[Kea-users] Shared Network with Radius Hook
Brent Miles
milesb at FTC.org
Tue Jul 15 15:20:12 UTC 2025
I am trying to configure the following setup. I have a dhcp relay, a kea dhcp server, and a freeradius server. Requests come into the relay, then sent to the kea server, authorized by the radius server and address assigned by kea. I also want to have address reservations assigned by the radius framed-ip attribute using the radius hook in kea.
I have the following config (disregard the client class section, not using it) but the service fails to start. Any obvious issues with it?
{
"Dhcp4": {
"host-reservation-identifiers": ["hw-address"],
"interfaces-config": {
"interfaces": [ "ens33" ]
},
"control-socket": {
"socket-type": "unix",
"socket-name": "kea4-ctrl-socket"
},
"lease-database": {
"type": "mysql",
"name": "dhcp",
"user": "kea",
"password": "abcdefghijk",
"host": "localhost",
"port": 3306
},
"expired-leases-processing": {
"reclaim-timer-wait-time": 10,
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"unwarned-reclaim-cycles": 5
},
"renew-timer": 900,
"rebind-timer": 1800,
"valid-lifetime": 3600,
"option-data": [
{
"name": "domain-name-servers",
"data": "8.8.8.8"
}
],
"client-classes": [
{
"name": "voip",
"test": "substring(option[60].hex,0,6) == 'Aastra'",
"next-server": "192.0.2.254",
"server-hostname": "hal9000",
"boot-file-name": "/dev/null"
}
],
"hooks-libraries": [
{
"library": "/usr/lib64/kea/hooks/libdhcp_lease_cmds.so"
},
{
"library": "/usr/lib64/kea/hooks/libdhcp_mysql.so"
},
{
"library": "/usr/lib64/kea/hooks/libdhcp_host_cache.so"
},
{
"library": "/usr/lib64/kea/hooks/libdhcp_radius.so",
"parameters": {
"identifier-type4": "hw-address",
"reselect-subnet-address": false,
"access": {
"servers": [
{
"name":"10.0.95.34",
"port":1812,
"secret":"testing123"
}
],
"attributes": [
{
"name": "User-Name",
"expr": "concat(concat(concat(concat(substring(hexstring(pkt4.mac, ''), 0, 4), '.'), substring(hexstring(pkt4.mac, ''), 4, 4)), '.'), substring(hexstring(pkt4.mac, ''), 8, 4))"
}
]
}
}
}
],
"subnet4": [
{
"id": 1,
"subnet": "192.168.1.0/24",
"pools": [ { "pool": "192.168.1.5 - 192.168.1.255" } ],
"option-data": [
{
"name": "routers",
"data": "192.168.3.1"
}
],
"relay": {
"ip-addresses": ["192.168.3.1"]
}
},
{
"id": 2,
"subnet": "192.168.2.0/24",
"pools": [ { "pool": "192.168.2.5 - 192.168.2.255" } ],
"option-data": [
{
"name": "routers",
"data": "192.168.3.1"
}
],
"relay": {
"ip-addresses": ["192.168.3.1"]
}
}
],
"loggers": [
{ "name": "kea-dhcp4.radius-hooks",
"output-options": [
{
"output": "/var/log/kea/radius-hooks.log"
}
],
"severity": "DEBUG",
"debuglevel": 99
},
{
"name": "kea-dhcp4",
"severity": "DEBUG",
"output_options": [
{
"output": "/var/log/kea/dhcp4.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.dhcpsrv",
"severity": "DEBUG",
"output_options": [
{
"output": "/var/log/kea/dhcp4-dhcpsrv.log",
"maxver": 10
}
]
},
{
"name": "kea-dhcp4.leases",
"severity": "DEBUG",
"output_options": [
{
"output": "/var/log/kea/dhcp4-leases.log",
"maxver": 10
}
]
}
]
}
}
This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. Unintentional recipients are prohibited from disseminating, distributing, or copying the content of this message. If you have received this message in error, please delete it immediately and notify the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250715/710b5ba1/attachment-0001.htm>
More information about the Kea-users
mailing list