Question on Virtual Servers and inner-tunnel
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jan 26 10:07:24 CET 2011
On 01/25/2011 11:18 PM, Brett Littrell wrote:
> with inner-tunnel requests. So my question is wether naming the server
> inner-tunnel causes it to exclusively handle inner-tunnel requests, in
> other word is inner-tunnel a hard coded name that has to be used for
> handling inner-tunnel requests?
No. It is set in "eap.conf"; see the "virtual_server" option under the
peap and ttls stanzas.
You can also override (per-request) to use a different virtual server in
the outer tunnel e.g.
/etc/raddb/sites-available/default:
authorize {
...
if (EAP-Message) {
if (...some lookup...) {
update control {
# this directs the inner tunnel from this EAP
# session to the named virtual server
Virtual-Server := "somedifferentthing"
}
}
}
...
}
Something that might not be obvious also - the virtual server name
actually comes from the:
server NAME {
authorize {
..
}
}
..."NAME" option on the server{} block. By convention and to avoid
confusion the filename in /etc/raddb/sites-{available,enabled} is the
same, but it doesn't need to be (and in fact doesn't need to be in a
separate file)
More information about the Freeradius-Users
mailing list