JRS - Proxying v2
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Sun Apr 8 00:48:37 CEST 2007
Alan DeKok wrote:
> Yes, they're in CVS. Also see raddb/templates.conf for some minimal
> documentation.
>
Hmm didn't come through in the install :(
>> And i'm guessing templates are global too :) ? So they can also be used
>> in clients and anywhere else you have to repeat something over and over
>> again ??
>>
>
> Almost anywhere. Sub-sections aren't supported yet (e.g. multiple SQL
> modules).
>
Aww, would be cool if they were. I do actually use multiple sql
configurations, but they're just selecting data from different databases
so much of the configuration is the same. But still very nice :)
> Thanks. It's a great feature, and it should make life much easier
> with the amount of configuration that the home_server section takes.
>
##############
# Jrs Config
jrs_config {
server0 = roaming0.ja.net
server1 = roaming1.ja.net
server2 = roaming2.ja.net
secret0 = theirkey
secret1 = theirkey
secret2 = theirkey
}
templates {
realm {
nostrip
}
server_pool {
type = client-balance
}
home_server {
response_window = 20
zombie_period = 40
revive_interval = 120
ping_check = request
ping_interval = 30
num_pings_to_alive = 3
username = "test_user at sussex"
password = "just_testing"
}
}
##############
# Server Pools
realm jrs {
auth_pool = jrs_auth_cb
acct_pool = jrs_acct_cb
}
##############
# Server Pools
server_pool jrs_auth_cb {
home_server = jrs0_auth
# home_server = jrs1_auth
# home_server = jrs2_auth
}
server_pool jrs_acct_cb {
home_server = jrs0_acct
# home_server = jrs1_acct
# home_server = jrs2_acct
}
##############
# Home Servers
home_server jrs0_auth {
hostname = ${jrs_config.server0}
secret = ${jrs_config.secret0}
port = 1812
type = auth
}
home_server jrs0_acct {
hostname = ${jrs_config.server0}
secret = ${jrs_config.secret0}
port = 1813
type = acct
}
home_server jrs1_auth {
hostname = ${jrs_config.server1}
secret = ${jrs_config.secret1}
port = 1812
type = auth
}
home_server jrs1_acct {
hostname = ${jrs_config.server1}
secret = ${jrs_config.secret1}
port = 1813
type = acct
}
home_server jrs2_auth {
hostname = ${jrs_config.server2}
secret = ${jrs_config.secret2}
port = 1812
type = auth
}
home_server jrs2_acct {
hostname = ${jrs_config.server2}
secret = ${jrs_config.secret2}
port = 1813
type = acct
}
Now if only I could enable multiple home servers in the same pool ;-)
I've been thinking about the DNS issue, if every time a hostname string
is used then a hostname lookup must be performed
then your right thats really icky. A possible solution would be
something resembling the expressions module,
ipaddr = '%{lookup:hostname.com}
This way lookups would only be performed on HUP / server restart, so you
get the advantages of a dynamic lookup without
the associated hammering on local / global dns servers.
Of couse you can do exactly the same thing with exec, just this would
bring the feature into freeradius :)
If you don't feel like writing the code i'd be happy to do it, would
make a nice starting project.
Thanks,
Arran
More information about the Freeradius-Users
mailing list