design question

Matt Zagrabelny mzagrabe at
Mon Mar 4 22:38:23 CET 2013

On Mon, Mar 4, 2013 at 3:27 PM, Olivier Beytrison <olivier at> wrote:
> On 04.03.2013 22:17, Olivier Beytrison wrote:
>> On 04.03.2013 21:56, Matt Zagrabelny wrote:
>>> Greetings,
>>> I am configuring a general purpose RADIUS server that any number of
>>> clients can connect to for authn - it uses a PostgreSQL DB as the
>>> backend datastore. I would also like to setup a secondary RADIUS
>>> server listening on a different port (ie. 1814) and use the same Pg DB
>>> as a backend, but use a "restricted" view as the "users" table, then
>>> configure devices (certain network gear) that wish to only allow users
>>> in the "restricted" view to use that secondary RADIUS server and
>>> corresponding port.
>> You can use the same listen ports, but group clients (which mean NAS) in
>> two groups, and assign a specific virtual server for each groups, with
>> different policy, database lookup and such.
> Just to add, I think you should define a virtual server with a default
> virtual_server in the listen {} section, then for your specific NAS that
> needs special policy/authn, simply specify a different virtual_server in the
> client {} section
> I also wanted to add that you'll find all the information you need here
> (but my @#°@¦§¬ mail client
> sent the mail instead of pasting the link) :)

Hi Olivier,

Thanks for the replies. I'll start digesting that wiki page soon*.

I'm not sure if Debian patched the 2.1.10 line to take care of any
grievous bugs, but if we start hitting them, we may need to upgrade.
FWIW, we were/are running 1.1.0 on Solaris, so we'll be excited to
have the new bugs to deal with. :)



More information about the Freeradius-Users mailing list