2013-04-15 - Re: [GRASE-Hotspot] FreeRadius Additional Conf

Header Data

From: Pablo Arango Correa <pa***o@psl.com.co>
Message Hash: 27ab23e258260856a955d5f117b75a996e7f23e8cbcfaaff9b1e7a70dbb6bcc1
Message ID: <B3927F11C872D64EAF092F537F1C376616DB0D6C@jupiter.pslcol.com.co>
Reply To: <5168E191.2090508@gmail.com>
UTC Datetime: 2013-04-15 06:34:27 UTC
Raw Date: Mon, 15 Apr 2013 13:34:27 +0000

Raw message 

Hello tim,

Thanks for your answer, I already tried it and it Works... Thanks!!!

Kindly,

Pablo Arango Correa
Ingeniero de Infraestructura IT / IT Infrastructure Engineer


From: Tim White [mailto:ti***8@gmail.com]
Sent: viernes, 12 de abril de 2013 11:40 p.m.
To: GRASE Hotspot General Discussions
Subject: Re: [GRASE-Hotspot] FreeRadius Additional Conf

On 13/04/13 00:20, Pablo Arango Correa wrote:
Hello Tim,

This is what I'm doing; I'm inserting into the next tables:

radreply (Values for username,attribute,op,value ), radgroupreply (values for groupname attribute op value);

for example:

TABLE: radreply
|id      |username             |attribute                | op    | value                   |
|1       |00-YY-00-ZZ-17-C6 |Framed-IP-Address | :=    | 192.168.2.33         |

TABLE: radgroupreply
|id      | groupname  | attribute                        | op    | value                   |
|1       | static          | Framed-Protocol             | :=    | PPP                     |
|2       | static          | Service-Type                  | :=    | Framed-User         |
|3       | static          | Framed-IP-Address          | :=    | 192.168.2.33         |

This is to let freeradius reserve IP addresses for certain MAC addresses. In this case the IP "192.168.2.33" for "00-YY-00-ZZ-17-C6" from the group "static" (previously created and set through the grase GUI). It works perfectly but whenever I make further changes from the GUI like creating a new group, it overwrites the above settings.


Hi Pablo

You shouldn't need any of those settings in the radgroupreply table. What you are saying in the radgroupreply is that for any user in the static group, firstly they are connecting via PPP (which they aren't), secondly that they are a Framed-User, which they probably are but that's not something we need to set, and lastly you give them the ip address.... All users in the group, get that ip address, which is wrong.

What you have in the radreply table is correct though, and should be working. It will only work with Machine accounts though, (which will have a corresponding password in the radcheck table as well) as the Framed-IP-Address can only be honour at Mac Authentication time by coova chilli, as once a client has a DHCP lease, we can't then change their ip address.

When I can, I'll try it myself and see, but just that radreply line should be what you need, as long as there is already a machine account for that MAC address.

Tim

Thread