From: Francis Dupont Date: Thu, 26 Apr 2018 22:53:17 +0000 (+0200) Subject: [5538] Added radius.json tentative RADIUS config X-Git-Tag: trac5549_base~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ec6378b09702219569bf89cb0104bb7c32803d34;p=thirdparty%2Fkea.git [5538] Added radius.json tentative RADIUS config --- diff --git a/doc/examples/kea4/radius.json b/doc/examples/kea4/radius.json new file mode 100644 index 0000000000..27824d2159 --- /dev/null +++ b/doc/examples/kea4/radius.json @@ -0,0 +1,157 @@ +// This is an example configuration file for the DHCPv4 server in Kea +// illustrating the configuration of the RADIUS hooks library. + +// clients get a wine name (option AOP code 250) divided into red and white. +// Expensive brands have a host entry, i.e. a reserved address. +// +// Names +// +// brouilly (red) +// chablis (white) +// chambertin (red, expensive) +// chinon (red) +// chiroubles (red) +// condrieu (white) +// cornas (red) +// corton (red) +// fleurie (red) +// givry (red) +// margaux (red, expensive) +// meursault (white) +// montrachet (white, expensive) +// morgon (red) +// muscadet (white) +// petrus (red, expensive) +// riesling (white) +// romanee (red, expensive) +// sylvaner (white) +// yquem (white, expensive) +// +// Address space is 192.0.2.0/24 with 10-99 for reds and 110-199 for whites. + +{"Dhcp4": + +{ + // Kea is told to listen on the en0 interface only. + "interfaces-config": { + "interfaces": [ "en0" ] + }, + + // Set up the storage for leases. + "lease-database": { + "type": "memfile" + }, + + "valid-lifetime": 1800, + + // Restrict us to flex-id. + "host-reservation-identifiers": [ "flex-id" ], + + // Define the AOP option. + "option-def": [ { + "name": "AOP", + "code": 250, + "type": "string" } ], + + // Define red and white client classes. + // If there are not defined we can get spurious warnings. + "client-classes": [ + { "name": "red" }, + { "name": "white" } ], + + // Define a subnet. + "subnet4": [ { + // Set the subnet ID (aka RADIUS NAS port). + "id": 14, + "subnet": "192.0.2.0/24", + "interface": "en0", + "pools": [ + { + // Red pool (10-19 are for reservations) + "pool": "192.0.2.20-192.0.2.99", + "client-class": "red" + }, + { + // White pool (110-119 are for reservations) + "pool": "192.0.2.120-192.0.2.199", + "client-class": "white" + } + ], + // Define host reservations for "expensive" wines. + // Use quotes in the host id value to say it is textual (vs hexa). + "reservations": [ + { + "flex-id": "'chambertin'", + "ip-address": "192.0.2.10" + }, + { + "flex-id": "'margaux'", + "ip-address": "192.0.2.11" + }, + { + "flex-id": "'petrus'", + "ip-address": "192.0.2.12" + }, + { + "flex-id": "'romanee'", + "ip-address": "192.0.2.13" + }, + { + "flex-id": "'montrachet'", + "ip-address": "192.0.2.110" + }, + { + "flex-id": "'yquem'", + "ip-address": "192.0.2.111" + } ] + } ], + + // Set up the hooks libraries. + "hooks-libraries": [ + { + // Load the flex-id hook library. + "library": "/tmp/libdhcp_flex_id.so", + + "parameters": { + // Take the ID from the AOP option. + "identifier-expression": "option[250].text", + + // Replace the client ID in queries by the flex-id. + // Useful for access, required for accounting as it will become + // the lease ID too. + "replace-client-id": true + } + }, + { + // Load the host cache hook library before RADIUS one. + "library": "/tmp/libdhcp_host_cache.so" + }, + { + // Load the RADIUS hook library. + "library": "/tmp/libdhcp_radius.so", + + "parameters": { + // Strip the 0 type added by flex-id + "client-id-pop0": true, + + // flex Id is printable (far easier for the RADIUS server config) + // Without this it will be in hexadecimal... + "client-id-printable": true, + + // Use the flex-id. + "identifier-type4": "flex-id", + + // Configure an access (aka authentication/authorization) server. + "access": { + "server": "127.0.0.1" + }, + + // Configure an accounting server. + "accounting": { + "server": "127.0.0.1" + } + } + } ] +} + +}