*** This module will not be necessary in version 4. The v4.0.x branch today supports dynamic clients, with all attributes decoded, and available to the unlang policies. ***
https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/sites-available/dynamic-clients
The module provides the xlat expansion functionality %{raw: ... } to get the value of attribute from requesting packet.
It's intentionally to be used with the rlm_dynamic_clients that the client's IP address is unknown for pre-configuration. (xDSL, FTTx)
The attribute "NAS-Identifier" or any valid attributes in the requesting packet could be used as information for retrieving settings that required to setup a new client. See EXAMPLE for more details.
It was rewritten for FreeRADIUS 3.0.x and tested with FreeRADIUS 3.0.12
Inspired by the original rlm_raw_patch by RADIUSDesk.
update control {
&FreeRADIUS-Client-Secret = "%{redis: GET 'rad-secret-%{raw: NAS-Identifier}'}"
}
/etc/freeradius/3.0/radiusd.conf
...
...
instantiate {
raw
...
...
}
/etc/freeradius/3.0/sites-enabled/dynamic-clients
client dynamic {
ipaddr = 0/0
dynamic_clients = dynamic_clients
lifetime = 3600
}
server dynamic_clients {
authorize {
update control {
&FreeRADIUS-Client-Secret = "%{redis: GET 'rad-secret-%{raw: NAS-Identifier}'}"
&FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
&FreeRADIUS-Client-Require-MA = no
&FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
&FreeRADIUS-Client-NAS-Type = "other"
&FreeRADIUS-Client-Virtual-Server = "default"
}
}
}
Contributions are welcome.
Happy Hacking!