Paul Hampson wrote:
On Wed, Nov 03, 2004 at 07:04:09PM +0800, Chan Min Wai wrote:
I hope that radius server can talk to the DHCP server and tell the DHCP server what ip address to be allocate...
Write a script in that adds the authenticated client's MAC address and the IP Address you've assigned to the DHCP server's config and reloads the DHCP server. It'll also have to get rid of other stanzas for that MAC address/IP address (trusting rlm_ippool to know what IP addresses are free, which means you need to be getting Accounting packets, I expect.)
This assumes rlm_ippool can even work with 802.1x... What does it use for NAS-Port?
Put this in an rlm_exec with (wait=1) after your rlm_ippool module.
Again, this assumes 802.1x (did I call it 802.11x earlier???) happens before DHCP does. ^_^
802.1x turns the physical port on in the case of a wired network, or completes the association of a client to a wireless AP in a wireless seetup. The next step is usually your protocol level setup, i.e. getting an IP address.
The RADIUS server would normally be out of the loop at the protocol level. You can write a script, or just let the DHCP server give out addresses out of a pool, etc.
--Craig
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html