Fwd: Help with multiple virtual servers setup

R3DNano r3dnano at gmail.com
Fri Jun 7 23:34:20 CEST 2019


I'm having a really hard time trying to remodel my setup.
I currently have a functioning freeradius server that validates the login
from multiple sources.

Inside the authorize section, I call a policy that validates if the user is
attempting to connect via the correct AP and, based on this, I either
reject the petition or let it go ahead down the server.


It's working fine, but I wanted to re-organise it a bit better.

The idea is that the domain users, for example, don't have to be checked
against sql sources, since they are never going to be validated this way
and also to filter users that might validate correctly from any ap, since
they will be checked against ldap, but perhaps should not be using certain
SSIDs

So, I created a "main" server that acts as a dispatcher.

This main server has only an authorize section which has the logic to
decide which virtual server it proxies the request to.


i.e.: If the SSID is "eduroam", it would

update {
control:Proxy-To-Realm := 'eduroam'
}


There is an entry in proxy.conf that handles this:

realm eduroam {
virtual_server = eduroam
nostrip
}

and so on and so forth with any other service.



I will focus on the eduroam service, since it's the most used one.

The eduroam service is an exact copy from the one that was already working
before, with its authorize, pre-proxy post-proxy sections, etc.

However, I don't see any attempt to connect to the FLR servers on my
firewall and the connection fails with a "failed to retrieve values to
evaluate the condition"


I'm afraid I'm not properly configuring the logic on the "main" server,
which acts as a dispatcher of sorts.

If anyone could just point me in the right direction on how to achieve
this, It would be nice, I seem to be missing something here.


More information about the Freeradius-Users mailing list