FreeRADIUS 3.0.25 - Unlang Config Retrieval (Load Balancers) from within Authentication Module
Jacob Lane
admin at bitcomputing.io
Wed Sep 21 19:23:47 UTC 2022
Hi Alan!!
Thanks for getting back to me - really appreciate it :)
Yeah so I'm adapting the rlm_securid module - essentially we've got two NAS's pulled via the SQL module (raddb, mods-config, queries.conf), I was wrong calling them load-balancers - my apologies. Essentially if a packet comes in from either of those clients I need to replace their IP address with an address we configure in the config file. I know it sounds weird, but when a pin reset event occurs it involves a second request and that request may originate from the other NAS so when the securid module goes to lookup the existing session from the session tree it fails because the IP is different. The ideal solution would be to ensure that requests from the same client are always sent to the same server, alas it is not my decision. Long and short, is there a way of retrieving the details of the configured NAS clients from within a module? I don't think there is, and worst case I'll ask the client to set an attribute that marks the packet as trusted and retrieve it as it passes through the module.
Many thanks again and all the best,
Jacob
On 21/09/2022 13:54:57, Alan DeKok <aland at deployingradius.com> wrote:
On Sep 21, 2022, at 12:27 AM, Jacob Lane wrote:
> I'm currently working for a client that would like to list some servers under load-balancers in their config file and, for a somewhat convoluted reason to do with the authentication method, the IP addresses of those load balancers need to be retrieved at a later date from within an authentication module.
This is for proxying?
> I've pored over Doxygen to try and formulate a way of doing it myself but I'm coming up a little short - it would always be possible to manually parse the config file myself or include the IP Addresses in the individual config file for the module but the client would prefer to do it automatically and for the sake of robustness I'd like to at least attempt to pull those values from within FreeRADIUS before going for the other methods! If anyone has any guidance on this matter it would be very gratefully received :)
It's not possible to dynamically change IP addresses when doing load balancing for proxies. It's just too hard to implement correctly.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
More information about the Freeradius-Devel
mailing list