277 realms to maintain

Phil Mayers p.mayers at imperial.ac.uk
Mon Feb 25 18:17:57 CET 2013

On 02/25/2013 11:32 AM, Bertalan Voros wrote:
> Hello All,
> In order to be able to use the home server pools and fail-over I had to
> create a list of 277 realms.
> There are now 277 entires similar to this:
> realm domain.com <http://domain.com> {
>          auth_pool = my_auth_failover
>          nostrip
> }

Do all the realms point to the same or a few servers/pools?

> Could I use an $INCLUDE statement here to maintain the list of realms in
> a separate file?
> That way it would be easier to automate the creation of the realms list.
> Is there a better way of doing this?

If they all point to the same (or a small number of) server pool(s), 
then yes - don't use the suffix/realm module, and instead set Realm / 
Proxy-To-Realm manually, like so:

authorize {
   if (User-Name =~ /some regexp/) {
     update request {
       Realm := "BLAH.BLAH"
     update control {
       Proxy-To-Realm := "UPSTREAM"

Only realms from "Proxy-To-Realm" need to be defined in proxy.conf - in 
this case, UPSTREAM.

If they all point to different home server/pool(s) then you just 
continue what you're doing, using $INCLUDE.

More information about the Freeradius-Users mailing list