high level design question
Alan DeKok
aland at deployingradius.com
Thu Oct 13 23:12:50 UTC 2022
On Oct 13, 2022, at 5:22 PM, Matt Zagrabelny via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I'm standing up a new RADIUS server that needs to proxy requests to both
> single and two factor RADIUS systems. I am looking for some feedback on my
> design.
>
> I'd like the option to configure local clients to either single factor or
> two factor auth.
OK.
> The proxy server I set up could listen on 1812 and 1814. Clients that
> need/want single factor auth will request to 1812 and clients that
> need/want two factor auth will request to 1814. With corresponding acct
> listening on 1813 and 1815.
>
> Is this sensible? Are there any standard FR configurations for working with
> clients to proxy to different RADIUS servers?
You don't need different ports. You can just put the clients into a group. You can use a DB, or add extra information to the "client" section:
client foo {
ipaddr = ...
group = group1
}
client bar {
ipaddr = ...
group = group2
}
and then do:
if ("%{client:group}" == "group1") {
... proxy to server1
}
elsif ("%{client:group}" == "group2") {
... proxy to server2
}
Alan DeKok.
More information about the Freeradius-Users
mailing list