server selection

[Norbert Wegener]

Alan DeKok schrieb:
> Norbert Wegener wrote:
>   
>>>   That configuration can be added manually, by doing internal proxying
>>> to the virtual server.
>>>   
>>>       
>> Will this also be possible, when freeradius gets its information out of
>> a mysql database?
>>     
>
>   Of course!
>
>   
>> The only place to modify addresses I found is the preproxy_users file,
>> which seems to be used by the rlm_files module only.
>>     
>
>   I'm not sure what that means...
>
>   You could do something like:
>
> 	...
> 	update control {
> 		Proxy-To-Realm := "%{sql:SELECT ... from.. where %{NAS-IP-Addres}"
> 	}
>   
OK, but I did not yet hear about that before and it seems no topic for 
the mass media: googling for Proxy-To-Realm gives 94 results.

>   Could you describe more of your requirements??
>   
In a greater installation there are numerous different rules for vlan 
assignements. Before applying even the slightest configuration change to 
a production system, I want to make sure, that as much different 
configurations as possible have been checked to deliver those attributes 
that they are expected to.
Obviously a part of those checks can be done using radtest. Running 
radtest with  nasip as an argument should  therefore bring freeradius to 
use the server the nasip belongs to, and not the server  the machine 
running radtest belongs to.

Btw: Is eapol_test *the* tool to do such checks in an automated way for 
eap/tls authentications or is there a better one available?

Norbert Wegener

>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>   

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090109/ac38647a/attachment.html>