Help with eduroam proxying config

Mohamed Lrhazi Mohamed.Lrhazi at georgetown.edu
Wed Mar 11 16:27:12 CET 2015 

Thanks a lot guys, we'll try those suggestions and be back :)

My first try at freeradius, just figuring out the basics... seeing how
requests would be routed based on username and so on...

Mohamed.

On Wed, Mar 11, 2015 at 10:59 AM, Scott Armitage <S.P.Armitage at lboro.ac.uk>
wrote:

>
> > On 11 Mar 2015, at 14:46, Mohamed Lrhazi <Mohamed.Lrhazi at georgetown.edu>
> wrote:
> >
> > Hello,
> >
> > With this config, I want to say: anyuser at anything.edu should go to
> eduroam,
> > but I get a warning that it wont be the case.. What's the correct config:
> >
> > Thanks a lot,
> > Mohamed.
> >
> > proxy.conf:
> >
> >
> > home_server eduroam1 {
> >    type = auth
> >    ipaddr = tlrs1.eduroam.us
> >    port = 1645
> >    secret = eduroam_radius_secret
> > }
> > home_server eduroam2 {
> >    type = auth
> >    ipaddr = tlrs2.eduroam.us
> >    port = 1645
> >    secret = eduroam_radius_secret
> > }
>
> Why 1645 and not 1812?
>
>
> > home_server_pool eduroam {
> >    type = fail-over
> >    home_server = eduroam1
> >    home_server = eduroam2
> > }
> >
> > realm LOCAL {
> > }
> > realm NULL {
> > }
> > realm georgetown.edu {
> > }
> > realm gu.edu {
> > }
> >
> > realm "~(.*\\.)+edu$" {
> >        nostrip
> >        auth_pool = eduroam
> > }
>
>
> This isn’t being a good eduroam neighbour as you will send all kinds of
> crap upstream, but more importantly eduroam ISN’T JUST EDU.  I’d use the
> approach of:
>
> In proxy.conf:
>
>
> realm eduroam {
>     auth_pool = eduroam
>     nostrip
> }
>
> Then in your authorize section something like:
>
> if("%{User-Name}" =~ /\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/) {
>
>
>                 if(!"%{2}" || ("%{2}" =~ /.*georgetown\.edu$/i) ) {
>                         update request {
>                                 #Stripped-User-Name := "%{1}"
>                                 Realm := "local"
>                         }
>                         if(!"%{2}" && ("%{User-Name}" =~ /^@/) &&
> ("%{User-Name}" !~ /georgetown\\.edu$/i) ) {
>                                 update request {
>                                         #Stripped-User-Name := "%{1}"
>                                         Realm := "eduroam"
>                                 }
>                                 update control {
>                                         Proxy-To-Realm := "eduroam"
>                                 }
>                         }
>                 }
>                 else{
>                         update request {
>                                 #Stripped-User-Name := "%{1}@%{2}"
>                                 Realm := "%{2}"
>                         }
>                 }
>         }
>
>
>
>
> regards
>
>
> Scott Armitage
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list