Update on v4
Alan Buxey
alan.buxey at gmail.com
Tue Jul 4 10:15:11 CEST 2017
>It will unfortunately confuse the heck out of everyone who's use proxy.conf since version 0.
yes but at least now it means people have to set things up a little
better - the number of sites working in federated 802.1X environments
that have DEFAULT for
their proxy destination and thus send all irrelevant junk
upstream....at least proxying can/should now be based on simply rules
alan
On 4 July 2017 at 02:47, Alan DeKok <aland at deployingradius.com> wrote:
> On Jul 3, 2017, at 9:40 PM, Arran Cudbard-Bell <a.cudbardb at freeradius.org> wrote:
>>
>> One of the major, fundamental, changes in v4.0.x was to remove the old proxying framework. home servers, pools, realms and even proxy.conf have all been removed in favour of unhang.
>>
>> The hope is that this will make for a much shallower learning curve, as proxying is now just the same as querying an SQL database, or calling a REST API.
>
> It will unfortunately confuse the heck out of everyone who's use proxy.conf since version 0. :(
>
> Much apologies to everyone, but it's the only way to get other features in. We can always glue in proxy.conf via other methods...
>
> What's now possible in unlang:
>
> load-balance {
> home_server1
> home_server2
> home_server3
> }
>
> Which is different than the old way, but means it's all just Unlang.
>
> Or fail-over:
>
> redundant {
> home_server1
> home_server2
> home_server3
> }
>
> What's now trivial is this:
>
> authenticate pap {
> pap
> if (!ok) {
> home_server1
> }
> }
>
> i.e. auth locally, and if that fails, proxy it.
>
> Or this:
>
> recv Accounting-Request {
> ...
> home_server1 # proxy here
> home_server2 # and then here
> home_server3 # and finally here.
> }
>
> Those two examples were *impossible* before. They're now trivial.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list