Problemes with the mystic of freeradius configuration

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Fri Oct 8 12:47:35 CEST 2010


Hi,

> Another quest for me is to encapsulate the configuration for eduroam
> (including the users and proxy.conf(!)) into a complete independent
> configuration to use the radius server for more than eduroam.
> Unfortunately all tries to us a other file for users and proxy.conf only
> in the eduroam virtual server was unsuccessful.

the proxy.conf entries are global - so you cannot have a single
isolated way - you need to share the file.  our current recipe is quite simple,
in 'human readable' terms :

is this user a local user?  
yes -> mark realm as local
no -> mark realm as eduroam


if realm = local then update the control proxy to local
if realm = eduroam then update the control proxy to eduroam

then, in proxy.conf have your eduroam config as a nice boilerplate.


its okay - but I really really wouldnt want to drop such a configuration
on top of someone elses server as, the joy of FreeRADIUS , is that people can
do whtings in so many ways...and by defining realms and control lgoic you could/may
break their internal logic, unlang etc.


what we DO suggest is that sites have a virtual server for dealing with things that
come from their national proxies - as the proxy would already have checked that
the user is theirs etc - so you can skip lots of stuff and go straight to the authorization/authentication
stages.

alan



More information about the Freeradius-Users mailing list