Re: JRS - Proxying v2
Alan DeKok wrote:
Arran Cudbard-Bell wrote:
Though using todays CVS (head revision for radiusd, checked out about 3
hours) , I still get Unknown type "client_balance".
Hmm.. I'll check the code && get back to you.
Also it doesn't let me put multiple servers in a server pool, and dies
on runtime with
/usr/local/freeradius-cvs060407/etc/raddb/radiusd.conf[147]: Ignoring
duplicate home server jrs1_auth.
That's not nice. I'll check that out, too.
More weirdness
Sending Access-Request of id 190 to 0.0.0.0 port 1812
User-Name = "ac221@brighton.ac.uk"
User-Password = "password"
Service-Type = Framed-User
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313532
Proxying request 4 to realm jrs, home server 0.0.0.0 port 1812
Sending Access-Request of id 190 to 0.0.0.0 port 1812
User-Name = "ac221@brighton.ac.uk"
User-Password = "password"
Service-Type = Framed-User
NAS-IP-Address = 139.184.8.1
Stripped-User-Name = "ac221"
Realm = "brighton.ac.uk"
Realm = "jrs"
Proxy-State = 0x313532
Seems to work fine when I define the host using ipaddr, as opposed to a
hostname.
Sending Access-Request of id 37 to 193.82.174.185 port 1812
User-Name = "ac221@brighton.ac.uk"
User-Password = "password"
Service-Type = Framed-User
NAS-IP-Address = 139.184.8.1
Proxy-State = 0x313738
Proxying request 4 to realm jrs, home server 193.82.174.185 port 1812
Sending Access-Request of id 37 to 193.82.174.185 port 1812
User-Name = "ac221@brighton.ac.uk"
User-Password = "password"
Service-Type = Framed-User
NAS-IP-Address = 139.184.8.1
Stripped-User-Name = "ac221"
Realm = "brighton.ac.uk"
Realm = "jrs"
Proxy-State = 0x313738
Going to the next request
Sorry, just another to add to the list :)
TCP Dump shows
14:30:41.581211 IP arr-land.co.uk.nm-asses-admin >
radius2.uscs.susx.ac.uk.radius: RADIUS, Access Request (1), id:
0xf 0 length: 72
14:30:41.581451 IP radius2.uscs.susx.ac.uk.tdp-suite > 0.0.0.0.radius:
RADIUS, Access Request (1), id: 0x83 length: 77
Really is broken...
If many home servers are intended to be identical, it may be worth
referencing the configuration from one to another, maybe via some kind
of template. That would make it just as flexible, but less typing.
Revised JRS 2
janet_servers {
server0 = roaming0.ja.net
server1 = roaming1.ja.net
server2 = roaming2.ja.net
secret = theirkey
...
home_server jrs0_auth {
hostname = ${janet_servers.server0}
$INCLUDE ${confdir}/jrs.auth.conf
}
That's an interesting way of doing templates. I think I'll add
similar examples to proxy.conf.
What would be really cool is if you made a minor change to the clients
configuration section, so that it mirrored the format
of the home_server declarations.
So that you had the three ways of defining hosts like you do in
home_server declarations
ipaddr = 127.0.0.1
ipv6addr = ::1
hostname = localhost
And then took the shortname from the instance name
so
client localhost{
hostname = localhost
nastype = other
secret = super_secret
}
As this would allow you to use variables defined elsewhere in the config.
Which
a) Keeps everything in a standard format
b) Allows you to define certain variables centrally, so that if
something changes such as the top level domain
of a bi directional proxy, you don't have to go hunting through changing
all the entries.
Though I know this breaks compatibility with 1.1.* , and I don't know
how much your trying to keep compatibility
with 1.1.*.
---
#######################################################################
# Allow the JRS proxy servers to talk to us.
client jrs_roaming0 {
hostname = ${jrs_config.server0}
nastype = other
secret = ${jrs_config.secret0}
}
client jrs_roaming1 {
hostname = ${jrs_config.server1}
nastype = other
secret = ${jrs_config.secret1}
}
client jrs_roaming2 {
hostname = ${jrs_config.server2}
nastype = other
secret = ${jrs_config.secret2}
}
Thanks,
Arran
This archive was generated by a fusion of
Pipermail (Mailman edition) and
MHonArc.