design question
Matt Zagrabelny
mzagrabe at d.umn.edu
Mon Mar 4 22:38:23 CET 2013
On Mon, Mar 4, 2013 at 3:27 PM, Olivier Beytrison <olivier at heliosnet.org> wrote:
> On 04.03.2013 22:17, Olivier Beytrison wrote:
>>
>> On 04.03.2013 21:56, Matt Zagrabelny wrote:
>>>
>>> Greetings,
>>>
>>> I am configuring a general purpose RADIUS server that any number of
>>> clients can connect to for authn - it uses a PostgreSQL DB as the
>>> backend datastore. I would also like to setup a secondary RADIUS
>>> server listening on a different port (ie. 1814) and use the same Pg DB
>>> as a backend, but use a "restricted" view as the "users" table, then
>>> configure devices (certain network gear) that wish to only allow users
>>> in the "restricted" view to use that secondary RADIUS server and
>>> corresponding port.
>>
>>
>> You can use the same listen ports, but group clients (which mean NAS) in
>> two groups, and assign a specific virtual server for each groups, with
>> different policy, database lookup and such.
>
>
> Just to add, I think you should define a virtual server with a default
> virtual_server in the listen {} section, then for your specific NAS that
> needs special policy/authn, simply specify a different virtual_server in the
> client {} section
>
> I also wanted to add that you'll find all the information you need here
> http://wiki.freeradius.org/config/Virtual-server (but my @#°@¦§¬ mail client
> sent the mail instead of pasting the link) :)
Hi Olivier,
Thanks for the replies. I'll start digesting that wiki page soon*.
I'm not sure if Debian patched the 2.1.10 line to take care of any
grievous bugs, but if we start hitting them, we may need to upgrade.
FWIW, we were/are running 1.1.0 on Solaris, so we'll be excited to
have the new bugs to deal with. :)
Cheers,
-mz
More information about the Freeradius-Users
mailing list