[Kea-users] Shared Network with Radius Hook

Tue Jul 15 19:24:37 UTC 2025

Browsing through it, nothing catches my eye; but I was thinking service logs generally tell you where it fails at.

Jason Creviston
Sr. Network Administrator

P: 765-795-9305               2 S. West Street - P.O. Box 237, Cloverdale, IN 46120
Book an appointment with me!<https://outlook.office365.com/owa/calendar/JasonCreviston@weendeavor.com/bookings/>

[cid:codetwo-signature-logo-endeavor_1c9b8f6f-f797-4b22-a7d8-b9c8f1b0c327.png]  [cid:codetwo-gigtel-logo2_e109b7e4-b185-40fc-94f2-947f96c612cf.png]         [cid:endeavor-it-signature-2_cad37e9b-ad7b-4219-a677-f37914c8d32a.png]

weEndeavor.com<http://weendeavor.com/>  GigTel.com<http://gigtel.com/>     EndeavorIT.com<http://EndeavorIT.com>

CONFIDENTIALITY NOTICE: The information in this Email and my attachments are confidential and may be privileged. This Email is intended solely for the named recipient or recipients. If you are not the intended recipient, any use, disclosure, copying or distribution of this Email is prohibited. If you are not the intended recipient, please inform us by replying with the subject line "Wrong Address" and then delete this Email and any attachments. Endeavor Communications uses regularly updated anti-virus software in an attempt to reduce the possibility of transmitting computer viruses. We do not guarantee, however, that any attachments to this Email are virus-free.
________________________________
From: Kea-users <kea-users-bounces at lists.isc.org> on behalf of Brent Miles via Kea-users <kea-users at lists.isc.org>
Sent: Tuesday, July 15, 2025 11:20 AM
To: kea-users at lists.isc.org <kea-users at lists.isc.org>
Cc: Brent Miles <milesb at FTC.org>
Subject: [Kea-users] Shared Network with Radius Hook

CAUTION: This email is from OUTSIDE our organization. Please do not open/download any attachment or click any link unless you know it's safe.

I am trying to configure the following setup. I have a dhcp relay, a kea dhcp server, and a freeradius server. Requests come into the relay, then sent to the kea server, authorized by the radius server and address assigned by kea. I also want to have address reservations assigned by the radius framed-ip attribute using the radius hook in kea.
I have the following config (disregard the client class section, not using it)  but the service fails to start. Any obvious issues with it?

{

"Dhcp4": {
    "host-reservation-identifiers": ["hw-address"],
    "interfaces-config": {
        "interfaces": [ "ens33" ]
    },

    "control-socket": {
        "socket-type": "unix",
        "socket-name": "kea4-ctrl-socket"
    },

    "lease-database": {
        "type": "mysql",
        "name": "dhcp",
        "user": "kea",
        "password": "abcdefghijk",
        "host": "localhost",
        "port": 3306
    },

    "expired-leases-processing": {
        "reclaim-timer-wait-time": 10,
        "flush-reclaimed-timer-wait-time": 25,
        "hold-reclaimed-time": 3600,
        "max-reclaim-leases": 100,
        "max-reclaim-time": 250,
        "unwarned-reclaim-cycles": 5
    },

    "renew-timer": 900,
    "rebind-timer": 1800,
    "valid-lifetime": 3600,

    "option-data": [
        {
            "name": "domain-name-servers",
            "data": "8.8.8.8"
        }

    ],

    "client-classes": [
        {
            "name": "voip",

            "test": "substring(option[60].hex,0,6) == 'Aastra'",

            "next-server": "192.0.2.254",
            "server-hostname": "hal9000",
            "boot-file-name": "/dev/null"

        }
    ],

    "hooks-libraries": [
        {
            "library": "/usr/lib64/kea/hooks/libdhcp_lease_cmds.so"
        },
        {
            "library": "/usr/lib64/kea/hooks/libdhcp_mysql.so"
        },
        {
            "library": "/usr/lib64/kea/hooks/libdhcp_host_cache.so"
        },
        {
            "library": "/usr/lib64/kea/hooks/libdhcp_radius.so",
            "parameters": {
                "identifier-type4": "hw-address",
                "reselect-subnet-address": false,
                "access": {
                        "servers": [
                        {
                                "name":"10.0.95.34",
                                "port":1812,
                                "secret":"testing123"
                        }
                        ],
                        "attributes": [
                        {
                                "name": "User-Name",
                                "expr": "concat(concat(concat(concat(substring(hexstring(pkt4.mac, ''), 0, 4), '.'), substring(hexstring(pkt4.mac, ''), 4, 4)), '.'), substring(hexstring(pkt4.mac, ''), 8, 4))"
                        }
                        ]
                }
            }
        }
    ],

    "subnet4": [
        {
            "id": 1,
            "subnet": "192.168.1.0/24",
            "pools": [ { "pool": "192.168.1.5 - 192.168.1.255" } ],
            "option-data": [
                {
                    "name": "routers",
                    "data": "192.168.3.1"
                }
            ],
            "relay": {
                "ip-addresses": ["192.168.3.1"]
            }
        },

        {
            "id": 2,
            "subnet": "192.168.2.0/24",
            "pools": [ { "pool": "192.168.2.5 - 192.168.2.255" } ],
            "option-data": [
                {
                    "name": "routers",
                    "data": "192.168.3.1"
                }
            ],
            "relay": {
                "ip-addresses": ["192.168.3.1"]
            }
        }
    ],

    "loggers": [
      { "name": "kea-dhcp4.radius-hooks",
        "output-options": [
          {
            "output": "/var/log/kea/radius-hooks.log"
          }
        ],
        "severity": "DEBUG",
        "debuglevel": 99
      },
      {
        "name": "kea-dhcp4",
        "severity": "DEBUG",
        "output_options": [
          {
            "output": "/var/log/kea/dhcp4.log",
            "maxver": 10
          }
        ]
      },
      {
        "name": "kea-dhcp4.dhcpsrv",
        "severity": "DEBUG",
        "output_options": [
          {
            "output": "/var/log/kea/dhcp4-dhcpsrv.log",
            "maxver": 10
          }
        ]
      },
      {
        "name": "kea-dhcp4.leases",
        "severity": "DEBUG",
        "output_options": [
          {
            "output": "/var/log/kea/dhcp4-leases.log",
            "maxver": 10
          }
        ]
      }
    ]

}
}

This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. Unintentional recipients are prohibited from disseminating, distributing, or copying the content of this message. If you have received this message in error, please delete it immediately and notify the sender.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250715/08a5eff7/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: codetwo-signature-logo-endeavor_1c9b8f6f-f797-4b22-a7d8-b9c8f1b0c327.png
Type: image/png
Size: 1897 bytes
Desc: codetwo-signature-logo-endeavor_1c9b8f6f-f797-4b22-a7d8-b9c8f1b0c327.png
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250715/08a5eff7/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: codetwo-gigtel-logo2_e109b7e4-b185-40fc-94f2-947f96c612cf.png
Type: image/png
Size: 1039 bytes
Desc: codetwo-gigtel-logo2_e109b7e4-b185-40fc-94f2-947f96c612cf.png
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250715/08a5eff7/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: endeavor-it-signature-2_cad37e9b-ad7b-4219-a677-f37914c8d32a.png
Type: image/png
Size: 1214 bytes
Desc: endeavor-it-signature-2_cad37e9b-ad7b-4219-a677-f37914c8d32a.png
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20250715/08a5eff7/attachment-0005.png>