Questions about FreeRadius proxy
Phil Mayers
p.mayers at imperial.ac.uk
Fri Mar 17 15:48:49 CET 2006
Dovelet wrote:
> Hi all,
>
> I am new in FreeRadius and I hope someone can kindly help me. I have several
> questions:
>
> Q1) I just setup a FreeRadius server and I want to set it as a Radius Proxy
> server. I know Realm can do it but I found that to use Realm, the user needs
> to append the domain @xxx.com (i.e. user01 at xxx.com) at the end. Is it true?
> Can I skip the domain @xxx.com? (i.e. user just type the username [user01]
> and the FreeRadius can proxy to another RADIUS server).
Yes, see the NULL entry in proxy.conf and set "ignore_null = no" on the
LAST one of any "realm blah" entries in radiusd.conf. Or, add an entry
to the users file setting Proxy-To-Realm (see below):
>
> Q2) Can I setup a table in the FreeRadius server with username only so that
> when the Application server request for authentication, the FreeRadius will
> proxy to another RADIUS server only if the username is listed in the table?
Yes, try this:
modules
passwd userValid {
file = /etc/raddb/validusers
format = "*User-Name:~Group"
}
}
authorize {
preprocess
userValid
# other modules
users
# other modules
}
/etc/raddb/validusers:
user01:appserver1
user02:appserver1
user03:appserver2
user04:appserver2
/etc/raddb/users
# user must be in one group
DEFAULT Group !* ANY, Auth-Type := Reject
# If not using NULL realm
DEFAULT Proxy-To-Realm := "REALMNAME"
>
> Q3) If Q2 is feasible, can I have several Application Servers and I limit
> the users from the Application servers? i.e. If user01 login Appliation
> server1, Application Server1 request the FreeRadius server. The FreeRaidus
> server check the user01 is belongs to Application Server1 group and it proxy
> the request to another RADIUS server.
>
> Application Server1
> - user01
> - user02
>
> Application Server2
> - user03
> - user04
Yes, see posts on just this topic (though not obviously so) a couple of
days ago:
http://lists.freeradius.org/pipermail/freeradius-users/2006-March/051600.html
Just out of curiosity, what is your app and upstream radius server?
More information about the Freeradius-Users
mailing list