Problemes with the mystic of freeradius configuration
Alan Buxey
A.L.M.Buxey at lboro.ac.uk
Fri Oct 8 12:47:35 CEST 2010
Hi,
> Another quest for me is to encapsulate the configuration for eduroam
> (including the users and proxy.conf(!)) into a complete independent
> configuration to use the radius server for more than eduroam.
> Unfortunately all tries to us a other file for users and proxy.conf only
> in the eduroam virtual server was unsuccessful.
the proxy.conf entries are global - so you cannot have a single
isolated way - you need to share the file. our current recipe is quite simple,
in 'human readable' terms :
is this user a local user?
yes -> mark realm as local
no -> mark realm as eduroam
if realm = local then update the control proxy to local
if realm = eduroam then update the control proxy to eduroam
then, in proxy.conf have your eduroam config as a nice boilerplate.
its okay - but I really really wouldnt want to drop such a configuration
on top of someone elses server as, the joy of FreeRADIUS , is that people can
do whtings in so many ways...and by defining realms and control lgoic you could/may
break their internal logic, unlang etc.
what we DO suggest is that sites have a virtual server for dealing with things that
come from their national proxies - as the proxy would already have checked that
the user is theirs etc - so you can skip lots of stuff and go straight to the authorization/authentication
stages.
alan
More information about the Freeradius-Users
mailing list