Multi-tenancy support

Alan DeKok aland at deployingradius.com
Sun Jun 19 12:56:25 UTC 2022 

On Jun 18, 2022, at 11:51 PM, Cecil Wei <cecilwei at gmail.com> wrote:
> I am trying to build a platform that provides MAC authentication service to
> multiple organizations. There will be a captive portal for end user to
> register their device MAC address. The administrator of an organization can
> also upload a list of MAC addresses to the database. It might be possible
> that the same user MAC address appears in multiple organizations. In this
> case multiple tenants might be selected if we lookup by MAC address.

  You're going to have a very hard time building this.  The first reason is because you've promised people a solution, without understanding the problem (or what's possible).  The second is because I asked specific, and detailed questions about what your needs were.  Those questions were ignored.

  I'm trying to understand what the requirements are, in order to help you.  By not answering, you're not working towards a solution.

> I am also thinking of providing EAP authentication to multiple
> organizations and allow them to have their own root certificate. My
> understanding for this requirement is that I will need to create multiple
> EAP configurations.

  So instead of understanding the problem, you're going to try another random solution.  Which may or may not help.  But you're not sure.

> I thought that virtual server can help on providing proper data isolation
> and individual EAP configuration.

  The virtual server documentation makes it clear what virtual servers are for.  You can read the documentation to see whether or not you need different virtual servers.

> Could you share some best practices for the problems I mentioned above if
> there are over 10,000 organizations?

  Understand the problem.  Read the documentation.  When you ask for help, do what people say.

  You need to take a step back, write down the requirements, write down what's possible, and then try to *understand* what's going on.  You're just not going to solve anything by changing random things in random configuration files.

  Alan DeKok.

More information about the Freeradius-Users mailing list