0

We have freeRadius for authentication on a Ubuntu box, but the DHCP allocation is handled elsewhere, specifically by a Win2012R2 DHCP server. Is it possible to configure freeRadius in such a way that the DHCP server gets a suitable "hint" (while still being the sole responsible server for actual ip allocation)?

What I mean with "hint" is that the Windows DHCP server can follow policies that evaluate specific options of a DHCP request:

  • vendor class,
  • user class,
  • MAC address,
  • client id,
  • fqdn,
  • relay agent information.

I suppose MAC better be left alone, and relay agent info seems to appply for the case of DHCPrelay. But maybe it is possible that freeradius can tell everybody authenticating there to request their IP with e.g. a user class that is under control of the radius server?

Hagen von Eitzen
  • 816
  • 3
  • 15
  • 41

1 Answers1

1

AFAIK there's nothing that you can send back to the NAS which'll be passed on to the client, and then used in the DHCP-Discover/DHCP-Request.

What you could do, is if the DHCP server had some sort of pokable interface, is exec a script on the FreeRADIUS instance, or call out to a REST API, which'd then communicate the extra information to the DHCP server.

Another alternative is to have FreeRADIUS act as a DHCP relay, which it's more than capable of doing in v3. It could then augment the DHCP Discovers/Requests with information gleaned during authentication.

The quick and dirty way of doing that would be to use the cache module and call it in your RADIUS virtual server and DHCP relay virtual server.

Arran Cudbard-Bell
  • 1,514
  • 1
  • 9
  • 18