Thanks Alan.
I've reviewed the documentation and I'm not sure how to make it work.
The only attributes passed to the server config are related to the source IP address, which is not enough information to determine which policy to apply.
The use case is configuring FreeRADIUS to accept requests from unknown clients with different policies. By different policies I mean different authentication methods. I thought the secret key could be used to differentiate the calls and apply the correct policy. Have I missed something here?
The domain names and potentially IP addresses clients use to configure the target RADIUS server could differ. However, in the backend there would be a single server servicing requests. Not a big fan of this approach. Another way would be requiring the client to configure additional attributes to be passed down in the request. Also not a fan of this approach.
Diego
On Tue, Aug 14, 2012 at 2:52 AM, Alan DeKok
<aland@deployingradius.com> wrote:
Diego Matute wrote:
> What is the best practice for handling incoming requests which require
> different policies (i.e. secret keys) whereby the client IP is unknown?
If the client IP is unknown, then the client is unknown, and you don't
have a secret key.
And keys aren't policies. Please be careful with terminology.
> Was thinking there may be a to setup virtual servers which listen on
> different server IPs somehow?
Read the "dynamic_clients" documentation. That is how you deal with
clients which are not pre-configured.
That is the only way it can be done.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html