Eduroam with a Local Radius Config?

Nathan McDavit-Van Fleet nmcdavit at alcor.concordia.ca
Thu Feb 17 16:20:54 CET 2011


I'm trying to get Eduroam working on our existing Freeradius service. 
 
There are myriad instructions for getting Eduroam working. Unfortunately a
majority of them assume you are configuring it to only do Eduroam and
nothing else.
 
Currently I am proxying Successfully to Eduroam with the following setup:
realm concordia.ca {
}
 
realm LOCAL {
        nostrip
}
 
realm NULL {
        nostrip
}
 
realm DEFAULT {
        pool = EDUROAM-FTLR
        nostrip
}
 
I won't show the pool config for the "DEFAULT" realm. But suffice to say
that's working. Also, our legacy users who are authenticating with no realm
are working as well. What isn't working are local connections using our
local real (user at concordia.ca) and distant AAA requests from Eduroam. The
Eduroam cookbook provides some configs that appear to be helpful. But
unfortunately they're so broken I  can't even put them in my configuration.
 
What the below configs appear to do is check if they are of realm domain.tld
and then switch the Proxy-Realm. But the configs are too broken to work.
>From what I understand at the first "if" is missing a double quote, and the
second one isn't even evaluating and I can't fix it enough to get the server
to restart. I have included my fixes, but as I said the preacct if statement
still does not allow the server to restart after the config is included.
 
ORIGINAL
        authorize {
          auth_log
          suffix
          if (("%{control:Proxy-To-Realm} == "DEFAULT") && (User-Name =~
/.*@.*.domain.tld$/)) {
          update control {
              Proxy-To-Realm := NULL
          }
          }
 
        preacct {
          detail
          suffix
          if ((Proxy-To-Realm = DEFAULT) && (User-Name =~
/.*@.*.domain.tld$/))
          update control {
              Proxy-To-Realm := NULL
          }
        }
 
FIXED (???)
        authorize {
          auth_log
          suffix
          if (("%{control:Proxy-To-Realm}" == "DEFAULT") && (User-Name =~
/.*@.*.domain.tld$/)) {
          update control {
              Proxy-To-Realm := NULL
          }
          }
 
        preacct {
          detail
          suffix
          if ((Proxy-To-Realm == "DEFAULT") && (User-Name =~
/.*@.*.domain.tld$/))
          update control {
              Proxy-To-Realm := NULL
          }
        }
 
 
Nathan Van Fleet
Telecommunications Analyst
Network Assessment and Integration
IITS Concordia University
(514) 848-2424 Extension:5434
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110217/e95c79df/attachment.html>


More information about the Freeradius-Users mailing list