Handling multiple customers with one radius instance
Alan DeKok
aland at deployingradius.com
Tue Jul 14 16:31:05 CEST 2015
On Jul 14, 2015, at 10:01 AM, Manfred Wolf <Manfred.Wolf at cosmokey.com> wrote:
> we want to install one central freeradius that handles requests from
> multiple
> customers. Nearly all the handling for those customers is the same. Even the
> database should be the same. Just the namespace for each customer's
> users should
> be different, so that for example customer1 and customer2 can both have
> a joe
> user.
This is largely a database issue.
Extend the default schema so that each user has a "customer" column. Then, add a "customer" qualifier to the FreeRADIUS queries.
> We're currently using the default sql user database, but this one
> doesn't seem
> to support this directly. On the other hand, we want
> radiusclient1.customer1 and
> radiusclient2.customer1 to be handled identically.
> Is there a special module that could help us achieving this or what
> would be the
> best way to solve this kind of problem?
The best way to solve custom requirements is custom configurations.
> We have searched around and come across a few possible ways tho we are
> not sure
> if they are good or would work at all. Anyway, those are:
> 1. Somehow check for the client IP using sql queries. Tho this way it
> might be
> hard if not impossible to that vpnserver1.customer1 and
> vpnserver2.customer2
> both belong to customer1
I don't think that example makes sense.
If you have multiple customers sharing one NAS, then the User-Names *must* include customer information, e.g. "user at realm".
If you have a NAS belonging to only one customer, then you can group the NASes, and key off of the customer group. See the rlm_passwd module for examples of creating custom groups.
Then, just select from the DB by username and customer identifier.
Alan DeKok.
More information about the Freeradius-Users
mailing list