not logged in | [Login]

Why using Freeradius as a DHCP instead of the traditional ISC DHCP server?

-Because it has the possibility to manage IP's configuration of each host directly from a DB, while ISC only accepts text archives. In places with many hosts is more natural to add a couple of registers on a database than writing and maintain text archives. Develop management ISP software it's easier too.

-Because it has the native possibility to store logs on database. ISC manages logs in archive texts. Logs in database are easy to see, classify or archive.

-Because it allows to add hosts without restart daemons.

-Because in many cases it will be simpler. If you already have a freeradius server for authentication, authorization or accounting tasks, this can also be a DHCP server. One less server to maintain and configure!

-Because we can!

This example is a guide to configure a Freeradius server as DHCP server for static ip allocation from MySQL, using DHCP options. Might work for provision of cable modems. Example based on Debian.

One important thing! (specially Ubuntu users): DHCP functionality will not work when installed from PPA, or at least the package version 2.2.0 + dfsg-ppa10 not work. Reason: I dont know. I installed and configured without errors, seems to respond correctly OFFER and ACK but this packets never leaves the network adapter.

Table of Contents

Before You Start

This example assumes that the network adapter where is connected freeradius have the following settings:

    auto eth1
    iface eth1 inet static
    address 192.168.10.1
    netmask 255.255.255.0
    network 192.168.10.0
    broadcast 192.168.10.255

Also:

    Client mac-address is 00:11:22:00:33:44

Let's start

Install from sources

- Download sources from Freeradius:

    wget ftp://ftp.freeradius.org/pub/freeradius/freeradius-server-2.2.0.tar.gz

- Unpack sources, then enter in new directory:

    tar -xvzf freeradius-server-2.2.0.tar.gz
    cd freeradius-server-2.2.0

- Configure it:

    ./configure --with-dhcp

- Add dictionary: edit share/dictionary (in sources files) and add a line containing

    "$INCLUDE dictionary.dhcp" whithout quotes.

- If mysql is not installed, install it:

    apt-get install mysql-server

- Also, with mysql need some extra packages:

    apt-get install mysql-devel libmysqld-dev libmysqlclient-dev

libmysqld-dev libmysqld-pic

- Compile:

    make
    make install _(do as root)_

- Modify radiusd.conf (the configuration files is located in /usr/local/etc/raddb)

    uncomment "$INCLUDE sql.conf"
    set "user = root" and "group = root"

- Modify sql.conf configure login/password for access to mysql database and leave dialup.conf included

Prepare mysql database

- Create database "radius"

    mysql -u user -p pass (login in mysql console)
        create database radius

- Load schema for mysql

    mysql -u user -p pass radius 

- Add this in radius database:

    mysql -u user -p pass (login in mysql console)
        use radius;
        INSERT INTO `radcheck` (`username`, `attribute`, `op`, `value`) VALUES ('00:11:22:00:33:44',  'Cleartext-Password', ':=', '');
        INSERT INTO `radreply` (`username`, `attribute`, `op`, `value`) VALUES ('00:11:22:00:33:44', 'DHCP-Your-IP-Address', '=', '192.168.10.10');

optionally included as example:

        INSERT INTO `radreply` (`username`, `attribute`, `op`, `value`) VALUES ('00:11:22:00:33:44', 'DHCP-Subnet-Mask', '=', '255.255.255.0');
        INSERT INTO `radreply` (`username`, `attribute`, `op`, `value`) VALUES ('00:11:22:00:33:44', 'DHCP-Router-Address', '=', '192.168.10.1');
        INSERT INTO `radreply` (`username`, `attribute`, `op`, `value`) VALUES ('00:11:22:00:33:44', 'DHCP-Bootp-Extensions-Path', '=', 'modem.acf');
        INSERT INTO `radreply` (`username`, `attribute`, `op`, `value`) VALUES ('00:11:22:00:33:44', 'DHCP-TFTP-Server-Name', '=', '172.31.1.1');

- Modify /usr/local/etc/raddb/sql/dialup.conf, replace:

    sql_user_name = "%{User-Name}"

for...

    sql_user_name = "%{DHCP-Client-Hardware-Address}"

This use mac-address as username.

- create a /usr/local/etc/raddb/sites-enabled/dhcp_static and add this (you can find the original example in /usr/local/etc/raddb/sites-available/dhcp):

    server dhcp {
        listen {
            type = dhcp
            ipaddr = 255.255.255.255
            port = 67
            interface = eth1
            broadcast = yes
        }
        dhcp DHCP-Discover {
            update reply {
                DHCP-Message-Type = DHCP-Offer
            }
    
            update reply {
                DHCP-Domain-Name-Server = 0.0.0.0
                DHCP-IP-Address-Lease-Time = 7200
                DHCP-DHCP-Server-Identifier = 192.168.10.1
            }
    
            sql.authorize
            ok
        }
    
        dhcp DHCP-Request {
            update reply {
                DHCP-Message-Type = DHCP-Ack
            }
    
            update reply {
                DHCP-Domain-Name-Server = 0.0.0.0
                DHCP-IP-Address-Lease-Time = 7200
                DHCP-DHCP-Server-Identifier = 192.168.10.1
            }
    
            sql.authorize
            sql.post-auth
            ok
        }
    
        dhcp {
            reject
        }
    }

Start testing

    /usr/local/sbin/radiusd -X

Troubleshooting

-/usr/local/sbin/radiusd: error while loading shared libraries: libfreeradius-radius-2.2.0.so: cannot open shared object file: No such file or directory

this solves the problem:

    /sbin/ldconfig -v

-Could not link driver rlm_sql_mysql: rlm_sql_mysql.so: cannot open shared object file: No such file or directory

    Missing mysql devel extra packages. Install before compile!

TIP: You can use dhcpdump to see DHCP request and responses in your server.