Virtual server setup

Vincent Rusilowicz vrusilowicz at westipc.com
Wed May 22 22:18:56 CEST 2013


I figured out why my method did not work.  Rookie mistake, in raddb/sites-available/smoothtest  I did not put my closing bracket "}' at the end of the entire file, but at the end of the authorize section, sorry about the confusion here.

I am still intrigued by your suggestion as it seems a lot less work to meet the same goal.  If you have time an can answer my questions regarding the info you posted I would appreciate it.

Thanks

From: Alan DeKok-2 [via FreeRADIUS] [mailto:ml-node+s1045715n5720335h18 at n5.nabble.com]
Sent: Wednesday, May 22, 2013 10:17 AM
To: Vincent Rusilowicz
Subject: Re: Virtual server setup

Vincent Rusilowicz wrote:
> I have reloaded the server and started from scratch again.  I was able
> to authenticate with the default config, when adding client and user
> info.  In my effort to try and convert each client to use a separate
> virtual so separate user files

  You still haven't explained *why* you need that.  You're focusing on a
solution.  Instead, talk about the problem.  Maybe there's another
solution which is better.

> can be used I am not able to
> authenticate.  I see the auth attempt match an entry in my second_users
> file, but I get a WARNING message.

  Yes, because you butchered the configuration, and broke it.  You
deleted the "pap" module from the "authenticate" section.

  Why?  Just... why?  What possible benefit is there from destroying the
"authenticate" section?

  If you *do* want "users" files which are unique per client, there are
a few ways to do it.  The choice of solutions can depend on how many
clients you have.

  One way may be this:

- create multiple instances of the "files" module, one for each client.

- name them after the clients, so that you can keep track of which
module matches which client.  i.e. name them after the client IP
address, for simplicity.  i.e.

        files files_192.168.1.2 {
                ...
        }

- select them dynamically at run-time via a "switch" statement.

- i.e. remove the "files" reference from "authorize", and replace it
with a switch:

        switch "%{Client-IP-Address}" {
                case {
                        files
                }

                case 192.168.1.2 {
                        files_192.168.1.2
                }

                ...
        }

  And don't change *anything* else.  Butchering random things in the
configuration files is a guaranteed way to break the server.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

________________________________
If you reply to this email, your message will be added to the discussion below:
http://freeradius.1045715.n5.nabble.com/Virtual-server-setup-tp5720304p5720335.html
To unsubscribe from Virtual server setup, click here<http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=5720304&code=dnJ1c2lsb3dpY3pAd2VzdGlwYy5jb218NTcyMDMwNHw0MjEzOTIwOTc=>.
NAML<http://freeradius.1045715.n5.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130522/b5f09687/attachment.html>


More information about the Freeradius-Users mailing list