Alan DeKok wrote: > Arran Cudbard-Bell wrote: > >> Though using todays CVS (head revision for radiusd, checked out about 3 >> hours) , I still get Unknown type "client_balance". >> > > Hmm.. I'll check the code && get back to you. > > >> Also it doesn't let me put multiple servers in a server pool, and dies >> on runtime with >> >> /usr/local/freeradius-cvs060407/etc/raddb/radiusd.conf[147]: Ignoring >> duplicate home server jrs1_auth. >> > > That's not nice. I'll check that out, too. > > More weirdness
Sending Access-Request of id 190 to 0.0.0.0 port 1812 User-Name = "[EMAIL PROTECTED]" User-Password = "password" Service-Type = Framed-User NAS-IP-Address = 139.184.8.1 Proxy-State = 0x313532 Proxying request 4 to realm jrs, home server 0.0.0.0 port 1812 Sending Access-Request of id 190 to 0.0.0.0 port 1812 User-Name = "[EMAIL PROTECTED]" User-Password = "password" Service-Type = Framed-User NAS-IP-Address = 139.184.8.1 Stripped-User-Name = "ac221" Realm = "brighton.ac.uk" Realm = "jrs" Proxy-State = 0x313532 Seems to work fine when I define the host using ipaddr, as opposed to a hostname. Sending Access-Request of id 37 to 193.82.174.185 port 1812 User-Name = "[EMAIL PROTECTED]" User-Password = "password" Service-Type = Framed-User NAS-IP-Address = 139.184.8.1 Proxy-State = 0x313738 Proxying request 4 to realm jrs, home server 193.82.174.185 port 1812 Sending Access-Request of id 37 to 193.82.174.185 port 1812 User-Name = "[EMAIL PROTECTED]" User-Password = "password" Service-Type = Framed-User NAS-IP-Address = 139.184.8.1 Stripped-User-Name = "ac221" Realm = "brighton.ac.uk" Realm = "jrs" Proxy-State = 0x313738 Going to the next request Sorry, just another to add to the list :) TCP Dump shows 14:30:41.581211 IP arr-land.co.uk.nm-asses-admin > radius2.uscs.susx.ac.uk.radius: RADIUS, Access Request (1), id: 0xf 0 length: 72 14:30:41.581451 IP radius2.uscs.susx.ac.uk.tdp-suite > 0.0.0.0.radius: RADIUS, Access Request (1), id: 0x83 length: 77 Really is broken... >>>> If many home servers are intended to be identical, it may be worth >>>> referencing the configuration from one to another, maybe via some kind >>>> of template. That would make it just as flexible, but less typing. >>>> >> Revised JRS 2 >> janet_servers { >> server0 = roaming0.ja.net >> server1 = roaming1.ja.net >> server2 = roaming2.ja.net >> secret = theirkey >> > ... > >> home_server jrs0_auth { >> hostname = ${janet_servers.server0} >> $INCLUDE ${confdir}/jrs.auth.conf >> } >> > > That's an interesting way of doing templates. I think I'll add > similar examples to proxy.conf. > What would be really cool is if you made a minor change to the clients configuration section, so that it mirrored the format of the home_server declarations. So that you had the three ways of defining hosts like you do in home_server declarations ipaddr = 127.0.0.1 ipv6addr = ::1 hostname = localhost And then took the shortname from the instance name so client localhost{ hostname = localhost nastype = other secret = super_secret } As this would allow you to use variables defined elsewhere in the config. Which a) Keeps everything in a standard format b) Allows you to define certain variables centrally, so that if something changes such as the top level domain of a bi directional proxy, you don't have to go hunting through changing all the entries. Though I know this breaks compatibility with 1.1.* , and I don't know how much your trying to keep compatibility with 1.1.*. --- ####################################################################### # Allow the JRS proxy servers to talk to us. client jrs_roaming0 { hostname = ${jrs_config.server0} nastype = other secret = ${jrs_config.secret0} } client jrs_roaming1 { hostname = ${jrs_config.server1} nastype = other secret = ${jrs_config.secret1} } client jrs_roaming2 { hostname = ${jrs_config.server2} nastype = other secret = ${jrs_config.secret2} } Thanks, Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html