Go to virtual server by nas-id

classic Classic list List threaded Threaded
4 messages Options
| Threaded
Open this post in threaded view
|

Go to virtual server by nas-id

Markus Maurer
Hello everybody,

is there a way to forward radius-request, coming with a specified NAS-ID to a virtual server?

e.g. Radius-request sends username "john", password "doe" and nas-id "foo". Radius-server detects the nas-id "foo" in the request and forwards it to the virtual_server "bar".

Thanks in advance!


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Go to virtual server by nas-id

Alan DeKok-2
On Sep 2, 2019, at 2:56 AM, Markus Maurer <[hidden email]> wrote:
>
> is there a way to forward radius-request, coming with a specified NAS-ID to a virtual server?
>
> e.g. Radius-request sends username "john", password "doe" and nas-id "foo". Radius-server detects the nas-id "foo" in the request and forwards it to the virtual_server "bar".

  The only way is to accept all packets in one virtual server via a normal socket, and then proxy it internal.  You will need to set up a "home_server" which has a "virtual_server" set:

* add virtual server "foo" in sites-enabled/foo
  configure it how you want, starting from a copy of the "default" virtual server

* create a home_server_pool and home_server in proxy.conf

home_server foo {
        virtual_server = foo
}

home_server_pool foo {
        home_server = foo
}

* tell it to proxy

        ...
        if (NAS-Identifier == "foo") {
                update control {
                        Home-Server-Pool := "foo"
                }
        }

  It's a little convoluted, but it works.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Go to virtual server by nas-id

Markus Maurer
Am Montag, September 02, 2019 17:06 CEST, Alan DeKok <[hidden email]> schrieb:
 

> On Sep 2, 2019, at 2:56 AM, Markus Maurer <[hidden email]> wrote:
> >
> > is there a way to forward radius-request, coming with a specified NAS-ID to a virtual server?
> >
> > e.g. Radius-request sends username "john", password "doe" and nas-id "foo". Radius-server detects the nas-id "foo" in the request and forwards it to the virtual_server "bar".
>
>   The only way is to accept all packets in one virtual server via a normal socket, and then proxy it internal.  You will need to set up a "home_server" which has a "virtual_server" set:
>
> * add virtual server "foo" in sites-enabled/foo
>   configure it how you want, starting from a copy of the "default" virtual server
>
> * create a home_server_pool and home_server in proxy.conf
>
> home_server foo {
> virtual_server = foo
> }
>
> home_server_pool foo {
> home_server = foo
> }
>
> * tell it to proxy
>
> ...
> if (NAS-Identifier == "foo") {
> update control {
> Home-Server-Pool := "foo"
> }
> }
>
>   It's a little convoluted, but it works.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html 
 
 
 Hello Alan,

thank you very much!

The *tell to proxy part has to be in the authorize section, right?

Thx!

Best regards


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Go to virtual server by nas-id

Alan DeKok-2
On Sep 3, 2019, at 2:58 AM, Markus Maurer <[hidden email]> wrote:
>
> The *tell to proxy part has to be in the authorize section, right?

  Yes.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html