<font><font face="verdana,sans-serif">Thanks Alan.</font></font><div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">I've reviewed the documentation and I'm not sure how to make it work.</font></font></div>
<div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">The only attributes passed to the server config are related to the source IP address, which is not enough information to determine which policy to apply.</font></font></div>
<div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">The use case is configuring FreeRADIUS to accept requests from unknown clients with different policies. By different policies I mean different authentication methods. I thought the secret key could be used to differentiate the calls and apply the correct policy. Have I missed something here?</font></font></div>
<div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">The domain names and potentially IP addresses clients use to configure the target RADIUS server could differ. However, in the backend there would be a single server servicing requests. Not a big fan of this approach. Another way would be requiring the client to configure additional attributes to be passed down in the request. Also not a fan of this approach.</font></font></div>
<div><font><font face="verdana,sans-serif"><br></font></font></div><div><font><font face="verdana,sans-serif">Diego<br></font></font><br><div class="gmail_quote">On Tue, Aug 14, 2012 at 2:52 AM, Alan DeKok <span dir="ltr"><<a href="mailto:aland@deployingradius.com" target="_blank">aland@deployingradius.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">Diego Matute wrote:<br>
> What is the best practice for handling incoming requests which require<br>
> different policies (i.e. secret keys) whereby the client IP is unknown?<br>
<br>
</div> If the client IP is unknown, then the client is unknown, and you don't<br>
have a secret key.<br>
<br>
And keys aren't policies. Please be careful with terminology.<br>
<div class="im"><br>
> Was thinking there may be a to setup virtual servers which listen on<br>
> different server IPs somehow?<br>
<br>
</div> Read the "dynamic_clients" documentation. That is how you deal with<br>
clients which are not pre-configured.<br>
<br>
That is the only way it can be done.<br>
<span class="HOEnZb"><font color="#888888"><br>
Alan DeKok.<br>
-<br>
List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br>
</font></span></blockquote></div><br></div>