Configuring FreeRADIUS DHCP for ABillS

Suppose you installed FreeRADIUS 2 as written in this article – Installation and configuration of the ABillS billing system
Now copy the dhcp.conf file into the FreeRADIUS configuration:

sudo cp /usr/abills/misc/freeradius/v2/dhcp.conf /usr/local/freeradius/etc/raddb/sites-enabled/

Open it in the editor and replace %DHCP_SERVER_IP% with the ip address of the server and specify the network interface:

sudo nano /usr/local/freeradius/etc/raddb/sites-enabled/dhcp.conf

Open the dictionary in the editor:

sudo nano /usr/local/freeradius/share/freeradius/dictionary

Add the following line:

$INCLUDE dictionary.dhcp

Run Freeradius in debug mode:

radiusd -X

Perhaps Freeradius is already running and run one more naturally will not work, see my article – How to fix error Failed binding to authentication address * port 1812: Address already in use freeradius
After the startup, you should see something like:

Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on dhcp interface enp2s0 address 192.168.99.1 port 67 as server dhcp
Ready to process requests.

With the Ctrl + C shortcut, stop radiusd and run as usual:

sudo /etc/init.d/radiusd start

If necessary, you can parse packets via tcpdump:

sudo tcpdump port 67 or port 68 -e -n
sudo netstat -tulpn | grep :67

We proceed to configure ABillS, we import the database of the Dhcphosts module:

mysql -u root -p --default-character-set=utf8 -D abills < /usr/abills/db/Dhcphosts.sql

We copy the paid module to ABillS:

cp Mac_auth.pm /usr/abills/Abills/mysql/

In the config.pl file ABillS, the Dhcphosts module must be activated.

Open the configuration file ABillS in a text editor:

nano /usr/abills/libexec/config.pl

And we will write the following parameters:

$AUTH{dhcp}='Mac_auth';
# use base for DHCP leases records
$conf{DHCPHOSTS_LEASES}='db'; 
# enable port and switch authorization
$conf{DHCPHOSTS_PORT_BASE}=1;

Naturally, the Dhcphosts module must be activated:

@MODULES = (
        'Dhcphosts'
        );

Set up DHCP logs, open the file in the text editor:

/usr/local/freeradius/etc/raddb/modules/linelog

And add at the very end:

linelog linelog-dhcp {
    filename = ${logdir}/linelog-dhcp.log
    format = ""
    reference = "%{%{reply:DHCP-Message-Type}:-%{request:DHCP-Message-Type}}"
    DHCP-Discover = "%S --> Transaction-ID: %{DHCP-Transaction-Id} DISCOVER: [%{DHCP-Client-Hardware-Address}] via (%{DHCP-Gateway-IP-Address}), hop count = %{DHCP-Hop-Count}, Relay = %{DHCP-Relay-Remote-Id}, Hostname =  %{DHCP-Hostname}"
    DHCP-Offer = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} OFFER: %{reply:DHCP-Your-IP-Address} to [%{DHCP-Client-Hardware-Address}] ..."
    DHCP-Request = "%S --> Transaction-ID: %{DHCP-Transaction-Id} REQUEST: [%{DHCP-Client-Hardware-Address}] via (%{DHCP-Gateway-IP-Address}), hop count = %{DHCP-Hop-Count}, Relay = %{DHCP-Relay-Remote-Id} ..."
    DHCP-Ack = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} ACK: %{reply:DHCP-Your-IP-Address} to [%{DHCP-Client-Hardware-Address}] ..."
    DHCP-NAK = "%S <-- Transaction-ID: %{DHCP-Transaction-Id} NAK: [%{DHCP-Client-Hardware-Address}] for %{request:DHCP-Client-IP-Address}; ..."
    0 = "%S -/- Transaction-ID: %{DHCP-Transaction-Id} %{request:DHCP-Message-Type} DROPPED: ..."
}

If that, you can create a file:

touch /var/log/linelog-dhcp.log
chown freerad:freerad /var/log/linelog-dhcp.log

Restart FreeRADIUS to apply the changes:

sudo /etc/init.d/radiusd restart

The error in the logs “No name specified for Post-Auth-Type block” can be ignored.

It may be necessary to give the administrator access to the module Dhcphosts in the menu ABillS “Settings” – “Administrators”.

In the “Settings” – “Access Server” add the switch for authorization via the port and the switch:

IP: IP address of the switch
Name: any name
Type: dhcp DHCP FreeRadius in DHCP mode
Mac: Mac address switch

If you are using an L3 schema with Accel-ppp, you must also add DHCP Relay to the access server.

See also my article:
IPTables rules for FreeRADIUS

Leave a comment

Leave a Reply