[EXT] Multiple NAS ips in home_server for COA packets

Brian Julin BJulin at clarku.edu
Thu Apr 7 14:58:16 UTC 2022



Daniele Mantovani <dmantovani at salesianisesto.it>:
> Now I need to deploy that configuration to all my access points, that
> are around 150, and making 150 home_server configurations, one for
> every NAS, it's really long and error prone.
> Is There's any way I can specify a home_server that represents all
> those access points?

That's been a longstanding limitation of originate_coa.  In many deployments
a common secret is not used and the NAS data is taken from a flat file or database.
IIRC there may be support for doing corresponding home server definitions like this.
Possibly this will be enhanced in FreeRADIUS4 since ISTR talk of a dynamic home server
mechanism and this feature could potentially be a beneficiary of that.

It is indeed a pain to have to sync up records on other systems every time you add
move or change a NAS when you have hundreds of them.   If you have the time to
tool that into your NAS onboarding procedure it's a lot less painful, but then
you have to maintain that tooling over the long term.

Note that, depending on the NAS, CoA can often use a different secret and/or be
entirely different servers than the one that took the auth+acct, as long as they get the
session ID from accounting.  So there are two workaround options: generate the CoA from
a shelled out script instead, or relay to a 3rd party product which can usually send CoAs
directly to the NAS.  (If this is HPEAruba, there's a special nuanced trick to that.)


--
 <https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.salesianisesto.it%2F&data=04%7C01%7Cbjulin%40clarku.edu%7Cf07ce4b7afa24ec16ec108da18a267d7%7Cb5b2263d68aa453eb972aa1421410f80%7C0%7C0%7C637849383063446209%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=9HZUsv96QwC8nDbKrBkL3t0vVXlSUheiG0HCts9Fm7w%3D&reserved=0>
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.google.it%2Fmaps%2Fplace%2FOpere%2BSociali%2BDon%2BBosco%2B-%2BSalesiani%2BSesto%2F%4045.5435274%2C9.2283012%2C17z%2F&data=04%7C01%7Cbjulin%40clarku.edu%7Cf07ce4b7afa24ec16ec108da18a267d7%7Cb5b2263d68aa453eb972aa1421410f80%7C0%7C0%7C637849383063446209%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=%2FqYcrguiqEDAROS5jrkaC3u0E12jYdNdu50GlM4%2BQbs%3D&reserved=0>
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.facebook.com%2Fosdbsesto&data=04%7C01%7Cbjulin%40clarku.edu%7Cf07ce4b7afa24ec16ec108da18a267d7%7Cb5b2263d68aa453eb972aa1421410f80%7C0%7C0%7C637849383063446209%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=3R4SW7PWLpxU4R%2BFlSWNQPWARBG0Y3%2Brs58Ff26P9Ak%3D&reserved=0>
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.youtube.com%2Fuser%2Fsalesianisesto&data=04%7C01%7Cbjulin%40clarku.edu%7Cf07ce4b7afa24ec16ec108da18a267d7%7Cb5b2263d68aa453eb972aa1421410f80%7C0%7C0%7C637849383063446209%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=JEdQ%2FBcWqsMGlqu7Weun2GdobyrFUy66i2KGIo%2FGVok%3D&reserved=0>
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftwitter.com%2Fsalesianisesto&data=04%7C01%7Cbjulin%40clarku.edu%7Cf07ce4b7afa24ec16ec108da18a267d7%7Cb5b2263d68aa453eb972aa1421410f80%7C0%7C0%7C637849383063602439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=MlATOoXRTe6HGZtq54LqmS8qJUFrRPdNNkyEk07SXqM%3D&reserved=0>
<https://nam10.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.instagram.com%2Fsalesianisesto%2F&data=04%7C01%7Cbjulin%40clarku.edu%7Cf07ce4b7afa24ec16ec108da18a267d7%7Cb5b2263d68aa453eb972aa1421410f80%7C0%7C0%7C637849383063602439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=EAwJCdi%2B3fv1QbmYJsumerESCEhZthqlsfq7UUkEviA%3D&reserved=0>


-
List info/subscribe/unsubscribe? See https://nam10.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.freeradius.org%2Flist%2Fusers.html&data=04%7C01%7Cbjulin%40clarku.edu%7Cf07ce4b7afa24ec16ec108da18a267d7%7Cb5b2263d68aa453eb972aa1421410f80%7C0%7C0%7C637849383063602439%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=RNcEUb5i2%2BrvZVDRyxD%2BaiuNKTz4gnyaYjYZ7lH0usg%3D&reserved=0


More information about the Freeradius-Users mailing list