JRS - Proxying v2

Alan DeKok aland at deployingradius.com
Fri Apr 6 22:47:15 CEST 2007

Arran Cudbard-Bell wrote:
> Just to make sure i've got the right idea about v2 realms.
> Here is an example config for the Janet Roaming Service, which allows 
> users at any academic institution in the UK
> to authenticate at any other .
> The version 1 realm JRS

  Short, but almost no configurability.
> The version 2 realm JRS

  Longer, but more configurable.

  As of Thursday's CVS, one of the "type" options for a server_pool is
"type = client_balance", which maps N clients to one home server.  It's
not as good as real load balancing, but much less work than tracking
individual EAP sessions.
> server_pool jrs_acct_balance {
>         home_server = jrs1_auth
>         home_server = jrs2_auth

  I hope not.  An accounting pool needs to reference accounting servers,
not authentication servers.  Maybe I missed one sanity check.  If so,
I'll fix that.

> home_server jrs1_auth {
>         type = auth
>         hostname = roaming1.ja.net
>         port = 1812
>         secret = theirsecret
>         response_window = 20
>         zombie_period = 40
>         revive_interval = 120
>         ping_check = request

  You'll have to specify a username && password, too.

>         ping_interval = 30
>         num_pings_to_alive = 3

  Many of these new configuration options can be left at the defaults.

> Very long, but I can see the advantages :)


  If many home servers are intended to be identical, it may be worth
referencing the configuration from one to another, maybe via some kind
of template.  That would make it just as flexible, but less typing.

  Alan DeKok.
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog

More information about the Freeradius-Users mailing list