virtual servers

Alan DeKok aland at deployingradius.com
Thu Feb 14 14:25:51 CET 2008


Stefan Winter wrote:
> If I want to get that done with 2.0, I'm unsure how to proceed.

  You should be able to do it exactly as in 1.1.x.  However, you likely
want to do it via a *simpler* method.

> If I get a 
> tagged packet from the proxy and assign this proxy's IP address to a virtual 
> server, I could process its VSAs in that server. But then I would ideally 
> like to re-distribute the packets after that to their own virtual servers.
> Kind of like: in authorize, find out about the VSA, then set a magic 
> variable "Handoff-to-Virtual-Server := someserver", and then the packet gets 
> handed to that other virtual server automatically.
> 
> Does that make any sense? How do I do that?

  It makes sense.  It may even be relatively easy to do.  I would want
the syntax to be part of the configuration and not in RADIUS attributes,
though.  e.g.

	if (blah) {
		server = foo  # may not return
	}

  That's a little awkward, though.  Doing something like this would be a
lot easier, even if the syntax is a little more awkward:

	if (blah) {
		server[foo]
	}

  That way, the reference to server "foo" follows the existing
configuration de-reference model.  (Which isn't really documented...)

  Hmm... if that kind of syntax seems OK, then it looks to be actually
very small amounts of code.  Even adding the ability to do:

	if (blah) {
		server[%{Attr-Foo}]
	}

  would be relatively easy.  That would let you do run-time selection of
 virtual servers.

  Does this sound reasonable?

  Alan DeKok.



More information about the Freeradius-Users mailing list