Multiple incoming requests from unknown clients
Diego Matute
dmatute at cyphercor.com
Tue Aug 14 15:40:14 CEST 2012
Thanks Alan.
I've reviewed the documentation and I'm not sure how to make it work.
The only attributes passed to the server config are related to the source
IP address, which is not enough information to determine which policy to
apply.
The use case is configuring FreeRADIUS to accept requests from unknown
clients with different policies. By different policies I mean different
authentication methods. I thought the secret key could be used to
differentiate the calls and apply the correct policy. Have I missed
something here?
The domain names and potentially IP addresses clients use to configure the
target RADIUS server could differ. However, in the backend there would be a
single server servicing requests. Not a big fan of this approach. Another
way would be requiring the client to configure additional attributes to be
passed down in the request. Also not a fan of this approach.
Diego
On Tue, Aug 14, 2012 at 2:52 AM, Alan DeKok <aland at deployingradius.com>wrote:
> Diego Matute wrote:
> > What is the best practice for handling incoming requests which require
> > different policies (i.e. secret keys) whereby the client IP is unknown?
>
> If the client IP is unknown, then the client is unknown, and you don't
> have a secret key.
>
> And keys aren't policies. Please be careful with terminology.
>
> > Was thinking there may be a to setup virtual servers which listen on
> > different server IPs somehow?
>
> Read the "dynamic_clients" documentation. That is how you deal with
> clients which are not pre-configured.
>
> That is the only way it can be done.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120814/812e1922/attachment.html>
More information about the Freeradius-Users
mailing list