mir/kea
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/kea synced 2025-08-28 20:47:48 +00:00
Code Issues Releases Wiki Activity
kea/doc/examples/kea4/hooks-radius.json
Razvan Becheriu 785efcc92a [#3333] move hook libraries to open source
2025-02-21 21:34:58 +00:00

225 lines
7.0 KiB
JSON
Raw Permalink Blame History

// This is an example configuration file for the DHCPv4 server in Kea
// illustrating the configuration of the RADIUS and Host Cache hook libraries.
//
// It is not intended to be used as is. It tries to showcase some of the
// parameters available.
//
// To use this configuration file, you need to have both RADIUS and
// Host Cache hooks.
//
// clients get a wine name (option AOP code 250) divided into red and white.
// Expensive brands have a host entry, i.e. a reserved address.
//
// Names
//
// brouilly (red)
// chablis (white)
// chambertin (red, expensive)
// chinon (red)
// chiroubles (red)
// condrieu (white)
// cornas (red)
// corton (red)
// fleurie (red)
// givry (red)
// margaux (red, expensive)
// meursault (white)
// montrachet (white, expensive)
// morgon (red)
// muscadet (white)
// petrus (red, expensive)
// riesling (white)
// romanee (red, expensive)
// sylvaner (white)
// yquem (white, expensive)
//
// Address space is 192.0.2.0/24 with 10-99 for reds and 110-199 for whites.
//
// Reservations are given here in Kea/JSON style but they must be
// in the RADIUS server configuration:
//
// {
// "flex-id": "'chambertin'",
// "ip-address": "192.0.2.10"
// },
// {
// "flex-id": "'margaux'",
// "ip-address": "192.0.2.11"
// },
// {
// "flex-id": "'petrus'",
// "ip-address": "192.0.2.12"
// },
// {
// "flex-id": "'romanee'",
// "ip-address": "192.0.2.13"
// },
// {
// "flex-id": "'montrachet'",
// "ip-address": "192.0.2.110"
// },
// {
// "flex-id": "'yquem'",
// "ip-address": "192.0.2.111"
// }
//
{"Dhcp4":
{
// Kea is told to listen on specific interfaces only.
"interfaces-config": {
// You should probably list your network interfaces here (e.g. "eth1961")
"interfaces": [ "eth1961" ]
},
// Set up the storage for leases.
"lease-database": {
"type": "memfile"
},
// Note there is hosts-database defined. RADIUS and Host Cache libraries
// will create them dynamically.
// RADIUS uses flex-id reservations, so restrict Kea to use flex-id only.
"host-reservation-identifiers": [ "flex-id" ],
// Define the AOP option.
"option-def": [ {
"name": "AOP",
"code": 250,
"type": "string" } ],
// Define red and white client classes.
// If they are not defined we can get spurious warnings.
"client-classes": [
{ "name": "red" },
{ "name": "white" } ],
// Define a subnet.
"subnet4": [ {
// Set the subnet ID (aka RADIUS NAS port).
"id": 14,
"subnet": "192.0.2.0/24",
"interface": "eth1961",
"pools": [
{
// Red pool (10-19 are for reservations)
"pool": "192.0.2.20-192.0.2.99",
"client-classes": [ "red" ]
},
{
// White pool (110-119 are for reservations)
"pool": "192.0.2.120-192.0.2.199",
"client-classes": [ "white" ]
}
// Note there are not pools available to anyone. This is
// important to note. This means that to get an address, the
// client needs to belong to red class, to white class or
// have an address reserved.
]
} ],
// Set up the hook libraries.
"hooks-libraries": [
{
// Load the flex-id hook library.
"library": "/usr/local/lib/kea/hooks/libdhcp_flex_id.so",
"parameters": {
// Take the ID from the AOP option.
"identifier-expression": "option[250].text",
// Replace the client ID in queries by the flex-id.
// Currently required by access code.
// Required for accounting as it will become the lease ID too.
"replace-client-id": true
}
},
{
// Load the host cache hook library. It is needed by the RADIUS
// library to keep the attributes from authorization to later user
// for accounting.
"library": "/usr/local/lib/kea/hooks/libdhcp_host_cache.so"
},
{
// Load the RADIUS hook library.
"library": "/usr/local/lib/kea/hooks/libdhcp_radius.so",
"parameters": {
// If do not use RFC 4361
// "extract-duid": false,
// If have conflicting subnets
// "reselect-subnet-pool": true,
// Strip the 0 type added by flex-id
"client-id-pop0": true,
// flex Id is printable (far easier for the RADIUS server config)
// Without this it will be in hexadecimal...
"client-id-printable": true,
// Use the flex-id.
"identifier-type4": "flex-id",
// Configure an access (aka authentication/authorization) server.
"access": {
// This starts the list of access servers
"servers": [
{
// These are parameters for the first (and only) access server
"name": "127.0.0.1",
"port": 1812,
"secret": "1234"
}
// Additional access servers could be specified here
],
// This define a list of additional attributes Kea will send to each
// access server in Access-Request.
"attributes": [
{
// This attribute is identified by name (must be present in the
// dictionary) and has static value (i.e. the same value will be
// sent to every server for every packet)
"name": "Password",
"data": "mysecretpassword"
},
{
// It's also possible to specify an attribute using its type,
// rather than a name. 77 is Connect-Info. The value is specified
// using hex. Again, this is a static value. It will be sent the
// same for every packet and to every server.
"type": 77,
"raw": "65666a6a71"
},
{
// This example shows how an expression can be used to send dynamic
// value. The expression (see Section 13) may take any value from
// the incoming packet or even its metadata (e.g. the interface
// it was received over from)
"name": "Configuration-Token",
"expr": "pkt.iface"
}
] // End of attributes
},
// Configure an accounting server.
"accounting": {
"servers": [ {
"name": "127.0.0.1",
"port": 1813,
"secret": "1234"
}
]
}
}
}
]
}
}
Reference in New Issue View Git Blame Copy Permalink