design question

Olivier Beytrison olivier at heliosnet.org
Mon Mar 4 22:27:03 CET 2013


On 04.03.2013 22:17, Olivier Beytrison wrote:
> On 04.03.2013 21:56, Matt Zagrabelny wrote:
>> Greetings,
>>
>> I am configuring a general purpose RADIUS server that any number of
>> clients can connect to for authn - it uses a PostgreSQL DB as the
>> backend datastore. I would also like to setup a secondary RADIUS
>> server listening on a different port (ie. 1814) and use the same Pg DB
>> as a backend, but use a "restricted" view as the "users" table, then
>> configure devices (certain network gear) that wish to only allow users
>> in the "restricted" view to use that secondary RADIUS server and
>> corresponding port.
>
> You can use the same listen ports, but group clients (which mean NAS) in
> two groups, and assign a specific virtual server for each groups, with
> different policy, database lookup and such.

Just to add, I think you should define a virtual server with a default 
virtual_server in the listen {} section, then for your specific NAS that 
needs special policy/authn, simply specify a different virtual_server in 
the client {} section

I also wanted to add that you'll find all the information you need here 
http://wiki.freeradius.org/config/Virtual-server (but my @#°@¦§¬ mail 
client sent the mail instead of pasting the link) :)

Olivier



More information about the Freeradius-Users mailing list