Freeradius realm using multiple sql and virtual server
philemon.jaomalaza at gmail.com
Mon Jun 25 01:59:40 CEST 2018
FreeRADIUS does not connect to the database set on sql1 beacause I used pool = sql on the module sql1 so all connexion use the sql module config. I commented this line and it work now. Thank's for your help.
Now, I can continue and can you suggested to decide what the best practice and give best performance and memory usage if I want to have a separate service per client :
- define multiple virtual servers with one global "listen" section IP/port for all virtual server.
- define multiple virtual servers and each server has its listen section IP/port difffrent
- define single virtual servers and use if ....elsif....else to select the proper sql module.
It will be for more than 10 NAS and can have more than 50 NAS
De : Freeradius-Users [mailto:freeradius-users-bounces+philemon.jaomalaza=gmail.com at lists.freeradius.org] De la part de Alan DeKok
Envoyé : dimanche 24 juin 2018 01:58
À : FreeRadius users mailing list <freeradius-users at lists.freeradius.org>
Objet : Re: Freeradius realm using multiple sql and virtual server
On Jun 23, 2018, at 12:30 PM, Philemon Jaomalaza <philemon.jaomalaza at gmail.com> wrote:
> All packets come from different NAS and each NAS must authenticate its users to a specific database, I thought a virtual server will select which database should I use because I saw that it calls the modules sql. and I would configure sql1 on virtual_server1 and sql2 on virtual_server2 and so on.
Yes, that should happen if FreeRADIUS is configured properly.
> My global scenario are :
> - Now, I have more Virtual Machine where run a freeradius, using database managed by daloradius for AAA and one NAS is for one VM.
> - I want to move all database on a single dedicated server who run a freeradius using multiple database. I want to that One NAS will authentificated their users on spcific database, I think that I can do the selection of database by using the virtuel server et do the select by realm.
> like this :
> NAS1-----> userfromnas1 at realm1------virtual_server---->database1
> NAS2 ----userfromnas2 at realm2------virtual_server2-------> database2
It's really more:
NAS1-----> virtual_server1----> userfromnas1 at realm1---->database1
It may also be good to check that people logging in at "NAS1" only use "realm1:.
> What is the best scenarion to do this feature ?
As I said:
> Read raddb/sites-available/README. This documents how virtual servers work.
Edit each "client" definition, and point the client to the proper virtual server. The documentation for this is in the file I already suggested you should read.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users