mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-09-01 06:25:34 +00:00
Code Issues Releases Wiki Activity

[#1441] document various MAC formats for RADIUS

Browse Source
This commit is contained in:
Andrei Pavel
2020-10-02 12:38:39 +03:00
parent b18f15dc5e
commit 13c20b6f28
2 changed files with 46 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
doc/sphinx/arm/hooks-radius.rst
View File

@@ -363,7 +363,9 @@ flags, which correspond to FreeRADIUS client library options:
feature when running in this mode. feature when running in this mode.
- ``dictionary`` (default set by configure at build time) - is the - ``dictionary`` (default set by configure at build time) - is the
attribute and value dictionary. Note that it is a critical parameter. attribute and value dictionary. Note that it is a critical parameter. You
may find dictionary examples in the FreeRADIUS repository under the etc
directory.
- ``extract-duid`` (default true) - extracts the embedded duid from an - ``extract-duid`` (default true) - extracts the embedded duid from an
RFC 4361-compliant DHCPv4 client-id. Implied by client-id-printable. RFC 4361-compliant DHCPv4 client-id. Implied by client-id-printable.
@@ -510,7 +512,7 @@ following snippet could be used:
"expr": "hexstring(pkt4.mac,':')" "expr": "hexstring(pkt4.mac,':')"
} }
] # End of attributes ] # End of attributes
} # End of access }, # End of access
# Accounting parameters. # Accounting parameters.
"accounting": { "accounting": {
@@ -528,6 +530,47 @@ following snippet could be used:
} }
Customization is sometimes required for certain attributes by devices belonging
to various vendors. This is a great way to leverage the expression evaluation
mechanism. For example, MAC addresses which you might use as a convenience
value for the User-Name attribute most likely will appear in colon-hexadecimal
notation ``de:ad:be:ef:ca:fe``, but it might need to be expressed in:
* hyphen-hexadecimal notation ``de-ad-be-ef-ca-fe``
.. code-block:: json
{
"parameters": {
"access": {
"attributes": [
{
"name": "User-Name",
"expr": "hexstring(pkt4.mac, '-')"
}
]
}
}
}
* period-separated hexadecimal notation ``dead.beef.cafe``, preferred by Cisco devices
.. code-block:: json
{
"parameters": {
"access": {
"attributes": [
{
"name": "User-Name",
"expr": "concat(concat(concat(substring(hexstring(pkt4.mac, ''), 0, 4), '.'), concat(substring(hexstring(pkt4.mac, ''), 4, 4), '.'), concat(substring(hexstring(pkt4.mac, ''), 8, 4), '.'))"
}
]
}
}
}
For the RADIUS hooks library to operate properly in DHCPv4, For the RADIUS hooks library to operate properly in DHCPv4,
the Host Cache hooks library must also be loaded. The reason for this the Host Cache hooks library must also be loaded. The reason for this
is somewhat complex. In a typical deployment, the DHCP clients send is somewhat complex. In a typical deployment, the DHCP clients send

2
doc/sphinx/arm/hooks.rst
View File

@@ -52,7 +52,7 @@ Note that some libraries are available under different licenses.
Please also note that some libraries may require additional dependencies and/or Please also note that some libraries may require additional dependencies and/or
compilation switches to be enabled, e.g. the RADIUS library introduced in compilation switches to be enabled, e.g. the RADIUS library introduced in
Kea 1.4 requires the FreeRadius-client library to be present. If Kea 1.4 requires the FreeRadius-client library to be present. If
--with-free-radius option is not specified, the RADIUS library will not --with-freeradius option is not specified, the RADIUS library will not
be built. be built.
Installing Hook Packages Installing Hook Packages