Update on v4

Alan Buxey alan.buxey at gmail.com
Tue Jul 4 10:15:11 CEST 2017


>It will unfortunately confuse the heck out of everyone who's use proxy.conf since version 0.

yes but at least now it means people have to set things up a little
better - the number of sites working in federated 802.1X environments
that have DEFAULT for
their proxy destination and thus send all irrelevant junk
upstream....at least proxying can/should now be based on simply rules

alan

On 4 July 2017 at 02:47, Alan DeKok <aland at deployingradius.com> wrote:
> On Jul 3, 2017, at 9:40 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>>
>> One of the major, fundamental, changes in v4.0.x was to remove the old proxying framework.  home servers, pools, realms and even proxy.conf have all been removed in favour of unhang.
>>
>> The hope is that this will make for a much shallower learning curve, as proxying is now just the same as querying an SQL database, or calling a REST API.
>
>   It will unfortunately confuse the heck out of everyone who's use proxy.conf since version 0. :(
>
>   Much apologies to everyone, but it's the only way to get other features in.  We can always glue in proxy.conf via other methods...
>
>   What's now possible in unlang:
>
>         load-balance {
>                 home_server1
>                 home_server2
>                 home_server3
>         }
>
>   Which is different than the old way, but means it's all just Unlang.
>
>   Or fail-over:
>
>         redundant {
>                 home_server1
>                 home_server2
>                 home_server3
>         }
>
>   What's now trivial is this:
>
> authenticate pap {
>         pap
>         if (!ok) {
>                 home_server1
>         }
> }
>
>   i.e. auth locally, and if that fails, proxy it.
>
>   Or this:
>
> recv Accounting-Request {
>         ...
>         home_server1                    # proxy here
>         home_server2                    # and then here
>         home_server3                    # and finally here.
> }
>
>   Those two examples were *impossible* before.  They're now trivial.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list