3.2.0: dynamic_home_servers ?

Stefan Winter stefan.winter at restena.lu
Tue May 31 14:32:11 UTC 2022 

Hm,


that doesn't change anything:


(0) suffix: Checking for suffix after "@"
(0) suffix: Looking up realm "education.lu" for User-Name = 
"stefan at education.lu"
(0) suffix: Found realm "education.lu"
(0) suffix: Adding Realm = "education.lu"
(0) suffix: Proxying request from user stefan at education.lu to realm 
education.lu
(0) suffix: Preparing to proxy authentication request to realm 
"education.lu"
(0)     [suffix] = updated
(0) eap: No EAP-Message, not doing EAP
(0)     [eap] = noop
(0)     [expiration] = noop
(0)     [logintime] = noop
(0)     [pap] = noop
(0)     if (User-Name =~ /@(.*)$/) {
(0)     if (User-Name =~ /@(.*)$/)  -> TRUE
(0)     if (User-Name =~ /@(.*)$/)  {
(0)       switch %{home_server_dynamic:%{1}} {
(0)       EXPAND %{home_server_dynamic:%{1}}
(0)          -->
(0)         case {
(0)           update control {
(0)             Executing: 
%{config:prefix}/bin/naptr-eduroam-freeradius.sh %{1} %{config:prefix}:
(0)             EXPAND prefix
(0)                --> prefix
(0)             EXPAND %{config:prefix}/bin/naptr-eduroam-freeradius.sh
(0)                --> /opt/freeradius/3.2.0/bin/naptr-eduroam-freeradius.sh



> Statically defined SHOULD mean that the realm is in the home_servers/ 
> directory, AND it doesn't have "dynamic=true" set. 


Reading this I wonder... how are realms.conf realms / home_server_pool / 
home_server and home_servers/* meant to co-exist?


Isn't a realms.conf defined realm "education.lu" just as static as one 
that is defined via home_servers/ ? If there is no way to detect that a 
realm is already handled via normal "suffix" style Proxy-To-Realm, then 
this would mean one has to choose one or the other way of defining realms?


(And how/where/why do I set "dynamic=true" for a given 
realm/home_server? The setting in proxy.conf is a global setting?)


FWIW, freshly starting 3.2.0 with my config lists all the realms.conf 
style realms with radmin:


tld2bin #../sbin/radmin -e "show home_server list all"

[...]

158.64.1.8      1812    udp     auth+acct       unknown 0 
       (name=server_158.64.1.8, dynamic=no)
158.64.1.8      1813    udp     acct    unknown 0 
       (name=server_158.64.1.8, dynamic=no)
158.64.1.43     1812    udp     auth+acct       unknown 0 
       (name=server_158.64.1.43, dynamic=no)
158.64.1.43     1813    udp     acct    unknown 0 
       (name=server_158.64.1.43, dynamic=no)


So I kind of expected the expansion home_server_dynamic:%{1} to find 
them as "case 0". Anyway, once it does discovery as above, the new entry 
is listed, and is considered dynamic, and future expansions go to "case 1":

158.64.1.26     2083    tcp     auth    unknown 0 
       (name=education.lu, dynamic=yes)

Maybe one complication is that the home_servers defined in realms.conf 
do not have a name that gives away the realm they serve (i.e. 
server_158.64.1.8 etc.).


Greetings,


Stefan Winter



> -- 
> This email may contain information for limited distribution only, please treat accordingly.
>
> Fondation Restena, Stefan WINTER
> Chief Technology Officer
> 2, avenue de l'Université
> L-4365 Esch-sur-Alzette

More information about the Freeradius-Users mailing list