Proxy FreeRADIUS Monitoring from LB F5

CALMELS, Thierry (SOGETI REGIONS SAS) thierry.calmels.external at airbus.com
Sun Dec 16 20:32:26 CET 2018


Hello Alan


>The configuration you posted here is *not* what I proposed that you use.
>Please go back and read my message again.

I reviewed your answer and I updated as you advise but without success.

The configuration which is working is the below one with the conditional on User-Name.
I don't find it very sexy!

files
if (&User-Name != 'healthcheckVIP') {
        perl
        if (ok || updated) {
            update control {
                Auth-Type := Perl
            }
        }
}

================
I tried to make something like that, but I got the error saying the Auth-Type is not defined.

files
If (notfound) {
		Perl
....
}


Thank a lot for your support


-----Message d'origine-----
De : Freeradius-Users [mailto:freeradius-users-bounces+thierry.calmels.external=airbus.com at lists.freeradius.org] De la part de Alan DeKok
Envoyé : lundi 10 décembre 2018 22:15
À : FreeRadius users mailing list
Objet : Re: Proxy FreeRADIUS Monitoring from LB F5

On Dec 10, 2018, at 4:11 PM, CALMELS, Thierry (SOGETI REGIONS SAS) <thierry.calmels.external at airbus.com> wrote:
> 
> I am trying to give you more details

  That's good.

> The perl module has been enabled in '/etc/raddb/sites-available/default' as below
> 
> authenticate {
> 
>        Auth-Type Perl {
>                perl
>        }

  OK...

> authorize {
>>        files
>        perl
>        if (ok || updated) {
>            update control {
>            Auth-Type := Perl
>            }

  Which forces the server to use "Auth-Type perl" if the "perl" module returns "ok || updated"

>        }
> 
> The custom script perl is invoked since '/etc/raddb/mods-enabled/perl'
> perl {
>>        filename = ${modconfdir}/${.:instance}/radius_proxy.pl

  That's fine.

> 
> 
> 
>>> This might not work if you're already using the "users" file to do other things.  But since you're not really describing what you're doing, I can't really help much more than that
> I don't use the "users" file for anything else.
> As you see the 'files' module was configured before 'perl'. But unfortunately this configuration (and your proposal) seems not suitable:(

  The configuration you posted here is *not* what I proposed that you use.

  Please go back and read my message again.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.



More information about the Freeradius-Users mailing list