[RADIATOR] Dynamic Address Allocation
Sami Keski-Kasari
samikk at open.com.au
Mon May 9 06:01:52 CDT 2016
Hello Thomas,
Please see goodies/mysqlCreate.sql.
It includes example structure for RADPOOL and RADONLINE.
Do you know which RADIUS attribute includes hostname?
Best Regards,
Sami
On 08.05.2016 16:57, Thomas Kurian wrote:
>
> Hi Support,
>
> For dynamic address allocation , if you can
> please help me by advising steps to implement addressallocator.cfg as we
> have decided to use sql as address backend. Please advise the sql
> database structure radpool and radonline tables. We want to assign ip
> address to client machines based on their username, password and
> hostname. Our requirement is to map Username/Hostname to assigned its
> respective client ip address.
>
> Following is our radius.cfg for your kind review :-
>
> #Foreground
> #LogStdout
>
> AcctPort 1813
> AuthPort 1812
>
> BindAddress 0.0.0.0
>
> LogDir /var/log/radius
> DbDir /etc/radiator
> DictionaryFile /etc/radiator/dictionary
>
> # User a lower trace level in production systems:
> Trace 4
>
> # You will probably want to add other Clients to suit your site,
> # one for each NAS you want to work with
> <Client DEFAULT>
> Secret archies
> DupInterval 0
> </Client>
>
>
> <Client 172.16.0.229>
> Secret archies
> Identifier FW1
> DupInterval 0
> </Client>
>
>
> <AuthLog FILE>
> Identifier myauthlogger
> Filename %L/authlog
> LogSuccess 1
> LogFailure 1
> </AuthLog>
>
> <Handler Request-Type=Access-Request,Client-Identifier=FW1>
> <AuthBy FILE>
> Filename %D/users
> </AuthBy>
> # Log accounting to a detail file
> AcctLogFileName %L/detail
>
> PostAuthHook file:"/etc/radiator/wgetmagic.pl"
>
> </Handler>
>
> # This is where we authenticate a PEAP inner request, which will be an
> # EAP request. The username of the inner request will anonymous by
> # default, although the identity of the EAP request will be the real
> # username we are trying to authenticate.
> <Handler
> Request-Type=Access-Request,Client-Identifier=NETGENIE,TunnelledByPEAP=1>
> Identifier EAP-MSCHAP-V2
> <AuthBy FILE>
> Filename %D/users
>
> # This tells the PEAP client what types of inner EAP requests
> # we will honour
> EAPType MSCHAP-V2
> </AuthBy>
>
> # Log authentication success and failure to the a file
> AuthLog myauthlogger
>
> PostAuthHook
> file:"/root/Desktop/Radiator-installer20-3-2016/Radiator-Locked-4.16/goodies/eap_anon_hook.pl"
>
> </Handler>
>
> <Handler Client-Identifier=NETGENIE>
> Identifier EAP-PEAP
> <AuthBy FILE>
> Filename %D/users
>
> EAPType PEAP
>
> EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
>
> EAPTLS_CertificateFile %D/certificates/cert-srv.pem
> EAPTLS_CertificateType PEM
>
> EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
> EAPTLS_PrivateKeyPassword whatever
>
> EAPTLS_MaxFragmentSize 1000
>
> AutoMPPEKeys
>
> EAPTLS_PEAPVersion 0
>
> </AuthBy>
>
> # Log authentication success and failure to the a file
> AuthLog myauthlogger
>
> PreProcessingHook
> file:"/root/Desktop/Radiator-installer20-3-2016/Radiator-Locked-4.16/goodies/eap_anon_hook.pl"
>
> AcctLogFileName %D/detail
> </Handler>
>
>
>
--
Sami Keski-Kasari <samikk at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list