Unitary testing of virtual servers on a proxy RADIUS
Hi all, with a subject line this time FreeRADIUS Version 3.0.15 here. We have a working freeradius server acting as a proxy for our customers. All customers go through the same clients pool. Clients as intended in /etc/freeradius/clients. For some new need we need to change the behavior of our server for a certain type of requests - an existing realm must now be processed locally by the server and not as a proxy -. I thought about implementing this through the use of virtual servers. It works well in our testing environment but it’s time to test it in production. The way I understand virtual servers is that they must be « declared » under the client configuration in the /etc/freeradius/clients file. The problem I am facing is that in doing so, I implement the change on all incoming authentication requests whereas I would have preferred to do so on a unique user just to be sure it would work in the production environment. Anyone has an idea? Thx Nidhal Taleb
On Jun 29, 2018, at 5:43 AM, Nidhal Taleb <n.taleb@me.com> wrote: We have a working freeradius server acting as a proxy for our customers. All customers go through the same clients pool. Clients as intended in /etc/freeradius/clients.
For some new need we need to change the behavior of our server for a certain type of requests - an existing realm must now be processed locally by the server and not as a proxy -. I thought about implementing this through the use of virtual servers. It works well in our testing environment but it’s time to test it in production.
The way I understand virtual servers is that they must be « declared » under the client configuration in the /etc/freeradius/clients file.
That's the way it works.
The problem I am facing is that in doing so, I implement the change on all incoming authentication requests whereas I would have preferred to do so on a unique user just to be sure it would work in the production environment.
You can't send just *one* user to a virtual server. See raddb/sites-available/README for documentation on how virtual servers && clients work. Alan DeKok.
OK, thank you very much
You can't send just *one* user to a virtual server.
Nidhal Taleb
Le 29 juin 2018 à 13:56, Alan DeKok <aland@deployingradius.com> a écrit :
On Jun 29, 2018, at 5:43 AM, Nidhal Taleb <n.taleb@me.com> wrote: We have a working freeradius server acting as a proxy for our customers. All customers go through the same clients pool. Clients as intended in /etc/freeradius/clients.
For some new need we need to change the behavior of our server for a certain type of requests - an existing realm must now be processed locally by the server and not as a proxy -. I thought about implementing this through the use of virtual servers. It works well in our testing environment but it’s time to test it in production.
The way I understand virtual servers is that they must be « declared » under the client configuration in the /etc/freeradius/clients file.
That's the way it works.
The problem I am facing is that in doing so, I implement the change on all incoming authentication requests whereas I would have preferred to do so on a unique user just to be sure it would work in the production environment.
You can't send just *one* user to a virtual server. See raddb/sites-available/README for documentation on how virtual servers && clients work.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Alan DeKok -
Nidhal Taleb