Re: JRS - Proxying v2

Arran Cudbard-Bell <A.Cudbard-Bell@sussex.ac.uk> · Sat, 07 Apr 2007 23:48:37 +0100

Alan DeKok wrote:

  Yes, they're in CVS.  Also see raddb/templates.conf for some minimal
documentation.

Hmm didn't come through in the install :(

And i'm guessing templates are global too :) ? So they can also be used 

in clients and anywhere else you have to repeat something over and over 

again ??

  Almost anywhere.  Sub-sections aren't supported yet (e.g. multiple SQL
modules).

Aww, would be cool if they were. I do actually use multiple sql 

configurations, but they're just selecting data from different databases

so much of the configuration is the same. But still very nice :)

  Thanks.  It's a great feature, and it should make life much easier
with the amount of configuration that the home_server section takes.

##############
# Jrs Config
jrs_config {
       server0 = roaming0.ja.net
       server1 = roaming1.ja.net
       server2 = roaming2.ja.net
       secret0 = theirkey
       secret1 = theirkey
       secret2 = theirkey
}
templates {
       realm {
               nostrip
       }
       server_pool {
               type = client-balance
       }
       home_server {
               response_window = 20
               zombie_period = 40
               revive_interval = 120
               ping_check = request
               ping_interval = 30
               num_pings_to_alive = 3
               username = "test_user@sussex"
               password = "just_testing"
       }
}

##############
# Server Pools
realm jrs {
       auth_pool = jrs_auth_cb
       acct_pool = jrs_acct_cb
}
##############
# Server Pools
server_pool jrs_auth_cb {
                home_server = jrs0_auth
       #       home_server = jrs1_auth
       #       home_server = jrs2_auth
}
server_pool jrs_acct_cb {
                home_server = jrs0_acct
       #       home_server = jrs1_acct
       #       home_server = jrs2_acct
}
##############
# Home Servers
home_server jrs0_auth {
               hostname = ${jrs_config.server0}
               secret = ${jrs_config.secret0}
               port = 1812
               type = auth
}
home_server jrs0_acct {
               hostname = ${jrs_config.server0}
               secret = ${jrs_config.secret0}
               port = 1813
               type = acct
}
home_server jrs1_auth {
               hostname = ${jrs_config.server1}
               secret = ${jrs_config.secret1}
               port = 1812
               type = auth
}
home_server jrs1_acct {
               hostname = ${jrs_config.server1}
               secret = ${jrs_config.secret1}
               port = 1813
               type = acct
}
home_server jrs2_auth {
               hostname = ${jrs_config.server2}
               secret = ${jrs_config.secret2}
               port = 1812
               type = auth
}
home_server jrs2_acct {
               hostname = ${jrs_config.server2}
               secret = ${jrs_config.secret2}
               port = 1813
               type = acct
}

Now if only I could enable multiple home servers in the same pool ;-)

I've been thinking about the DNS issue, if every time a hostname string 

is used then a hostname lookup must be performed

then your right thats really icky. A possible solution would be 

something resembling the expressions module,

ipaddr = '%{lookup:hostname.com}

This way lookups would only be performed on HUP / server restart, so you 

get the advantages of a dynamic lookup without

the associated hammering on local / global dns servers.

Of couse you can do exactly the same thing with exec, just this would 

bring the feature into freeradius :)

If you don't feel like writing the code i'd be happy to do it, would 

make a nice starting project.

Thanks,
Arran