Multi-tenancy support

Alan DeKok aland at
Mon Jun 20 16:25:07 UTC 2022

On Jun 20, 2022, at 12:16 PM, Cecil Wei <cecilwei at> wrote:
> We are actually supporting our own devices (behind proxy) and
> equipments from other vendors. For requests from our own devices, I
> now know that I can do tenant lookup with our own VSA.

  This is just not appropriate.

  Every message contains a little bit of extra information.  Which means any advice I give needs to change.

  What would be polite is to accurately describe your scenario and requirements at the start.  The more you waste everyones time by giving wrong or inaccurate information, the harder it is for people to help you.

> I read the documentation of client.conf for what needs to be included
> in a client section. If I understand it correctly, to have individual
> shared secret for each tenant, I would also need to specify unique
> source IP address (ranges) of the incoming requests. Option (b) alone
> is not sufficient.
> Could you help to see if this is correct or not? Thank you.

  I suggest figuring it out yourself.  You're running the proxy, so you can do whatever you want there.

  Alan DeKok.

More information about the Freeradius-Users mailing list