Proxy FreeRADIUS Monitoring from LB F5
aland at deployingradius.com
Sun Dec 9 21:31:45 CET 2018
On Dec 9, 2018, at 2:17 PM, CALMELS, Thierry (SOGETI REGIONS SAS) <thierry.calmels.external at airbus.com> wrote:
> We have an infrastucture using freeRadius 3 (freeradius-3.0.13-8) on RHEL7.5.
> The infrastructure implements in front a layer “PROXY RADIUS” (not based on proxy.conf usage – thus we are using a custom proxy logic).
> The infrastructure works as expected.
> The architecture is as follow:
> Client NAS --> LB BigIP F5 --> Proxy FreeRADIUS --> LB BigIP F5 --> BackEnd FreeRADIUS
I'm not sure why you need two F5s, but OK.
> However we want to improve monitoring made by F5 in front of the layer proxy Radius.
> For that, we have configured a Radius profile on the F5, based on username/password declared in the /etc/raddb/users files.
> healthcheckVIP Auth-Type:=Accept, User-Password=="my_password "
> Unfortunately, this configuration works only if the healthcheckVIP account is declared on the BackEnd FreeRADIUS!
Only if you configure the proxy to send *all* traffic to the backend.
If you configure the proxy to reply to the F5 for local users, it should work.
> The account declared on Proxy is not taken in account.
> I didn’t find any solution/setting to block the radius request at layer proxy when the account is found and credentials confirmed.
You didn't say how *else* you configured the server. i.e. how did you configure it to proxy requests?
You're not using proxy.conf, so what *are* you using?
More information about the Freeradius-Users