FreeRadius2 not relaying DHCP info from DHCP Server



  • It took a while of mucking around, but I finally got FreeRadius2 installed and authenticating properly on my home network. The problem I'm having now is the fact that I cannot acquire an IP address from my Server 2003 DHCP server.

    How can I get FreeRadius to allow my notebooks to receive IP addresses from my server?



  • what is your topology?



  • @rockinthesixstring:

    It took a while of mucking around, but I finally got FreeRadius2 installed and authenticating properly on my home network.

    Do you mean configuration problems/understanding or some missing code ?

    @rockinthesixstring:

    The problem I'm having now is the fact that I cannot acquire an IP address from my Server 2003 DHCP server.

    How can I get FreeRadius to allow my notebooks to receive IP addresses from my server?

    Do you mean the "Framed-IP-Address" attribute ? This is depending on your NAS (Switch, Wireless-AP). If the NAS does not understand this attribute there is nothing freeradius can do. Freeradius is just checking the username/password and then send back the reply-attributes - in this case "Framed-IP-Address". If you NAS does not know how to handle this attribute there is nothing you can do.

    If your NAS has another attribute than Framed-IP-Address then you can add this attribute to the "additional reply-attributes" textbox.

    Another possibility would be to use freeradius + mysql and setup sqlippool - but this is probably overkill for a home network.



  • I'll try to explain a little better.

    I have a pfsense box installed in the router position just before the modem.
    On the LAN side of the pfsense box, I have 2 consumer grade D-Link Wireless Routers covering a small office area.
    I also have Windows Server 2003 issuing DHCP requests for all devices on the network.

    If I'm not using freeradius, and I just put the wireless routers in AP mode (with security), my server can issue DHCP requests to wireless devices without issue.
    As soon as I enable freeradius on the wireless routers, I can authenticate and connect, but I cannot acquire an IP address from the server

    @Nachtfalke:

    @rockinthesixstring:

    It took a while of mucking around, but I finally got FreeRadius2 installed and authenticating properly on my home network.

    Do you mean configuration problems/understanding or some missing code ?

    Yeah, evidently my wireless AP's communicate over TCP/IP and not UDP… took a bit of trial and error to get it working.

    @Nachtfalke:

    @rockinthesixstring:

    The problem I'm having now is the fact that I cannot acquire an IP address from my Server 2003 DHCP server.

    How can I get FreeRadius to allow my notebooks to receive IP addresses from my server?

    Do you mean the "Framed-IP-Address" attribute ? This is depending on your NAS (Switch, Wireless-AP). If the NAS does not understand this attribute there is nothing freeradius can do. Freeradius is just checking the username/password and then send back the reply-attributes - in this case "Framed-IP-Address". If you NAS does not know how to handle this attribute there is nothing you can do.

    If your NAS has another attribute than Framed-IP-Address then you can add this attribute to the "additional reply-attributes" textbox.

    Another possibility would be to use freeradius + mysql and setup sqlippool - but this is probably overkill for a home network.

    not sure what "Framed-IP-Address" is, sorry.



  • @rockinthesixstring

    Thanks for the good explanation and the network map :)
    Fortget about the "Framed-IP-Address" - I thought you want that freeradius should be assign an IP address to your clients.

    But the problem that the clients do not get any IP address when you activate RADIUS authentication on the W-AP is a bit strange. I know that it is working without problem on a the Linksys 54 series with DD-WRT software. Enabling WPA2-Enterprise on the  linksys and everything is working.

    Is the authentication working and freeradius gives a success message on syslog ?
    On a cisco switch I had the problem when I did not assign a VLAN ID on freeradius then the user could not get access - that was strange because I didn't want to use VLANs in this scenario.

    So perhaps try to assign the default vlan of the W-AP to make sure every client will be in the correct one.

    In my opinion this is probably a W-AP related "problem" or needs to be configured there. Probably it will be best for the complete environment to create one VLAN for LAN clients and one for WLAN clients - if possible.



  • Ah, I think I know what it is. The AP that I'm trying this on has "defective" firmware and I need to update it first. Turns out updating the firmware is causing me even more problems  :-\

    Thanks!


Locked