[RADIATOR] Dynamic Address Allocation

Sun May 8 19:31:24 CDT 2016

Hello Thomas -

You will find a complete example in “goodies/addressallocator.cfg” and the RADPOOL database structure in “goodies/sybase.sql”.

regards

Hugh

> On 8 May 2016, at 23:57, Thomas Kurian <thomas at kccg.com> wrote:
> 
> 
> Hi Support,
> 
> For dynamic address allocation , if you can
> please help me by advising steps to implement addressallocator.cfg as we
> have decided to use sql as address backend. Please advise the sql
> database structure radpool and radonline tables. We want to assign ip
> address to client machines based on their username, password and
> hostname. Our requirement is to map Username/Hostname to assigned its
> respective client ip address.
> 
> Following is our radius.cfg for your kind review :-
> 
> #Foreground
> #LogStdout
> 
> AcctPort 1813
> AuthPort 1812
> 
> BindAddress 0.0.0.0
> 
> LogDir        /var/log/radius
> DbDir        /etc/radiator
> DictionaryFile /etc/radiator/dictionary
> 
> # User a lower trace level in production systems:
> Trace         4
> 
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
>    Secret    archies
>    DupInterval 0
> </Client>
> 
> 
> <Client 172.16.0.229>
>        Secret  archies
>        Identifier FW1
>        DupInterval 0
> </Client>
> 
> 
> <AuthLog FILE>
>    Identifier myauthlogger
>    Filename %L/authlog
>    LogSuccess 1
>    LogFailure 1
> </AuthLog>
> 
> <Handler Request-Type=Access-Request,Client-Identifier=FW1>
>        <AuthBy FILE>
>                Filename %D/users
>        </AuthBy>
>        # Log accounting to a detail file
>        AcctLogFileName %L/detail
> 
> PostAuthHook file:"/etc/radiator/wgetmagic.pl"
> 
> </Handler>
> 
> # This is where we authenticate a PEAP inner request, which will be an
> # EAP request. The username of the inner request will anonymous by
> # default, although the identity of the EAP request will be the real
> # username we are trying to authenticate.
> <Handler
> Request-Type=Access-Request,Client-Identifier=NETGENIE,TunnelledByPEAP=1>
>    Identifier EAP-MSCHAP-V2
>    <AuthBy FILE>
>        Filename %D/users
> 
>        # This tells the PEAP client what types of inner EAP requests
>        # we will honour
>        EAPType MSCHAP-V2
>    </AuthBy>
> 
>    # Log authentication success and failure to the a file
>    AuthLog myauthlogger
> 
>    PostAuthHook
> file:"/root/Desktop/Radiator-installer20-3-2016/Radiator-Locked-4.16/goodies/eap_anon_hook.pl"
> </Handler>
> 
> <Handler Client-Identifier=NETGENIE>
>    Identifier EAP-PEAP
>    <AuthBy FILE>
>        Filename %D/users
> 
>        EAPType PEAP
> 
>        EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
> 
>        EAPTLS_CertificateFile %D/certificates/cert-srv.pem
>        EAPTLS_CertificateType PEM
> 
>        EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
>        EAPTLS_PrivateKeyPassword whatever
> 
>        EAPTLS_MaxFragmentSize 1000
> 
>        AutoMPPEKeys
> 
>        EAPTLS_PEAPVersion 0
> 
>    </AuthBy>
> 
>    # Log authentication success and failure to the a file
>    AuthLog myauthlogger
> 
> PreProcessingHook
> file:"/root/Desktop/Radiator-installer20-3-2016/Radiator-Locked-4.16/goodies/eap_anon_hook.pl"
>    AcctLogFileName %D/detail
> </Handler>
> 
> 
> 
> -- 
> Best Regards,
> 
> Thomas Kurian
> 
> 
> 
> 
> 
> 

--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.