Identifying Virtual-Server from Inner-Tunnel
Matthew Newton
mcn4 at leicester.ac.uk
Fri Oct 5 00:21:57 CEST 2012
On Thu, Oct 04, 2012 at 01:07:57PM -0600, Jordan Dohms wrote:
> - Depending on the virtual server the request was received through,
> call a different mschap module from the inner-tunnel or reject the
> request. (not working)
You've gone to the hassle of duplicating RADIUS server configs in
your clients and sending requests to different ports, so you could
do your check based on Packet-Dst-Port.
> If there's a better/cleaner/simpler way to do this, I'm all ears.
If there is something in the packet that can indicate which
network is being connected to, you likely don't need to use two
ports as you can just do it all in one server (testing based on
that attribute). For example, with wireless networks, you can
usually get the SSID in the request somehow.
> virtual-server? Should I need to set a separate variable in the
> outer-server and read it below?
I guess that's another way of doing it. Personally unless
functionality was a lot different (which it doesn't sound like it
is), I'd probably do it all in one outer server and test based on
request attribute or Packet-Dst-Port, but if it works then it's
OK.
Cheers
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Architect (UNIX and Networks), Network Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list