Suppose you installed FreeRADIUS 2 as written in this article – Installation and configuration of the ABillS billing system
Now copy the dhcp.conf file into the FreeRADIUS configuration:
1 | sudo cp /usr/abills/misc/freeradius/v2/dhcp.conf /usr/local/freeradius/etc/raddb/sites-enabled/ |
Open it in the editor and replace %DHCP_SERVER_IP% with the ip address of the server and specify the network interface:
1 | sudo nano /usr/local/freeradius/etc/raddb/sites-enabled/dhcp.conf |
Open the dictionary in the editor:
1 | sudo nano /usr/local/freeradius/share/freeradius/dictionary |
Add the following line:
1 | $INCLUDE dictionary.dhcp |
Run Freeradius in debug mode:
1 | radiusd -X |
Perhaps Freeradius is already running and run one more naturally will not work, see my article – How to fix error Failed binding to authentication address * port 1812: Address already in use freeradius
After the startup, you should see something like:
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on dhcp interface enp2s0 address 192.168.99.1 port 67 as server dhcp
Ready to process requests.
With the Ctrl + C shortcut, stop radiusd and run as usual:
1 | sudo /etc/init.d/radiusd start |
If necessary, you can parse packets via tcpdump:
1 2 | sudo tcpdump port 67 or port 68 -e -nsudo netstat -tulpn | grep :67 |
We proceed to configure ABillS, we import the database of the Dhcphosts module:
1 | mysql -u root -p --default-character-set=utf8 -D abills < /usr/abills/db/Dhcphosts.sql |
We copy the paid module to ABillS:
1 | cp Mac_auth.pm /usr/abills/Abills/mysql/ |
In the config.pl file ABillS, the Dhcphosts module must be activated.
Open the configuration file ABillS in a text editor:
1 | nano /usr/abills/libexec/config.pl |
And we will write the following parameters:
1 2 3 4 5 | $AUTH{dhcp}='Mac_auth';# use base for DHCP leases records$conf{DHCPHOSTS_LEASES}='db'; # enable port and switch authorization$conf{DHCPHOSTS_PORT_BASE}=1; |
Naturally, the Dhcphosts module must be activated:
1 2 3 | @MODULES = ( 'Dhcphosts' ); |
Set up DHCP logs, open the file in the text editor:
1 | /usr/local/freeradius/etc/raddb/modules/linelog |
And add at the very end:
1 2 3 4 5 6 7 8 9 10 11 | linelog linelog-dhcp { filename = ${logdir}/linelog-dhcp.log format = "" reference = "%{%{reply:DHCP-Message-Type}:-%{request:DHCP-Message-Type}}" DHCP-Discover = "%S --> Transaction-ID: %{DHCP-Transaction-Id} DISCOVER: [%{DHCP-Client-Hardware-Address}] via (%{DHCP-Gateway-IP-Address}), hop count = %{DHCP-Hop-Count}, Relay = %{DHCP-Relay-Remote-Id}, Hostname = %{DHCP-Hostname}" DHCP-Offer = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} OFFER: %{reply:DHCP-Your-IP-Address} to [%{DHCP-Client-Hardware-Address}] ..." DHCP-Request = "%S --> Transaction-ID: %{DHCP-Transaction-Id} REQUEST: [%{DHCP-Client-Hardware-Address}] via (%{DHCP-Gateway-IP-Address}), hop count = %{DHCP-Hop-Count}, Relay = %{DHCP-Relay-Remote-Id} ..." DHCP-Ack = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} ACK: %{reply:DHCP-Your-IP-Address} to [%{DHCP-Client-Hardware-Address}] ..." DHCP-NAK = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} NAK: [%{DHCP-Client-Hardware-Address}] for %{request:DHCP-Client-IP-Address}; ..." 0 = "%S -/- Transaction-ID: %{DHCP-Transaction-Id} %{request:DHCP-Message-Type} DROPPED: ..."} |
If that, you can create a file:
1 2 | touch /var/log/linelog-dhcp.logchown freerad:freerad /var/log/linelog-dhcp.log |
Restart FreeRADIUS to apply the changes:
1 | sudo /etc/init.d/radiusd restart |
The error in the logs “No name specified for Post-Auth-Type block” can be ignored.
It may be necessary to give the administrator access to the module Dhcphosts in the menu ABillS “Settings” – “Administrators”.
In the “Settings” – “Access Server” add the switch for authorization via the port and the switch:
IP: IP address of the switch
Name: any name
Type: dhcp DHCP FreeRadius in DHCP mode
Mac: Mac address switch
If you are using an L3 schema with Accel-ppp, you must also add DHCP Relay to the access server.
See also my article:
IPTables rules for FreeRADIUS