how to get usernames for .1x authenticated clients from dhcp server

Roberto Innocente inno at
Thu May 28 06:15:08 UTC 2015

(i re-submit this because a previous submission sent before 
went in some sink i dont know about)

username associated with lease from isc dhcp server
(possible for 802.1x authenticated clients)

It would be very useful to be able to query dhcp servers for
the radius attributes the switches add to client dhcp requests
(according to rfc4014) when the clients were authenticated by 802.1x.

I made a very small patch that i did'nt test much.
This patch allows isc dhcp server to store the radius attributes that it
eventually receives in the lease and therefore replies to
dhcp leasquery packets or small python scripts using omapi with
for instance the radius User-Name obtained from the NAS.
I enclose the untested patch here. It is also available
I know now the development is mainly on kea, but ..
let me know if someone finds it useful.

eg . small python script using pypureomapi queries dhcp server and gets 
username(get-ip-l : get-ip-lease trough omapi)

ip mac 00:12:22:33:77:89 User-Name  =  kitten

I took the simplest road to store all radius attributes in one hex
option as in this example lease, it remains under the responsability of 
clients to decode them :

lease {
   starts 4 2015/05/28 06:04:23;
   ends 4 2015/05/28 06:09:23;
   cltt 4 2015/05/28 06:04:23;
   binding state active;
   next binding state free;
   rewind binding state free;
   hardware ethernet 00:12:22:33:77:89;
   option agent.circuit-id "cir 123";
   option agent.radius-attributes 1:8:6b:69:74:74:65:6e;

write to me for the simple python script querying for usernames.

Roberto Innocente - SISSA
inno at - +39 40 3787541
-------------- next part --------------
A non-text attachment was scrubbed...
Name: diff-Naur-radattr-std.txt
Type: text/x-diff
Size: 4395 bytes
Desc: not available
URL: <>

More information about the dhcp-users mailing list