3.2.0: dynamic_home_servers ?

Stefan Winter stefan.winter at restena.lu
Tue May 31 14:42:18 UTC 2022 

FWIW,


a workaround is to wrap the "case <nothing>" with an additional check 
whether suffix has previously set Proxy-To-Realm:


case {
                                if (!control:Proxy-To-Realm) {
                                # no home server exists, ask DNS



That's okay as a workaround (so long as no DEFAULT realm is defined in 
proxy.conf; otherwise, dynamic discovery is never triggered). But I 
think it would be worthwhile to make the home_server_dynamic to work as 
expected as the root cause.


Stefan


On 31.05.22 15:53, Alan DeKok wrote:
> On May 31, 2022, at 8:51 AM, Stefan Winter<stefan.winter at restena.lu>  wrote:
>> I'm now trying this out in a more near-life environment with a long list of statically defined realms from proxy.conf AND dynamic discovery.
>    It's gone through some tests, but not a lot.
>
>> It appears that the case "0" - realm exists and is statically defined - doesn't really work, or I misunderstand what statically defined means in this context.
>    Or maybe the behavior is just wrong.  :(
>
>> In authorize, I call suffix and later the "case" conditional for dynamic home servers.
>>
>> - suffix finds the realm, sets Proxy-To-Realm
>>
>> - switch does NOT consider the realm statically defined and triggers dynamic discovery instead. This looks as follows:
>>
>> EXPAND %{home_server_dynamic:%{1}}
>>
>> -->
>    Hmm... that seems wrong.  It looks like the %{1} isn't being used?  Yeah, the underlying function assumes that it's argument is a static string.  Which is not overly useful.
>
>    So this will work:
>
> 	%{home_server_dynamic:example.com}
>
>    but this won't work:
>
> 	%{home_server_dynamic:%{foo}}
>
>
>    I've pushed a fix:https://github.com/FreeRADIUS/freeradius-server/commit/231b3d0a1caa096c897d2add8bd0d10656991d14
>
>> even though suffix has loaded the realm list and has already set Proxy-To-Realm. Full debug below, plus the realm definition:
>>
>>
>> I'm musing whether "statically defined" merely means that a realm was in the home_servers/ directory at startup already; and dynamic means it was added during runtime? That would make the whole statement much less useful...
>    Statically defined SHOULD mean that the realm is in the home_servers/ directory, AND it doesn't have "dynamic=true" set.
>
>    Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html
>
-- 
This email may contain information for limited distribution only, please treat accordingly.

Fondation Restena, Stefan WINTER
Chief Technology Officer
2, avenue de l'Université
L-4365 Esch-sur-Alzette

More information about the Freeradius-Users mailing list