Multi-tenancy support

Sun Jun 19 14:58:01 UTC 2022

This is a pretty big project. I suspect, these are paying subscribers. Not
some type of open net work to provide free Internet to the masses.

In this particular case, I would suggest you actually pay for support from
the commercial side of free radius. They can design you a pretty good
solution. Although I’ve never used them for support, a couple of my clients
have. They cannot say enough about the support they receive. It’s all been
positive.

I am willing to bet you the money you spend on initial consult plus a year
of support will save you much much more then the time that you’re going to
need to get this project going.

Now, to your original problem. Can free radius do what you want to? Yes.
How do you do that? Well, there are a lot more questions you’re gonna have
to ask before you get a good answer on that.

Not trying to me mean or snarky here. I’ve just gotten to the point where
my time is very valuable. I guess that comes with becoming an old fart. Pay
someone to help you designed this. You will have a lot less headaches and
be happier at the end.

John

On Sun, Jun 19, 2022 at 08:56 Alan DeKok <aland at deployingradius.com> wrote:

> On Jun 18, 2022, at 11:51 PM, Cecil Wei <cecilwei at gmail.com> wrote:
> > I am trying to build a platform that provides MAC authentication service
> to
> > multiple organizations. There will be a captive portal for end user to
> > register their device MAC address. The administrator of an organization
> can
> > also upload a list of MAC addresses to the database. It might be possible
> > that the same user MAC address appears in multiple organizations. In this
> > case multiple tenants might be selected if we lookup by MAC address.
>
>   You're going to have a very hard time building this.  The first reason
> is because you've promised people a solution, without understanding the
> problem (or what's possible).  The second is because I asked specific, and
> detailed questions about what your needs were.  Those questions were
> ignored.
>
>   I'm trying to understand what the requirements are, in order to help
> you.  By not answering, you're not working towards a solution.
>
> > I am also thinking of providing EAP authentication to multiple
> > organizations and allow them to have their own root certificate. My
> > understanding for this requirement is that I will need to create multiple
> > EAP configurations.
>
>   So instead of understanding the problem, you're going to try another
> random solution.  Which may or may not help.  But you're not sure.
>
> > I thought that virtual server can help on providing proper data isolation
> > and individual EAP configuration.
>
>   The virtual server documentation makes it clear what virtual servers are
> for.  You can read the documentation to see whether or not you need
> different virtual servers.
>
> > Could you share some best practices for the problems I mentioned above if
> > there are over 10,000 organizations?
>
>   Understand the problem.  Read the documentation.  When you ask for help,
> do what people say.
>
>   You need to take a step back, write down the requirements, write down
> what's possible, and then try to *understand* what's going on.  You're just
> not going to solve anything by changing random things in random
> configuration files.
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>