On Mon, Mar 4, 2013 at 3:27 PM, Olivier Beytrison <olivier@heliosnet.org> wrote:
On 04.03.2013 22:17, Olivier Beytrison wrote:
On 04.03.2013 21:56, Matt Zagrabelny wrote:
Greetings,
I am configuring a general purpose RADIUS server that any number of clients can connect to for authn - it uses a PostgreSQL DB as the backend datastore. I would also like to setup a secondary RADIUS server listening on a different port (ie. 1814) and use the same Pg DB as a backend, but use a "restricted" view as the "users" table, then configure devices (certain network gear) that wish to only allow users in the "restricted" view to use that secondary RADIUS server and corresponding port.
You can use the same listen ports, but group clients (which mean NAS) in two groups, and assign a specific virtual server for each groups, with different policy, database lookup and such.
Just to add, I think you should define a virtual server with a default virtual_server in the listen {} section, then for your specific NAS that needs special policy/authn, simply specify a different virtual_server in the client {} section
I also wanted to add that you'll find all the information you need here http://wiki.freeradius.org/config/Virtual-server (but my @#°@¦§¬ mail client sent the mail instead of pasting the link) :)
Hi Olivier, Thanks for the replies. I'll start digesting that wiki page soon*. I'm not sure if Debian patched the 2.1.10 line to take care of any grievous bugs, but if we start hitting them, we may need to upgrade. FWIW, we were/are running 1.1.0 on Solaris, so we'll be excited to have the new bugs to deal with. :) Cheers, -mz