PacketFence - BTS - PacketFence
View Issue Details
IDProjectCategoryView StatusDate SubmittedLast Update
0001028PacketFenceconfigurationpublic2010-07-08 10:462011-01-26 15:42
Reporterobilodeau 
Assigned Toobilodeau 
PrioritynormalSeverityfeatureReproducibilityN/A
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version 
Target Version2.0.0Fixed in Version2.0.0 
fixed in git revision
fixed in mtn revision5ccf483d9ddf63a82285dcd6ed8b6dc50a471be2
Summary0001028: adding radius clients needs to be performed from the command line
DescriptionIn a 802.1x, Mac Authentication or Mac Address Bypass context, the switches that communicates with PacketFence need to be added to a freeradius clients (or user don't remember) flat file.

This should be automatically done based on what is in switches.conf and a new radius shared secret parameter should be added in switches.conf.
Steps To Reproduce
Additional Information
TagsNo tags attached.
Relationships
related to 0001051closed obilodeau radiusd restarted by PacketFence 
child of 0001027closed fgaudreault freeradius needs to be configured manually 
Attached Files
Issue History
Date ModifiedUsernameFieldChange
2010-07-08 10:46obilodeauNew Issue
2010-07-08 10:46obilodeauStatusnew => assigned
2010-07-08 10:46obilodeauAssigned To => obilodeau
2010-07-08 10:46obilodeauRelationship addedchild of 0001027
2010-08-25 16:22obilodeauNote Added: 0001632
2010-08-25 16:28obilodeauRelationship addedrelated to 0001051
2010-10-07 16:56obilodeauNote Added: 0001721
2010-10-12 12:09obilodeaumtn revision => 5ccf483d9ddf63a82285dcd6ed8b6dc50a471be2
2010-10-12 12:09obilodeauNote Added: 0001723
2010-10-12 12:09obilodeauStatusassigned => resolved
2010-10-12 12:09obilodeauFixed in Version => 1.9.2
2010-10-12 12:09obilodeauResolutionopen => fixed
2010-11-19 14:23obilodeauFixed in Version1.9.2 => trunk
2010-11-19 14:25obilodeauTarget Version1.10.0 => 2.0.0
2010-12-15 11:37obilodeauFixed in Versiontrunk => 2.0.0
2011-01-26 15:42obilodeauStatusresolved => closed

Notes
(0001632)
obilodeau   
2010-08-25 16:22   
We will take an approach where the clients settings are stored in the database. We decided to store them internally inside the pf schema and not in an external database because it is less complex (no new db, new db user, etc. to handle).

For info check:
http://github.com/alandekok/freeradius-server/blob/v2.1.x/raddb/sql.conf [^]
http://old.nabble.com/NAS-list-with-MySQL-td14971644.html [^]

Tasks:
Test
- Try out the SQL module in the lab as a PoC, if it works with only nas client activated that's great!

Integration:
- Integrate the schema in pf's schema. change the name to radius_nas instead of nas
- Add a new param in switches.conf: radius_shared_secret or something similar
- On PF startup, at the config check phase (where we generate the templates) populate the NAS table in the database based on the switches IPs and shared secrets
- Do not forget that this will then require freeradius2 packages to be installed. Minimally: freeradius2, freeradius2-perl and freeradius2-mysql
(0001721)
obilodeau   
2010-10-07 16:56   
Successfully got the SQL module to use a nas table. Changes required:

- install freeradius2-mysql
- add table to database
- in radiusd.conf:
 - uncomment $INCLUDE sql.conf under modules { ... }
 - add sql under instantiate { ... }
- in sql.conf
 - setup login, password, hostname, database name
 - uncomment readclients = yes
 - set nas_table (if not default)
(0001723)
obilodeau   
2010-10-12 12:09   
New radiusSecret parameter in switches.conf and pf::freeradius module are created. However nothing is done by default. See addons/freeradius-integration/README on help to enable that feature.

This will probably change in the future but for now, until we can fully control FreeRADIUS (config, start/stop/restart, etc.) from within PacketFence, it was preferred to keep things simple (avoiding everyone the need to change their config when upgrading). When things will be more integrated this will likely change.