Multiple incoming requests from unknown clients

Fajar A. Nugraha list at fajar.net
Tue Aug 14 15:58:55 CEST 2012


On Tue, Aug 14, 2012 at 8:40 PM, Diego Matute <dmatute at cyphercor.com> wrote:
> The use case is configuring FreeRADIUS to accept requests from unknown
> clients with different policies. By different policies I mean different
> authentication methods. I thought the secret key could be used to
> differentiate the calls and apply the correct policy. Have I missed
> something here?

what "different authentication methods"? Did you mean something like
PAP vs EAP? If yes, FR does that automatically.

>
> The domain names and potentially IP addresses clients use to configure the
> target RADIUS server could differ. However, in the backend there would be a
> single server servicing requests. Not a big fan of this approach. Another
> way would be requiring the client to configure additional attributes to be
> passed down in the request.

realms and NAS IP address are also attributes. You can (for example)
select which backend to use (e.g. which sql server, or whether to use
LDAP vs perl) based on certain attributes (including realm and NAS IP
address) using unlang: http://freeradius.org/radiusd/man/unlang.html

-- 
Fajar


More information about the Freeradius-Users mailing list