rlm_dynamic_clients

Synopsis

The dynamic_clients module loads client definitions dynamically. It should be used only inside of the dynamic_clients virtual server.

Default configuration

Virtual Server

Processing Sections

authorize

When listed in the authorize section, the dynamic_client module reads a file named for the IP address of the incoming request. If the file exists, a dynamic entry for that client is created from the contents of the file. The contents of the file are the same as for a normal clients.conf entry.

If the file does not exist, then no dynamic client is created. The incoming packet is silently discarded.

Return codes: noop The module was unable to do anything with the packet. The main client definition may be misconfigured.
: fail The module was unable to read the client definition from the file.
: ok The module read the client definition from the file, and the definition is now active.

Expansions

None.

Directives

None.

Examples

In this example, clients in the network 192.168.1/24 are created dynamically. First, a static client definition is created. This client tells the server to allow dynamic clients from that network. Clients having IP addresses outside of that network are silently ignored.

Example Master client in clients.conf

 client dynamic {
	ipaddr = 192.168.1.0
	netmask = 24

	#  Define the virtual server used to discover dynamic clients.
	dynamic_clients = dynamic_client_server

	# This directory should exist, and be readable by the server.
	directory = ${confdir}/dynamic-clients/

	lifetime = 3600
 }

It is also important to ensure that the directory ${confdir}/dynamic-clients/ exists and is readable but not writeable by the server. It is assumed here that the directory and user/group for FreeRADIUS are the defaults. Some distributions change the directory to /etc/freeradius, so if /etc/raddb does not exist, please check the directory used by your distribution.

Create the directory

$ cd /etc/raddb
$ mkdir dynamic-clients
$ chgrp freerad dynamic-clients
$ chmod g+w dynamic-clients
$ chmod g-w dynamic-clients

Then, create a file that contains the definition for a client in this directory:

Example Dynamic clients file dynamic-clients/192.168.1.2

 client mynas {
	ipaddr = 192.168.1.2
	secret = testing123
 }

And then enable the dynamic-clients virtual server:

Commands

$ cd /etc/raddb/sites-enabled
$ ln -s ../sites-available/dynamic-clients

Start the server in debugging mode:

Commands

$ radiusd -X
...
Ready to process requests

Open a terminal window on the machine with the IP address 192.168.1.2. Ensure that radtest is installed. Send a packet from that machine to the RADIUS server, assuming that 192.168.1.10 is the IP address of the server.

Commands

$ radtest bob hello 192.168.1.10 0 testing123

The server will then be seen to read the file raddb/dynamic-clients/192.168.1.2 and to create the dynamic client.