Help with eduroam proxying config
Scott Armitage
S.P.Armitage at lboro.ac.uk
Wed Mar 11 15:59:30 CET 2015
> On 11 Mar 2015, at 14:46, Mohamed Lrhazi <Mohamed.Lrhazi at georgetown.edu> wrote:
>
> Hello,
>
> With this config, I want to say: anyuser at anything.edu should go to eduroam,
> but I get a warning that it wont be the case.. What's the correct config:
>
> Thanks a lot,
> Mohamed.
>
> proxy.conf:
>
>
> home_server eduroam1 {
> type = auth
> ipaddr = tlrs1.eduroam.us
> port = 1645
> secret = eduroam_radius_secret
> }
> home_server eduroam2 {
> type = auth
> ipaddr = tlrs2.eduroam.us
> port = 1645
> secret = eduroam_radius_secret
> }
Why 1645 and not 1812?
> home_server_pool eduroam {
> type = fail-over
> home_server = eduroam1
> home_server = eduroam2
> }
>
> realm LOCAL {
> }
> realm NULL {
> }
> realm georgetown.edu {
> }
> realm gu.edu {
> }
>
> realm "~(.*\\.)+edu$" {
> nostrip
> auth_pool = eduroam
> }
This isn’t being a good eduroam neighbour as you will send all kinds of crap upstream, but more importantly eduroam ISN’T JUST EDU. I’d use the approach of:
In proxy.conf:
realm eduroam {
auth_pool = eduroam
nostrip
}
Then in your authorize section something like:
if("%{User-Name}" =~ /\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/) {
if(!"%{2}" || ("%{2}" =~ /.*georgetown\.edu$/i) ) {
update request {
#Stripped-User-Name := "%{1}"
Realm := "local"
}
if(!"%{2}" && ("%{User-Name}" =~ /^@/) && ("%{User-Name}" !~ /georgetown\\.edu$/i) ) {
update request {
#Stripped-User-Name := "%{1}"
Realm := "eduroam"
}
update control {
Proxy-To-Realm := "eduroam"
}
}
}
else{
update request {
#Stripped-User-Name := "%{1}@%{2}"
Realm := "%{2}"
}
}
}
regards
Scott Armitage
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 204 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20150311/36d53b2a/attachment.sig>
More information about the Freeradius-Users
mailing list