy
# acct details logging
AuthBy acct.sql
AuthBy another-if-you-want-to
# start/stops need to go to DYNADDRESS to allocate/deallocate
AuthBy nas_specific
...
</Handler>
Michael
On 11-01-31 04:46 AM, Gerard Alcorlo Bofill wrote:
> Hello,
>
> I'm using Radiator with 4 CISCO AP 1100 to offer Eduroam access.
> Nowadays we are giving IP address from a DHCP server without visibility
> with the Radius.
> I'd like to query the Radius using radwho.cgi script giving all the
> assignated IP addresses at that specific moment.
>
> To do that, I thought that the solution would be to use
> <AddressAllocator SQL> and then use the Framed-Route attribute to assign
> the gateway to the clients.
>
> Am I right?
>
> I also have problems understanding the<AddressAllocator DHCP> clause.
> In what situation is useful that Radiator asks the IP to a real DHCP
> server? Is something related to the performance or there are situations
> that need a DHCP mandatorily?
>
More information about the radiator
mailing list