277 realms to maintain
Phil Mayers
p.mayers at imperial.ac.uk
Mon Feb 25 18:17:57 CET 2013
On 02/25/2013 11:32 AM, Bertalan Voros wrote:
> Hello All,
>
> In order to be able to use the home server pools and fail-over I had to
> create a list of 277 realms.
>
> There are now 277 entires similar to this:
>
> realm domain.com <http://domain.com> {
> auth_pool = my_auth_failover
> nostrip
> }
Do all the realms point to the same or a few servers/pools?
>
> Could I use an $INCLUDE statement here to maintain the list of realms in
> a separate file?
> That way it would be easier to automate the creation of the realms list.
>
> Is there a better way of doing this?
If they all point to the same (or a small number of) server pool(s),
then yes - don't use the suffix/realm module, and instead set Realm /
Proxy-To-Realm manually, like so:
authorize {
if (User-Name =~ /some regexp/) {
update request {
Realm := "BLAH.BLAH"
}
update control {
Proxy-To-Realm := "UPSTREAM"
}
}
...
}
Only realms from "Proxy-To-Realm" need to be defined in proxy.conf - in
this case, UPSTREAM.
If they all point to different home server/pool(s) then you just
continue what you're doing, using $INCLUDE.
More information about the Freeradius-Users
mailing list