3.2.0: dynamic_home_servers ?
Alan DeKok
aland at deployingradius.com
Tue May 31 13:53:18 UTC 2022
On May 31, 2022, at 8:51 AM, Stefan Winter <stefan.winter at restena.lu> wrote:
> I'm now trying this out in a more near-life environment with a long list of statically defined realms from proxy.conf AND dynamic discovery.
It's gone through some tests, but not a lot.
> It appears that the case "0" - realm exists and is statically defined - doesn't really work, or I misunderstand what statically defined means in this context.
Or maybe the behavior is just wrong. :(
> In authorize, I call suffix and later the "case" conditional for dynamic home servers.
>
> - suffix finds the realm, sets Proxy-To-Realm
>
> - switch does NOT consider the realm statically defined and triggers dynamic discovery instead. This looks as follows:
>
> EXPAND %{home_server_dynamic:%{1}}
>
> -->
Hmm... that seems wrong. It looks like the %{1} isn't being used? Yeah, the underlying function assumes that it's argument is a static string. Which is not overly useful.
So this will work:
%{home_server_dynamic:example.com}
but this won't work:
%{home_server_dynamic:%{foo}}
I've pushed a fix: https://github.com/FreeRADIUS/freeradius-server/commit/231b3d0a1caa096c897d2add8bd0d10656991d14
> even though suffix has loaded the realm list and has already set Proxy-To-Realm. Full debug below, plus the realm definition:
>
>
> I'm musing whether "statically defined" merely means that a realm was in the home_servers/ directory at startup already; and dynamic means it was added during runtime? That would make the whole statement much less useful...
Statically defined SHOULD mean that the realm is in the home_servers/ directory, AND it doesn't have "dynamic=true" set.
Alan DeKok.
More information about the Freeradius-Users
mailing list