Moving to Virtual Servers

Alan DeKok aland at deployingradius.com
Fri Aug 6 08:46:26 CEST 2010


Cory Johnson wrote:
> I have already configured the ldap module, as well as added some lines
> to the users file. Before "virtualizing" I am able to authenticate my
> ldap users via radtest.

  FreeRADIUS *ships* with multiple virtual servers enabled.  It's
already "virtualized".

> Here's the config that works against LDAP, before trying to add to a
> virtual server:

  If it works, please don't post the configuration.

> ...And the output from a test in debug mode (edited out passwords and
> password hashes):

  Again, if it works, there's no need to post the debug output, because
there is nothing to debug.

> Here's the changes I made to the config, attempting to add current setup
> to virtual server "server_one":
...
> server server_one {
> }

  Um... the virtual server needs to have *some* content.  See the
examples on the Wiki page.  See raddb/sites-available/inner-tunnel.  See
the other virtual servers in raddb/sites-available.

> The rest of the config is the same. The server will start, but now I
> can't see my LDAP users, heres the log entry:
> server server_one {
> Login incorrect: [cjohnson/s3cret] (from client 192.168.1.0/24 port 0)
> I'm sorry but you appear to have entered a incorrect password or you may
> not be authorized to access this equipment
> } # server server_one

  Exactly.  There is NOTHING inside of that virtual server.

> Is there something I need to put within server section? It's as if the
> ldap module and the users file aren't being referenced anymore.

  Yes.  There is NOTHING inside of that virtual server.

> Any tips or references to complete examples where virtual servers are
> set up in this way? If someone could take a moment to point me in the
> right direction I would certainly appreciate it.

  The server SHIPS with 10+ examples of virtual servers.  Go read them.

  Alan DeKok.



More information about the Freeradius-Users mailing list