FreeRADIUS 3.0.25 - Unlang Config Retrieval (Load Balancers) from within Authentication Module
Alan DeKok
aland at deployingradius.com
Thu Sep 22 00:14:21 UTC 2022
On Sep 21, 2022, at 3:23 PM, Jacob Lane <admin at bitcomputing.io> wrote:
> Yeah so I'm adapting the rlm_securid module - essentially we've got two NAS's pulled via the SQL module (raddb, mods-config, queries.conf), I was wrong calling them load-balancers - my apologies.
OK...
> Essentially if a packet comes in from either of those clients I need to replace their IP address with an address we configure in the config file. I know it sounds weird, but when a pin reset event occurs it involves a second request and that request may originate from the other NAS so when the securid module goes to lookup the existing session from the session tree it fails because the IP is different.
So edit the rlm_securid module to *not* use the IP address? Just poke the securid_session_cmp() function.
> The ideal solution would be to ensure that requests from the same client are always sent to the same server, alas it is not my decision. Long and short, is there a way of retrieving the details of the configured NAS clients from within a module? I don't think there is, and worst case I'll ask the client to set an attribute that marks the packet as trusted and retrieve it as it passes through the module.
You have the source. Edit it?
Alan DeKok.
More information about the Freeradius-Devel
mailing list