Suppose you installed FreeRADIUS 2 as written in this article – Installation and configuration of the ABillS billing system
Now copy the dhcp.conf file into the FreeRADIUS configuration:
sudo cp /usr/abills/misc/freeradius/v2/dhcp.conf /usr/local/freeradius/etc/raddb/sites-enabled/
Open it in the editor and replace %DHCP_SERVER_IP% with the ip address of the server and specify the network interface:
sudo nano /usr/local/freeradius/etc/raddb/sites-enabled/dhcp.conf
Open the dictionary in the editor:
sudo nano /usr/local/freeradius/share/freeradius/dictionary
Add the following line:
$INCLUDE dictionary.dhcp
Run Freeradius in debug mode:
radiusd -X
Perhaps Freeradius is already running and run one more naturally will not work, see my article – How to fix error Failed binding to authentication address * port 1812: Address already in use freeradius
After the startup, you should see something like:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on dhcp interface enp2s0 address 192.168.99.1 port 67 as server dhcp
Ready to process requests.
With the Ctrl + C shortcut, stop radiusd and run as usual:
sudo /etc/init.d/radiusd start
If necessary, you can parse packets via tcpdump:
sudo tcpdump port 67 or port 68 -e -n sudo netstat -tulpn | grep :67
We proceed to configure ABillS, we import the database of the Dhcphosts module:
mysql -u root -p --default-character-set=utf8 -D abills < /usr/abills/db/Dhcphosts.sql
We copy the paid module to ABillS:
cp Mac_auth.pm /usr/abills/Abills/mysql/
In the config.pl file ABillS, the Dhcphosts module must be activated.
Open the configuration file ABillS in a text editor:
nano /usr/abills/libexec/config.pl
And we will write the following parameters:
$AUTH{dhcp}='Mac_auth';
# use base for DHCP leases records
$conf{DHCPHOSTS_LEASES}='db';
# enable port and switch authorization
$conf{DHCPHOSTS_PORT_BASE}=1;
Naturally, the Dhcphosts module must be activated:
@MODULES = (
'Dhcphosts'
);
Set up DHCP logs, open the file in the text editor:
/usr/local/freeradius/etc/raddb/modules/linelog
And add at the very end:
linelog linelog-dhcp {
filename = ${logdir}/linelog-dhcp.log
format = ""
reference = "%{%{reply:DHCP-Message-Type}:-%{request:DHCP-Message-Type}}"
DHCP-Discover = "%S --> Transaction-ID: %{DHCP-Transaction-Id} DISCOVER: [%{DHCP-Client-Hardware-Address}] via (%{DHCP-Gateway-IP-Address}), hop count = %{DHCP-Hop-Count}, Relay = %{DHCP-Relay-Remote-Id}, Hostname = %{DHCP-Hostname}"
DHCP-Offer = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} OFFER: %{reply:DHCP-Your-IP-Address} to [%{DHCP-Client-Hardware-Address}] ..."
DHCP-Request = "%S --> Transaction-ID: %{DHCP-Transaction-Id} REQUEST: [%{DHCP-Client-Hardware-Address}] via (%{DHCP-Gateway-IP-Address}), hop count = %{DHCP-Hop-Count}, Relay = %{DHCP-Relay-Remote-Id} ..."
DHCP-Ack = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} ACK: %{reply:DHCP-Your-IP-Address} to [%{DHCP-Client-Hardware-Address}] ..."
DHCP-NAK = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} NAK: [%{DHCP-Client-Hardware-Address}] for %{request:DHCP-Client-IP-Address}; ..."
0 = "%S -/- Transaction-ID: %{DHCP-Transaction-Id} %{request:DHCP-Message-Type} DROPPED: ..."
}
If that, you can create a file:
touch /var/log/linelog-dhcp.log chown freerad:freerad /var/log/linelog-dhcp.log
Restart FreeRADIUS to apply the changes:
sudo /etc/init.d/radiusd restart
The error in the logs “No name specified for Post-Auth-Type block” can be ignored.
It may be necessary to give the administrator access to the module Dhcphosts in the menu ABillS “Settings” – “Administrators”.
In the “Settings” – “Access Server” add the switch for authorization via the port and the switch:
IP: IP address of the switch
Name: any name
Type: dhcp DHCP FreeRadius in DHCP mode
Mac: Mac address switch
If you are using an L3 schema with Accel-ppp, you must also add DHCP Relay to the access server.
See also my article:
IPTables rules for FreeRADIUS