[RADIATOR] Dynamic Address Allocation
Hugh Irvine
hugh at open.com.au
Sun May 8 19:31:24 CDT 2016
Hello Thomas -
You will find a complete example in “goodies/addressallocator.cfg” and the RADPOOL database structure in “goodies/sybase.sql”.
regards
Hugh
> On 8 May 2016, at 23:57, Thomas Kurian <thomas at kccg.com> wrote:
>
>
> Hi Support,
>
> For dynamic address allocation , if you can
> please help me by advising steps to implement addressallocator.cfg as we
> have decided to use sql as address backend. Please advise the sql
> database structure radpool and radonline tables. We want to assign ip
> address to client machines based on their username, password and
> hostname. Our requirement is to map Username/Hostname to assigned its
> respective client ip address.
>
> Following is our radius.cfg for your kind review :-
>
> #Foreground
> #LogStdout
>
> AcctPort 1813
> AuthPort 1812
>
> BindAddress 0.0.0.0
>
> LogDir /var/log/radius
> DbDir /etc/radiator
> DictionaryFile /etc/radiator/dictionary
>
> # User a lower trace level in production systems:
> Trace 4
>
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
> Secret archies
> DupInterval 0
> </Client>
>
>
> <Client 172.16.0.229>
> Secret archies
> Identifier FW1
> DupInterval 0
> </Client>
>
>
> <AuthLog FILE>
> Identifier myauthlogger
> Filename %L/authlog
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> <Handler Request-Type=Access-Request,Client-Identifier=FW1>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName %L/detail
>
> PostAuthHook file:"/etc/radiator/wgetmagic.pl"
>
> </Handler>
>
> # This is where we authenticate a PEAP inner request, which will be an
> # EAP request. The username of the inner request will anonymous by
> # default, although the identity of the EAP request will be the real
> # username we are trying to authenticate.
> <Handler
> Request-Type=Access-Request,Client-Identifier=NETGENIE,TunnelledByPEAP=1>
> Identifier EAP-MSCHAP-V2
> <AuthBy FILE>
> Filename %D/users
>
> # This tells the PEAP client what types of inner EAP requests
> # we will honour
> EAPType MSCHAP-V2
> </AuthBy>
>
> # Log authentication success and failure to the a file
> AuthLog myauthlogger
>
> PostAuthHook
> file:"/root/Desktop/Radiator-installer20-3-2016/Radiator-Locked-4.16/goodies/eap_anon_hook.pl"
> </Handler>
>
> <Handler Client-Identifier=NETGENIE>
> Identifier EAP-PEAP
> <AuthBy FILE>
> Filename %D/users
>
> EAPType PEAP
>
> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>
> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> EAPTLS_CertificateType PEM
>
> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
>
> EAPTLS_MaxFragmentSize 1000
>
> AutoMPPEKeys
>
> EAPTLS_PEAPVersion 0
>
> </AuthBy>
>
> # Log authentication success and failure to the a file
> AuthLog myauthlogger
>
> PreProcessingHook
> file:"/root/Desktop/Radiator-installer20-3-2016/Radiator-Locked-4.16/goodies/eap_anon_hook.pl"
> AcctLogFileName %D/detail
> </Handler>
>
>
>
> --
> Best Regards,
>
> Thomas Kurian
>
>
>
>
>
>
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list