On Thu, Mar 14, 2013 at 03:04:08PM +0000, Jonathan Gazeley wrote: > On 14/03/13 14:26, Matthew Newton wrote: > >Just put it in the global instantiate section, as above, then use > >it in the virtual server. > > The point of my exercise is to make my FreeRADIUS config fully > modular in preparation for my suite of RADIUS servers being managed > by a config management tool, and therefore edits to a global file > are not helpful. > > I suppose I could set up an includes.d/ arrangement so snippets of > file can be dropped into place in the global config, but really I > would rather solve the problem "properly" by loading only the needed > modules in virtual servers. > > Any suggestions?
A "virtual server" is essentially a collection of config blocks for authorize/authenticate/accounting, etc, that call modules in the main server. You can configure the server to send particular packets (using listen statements, or options in clients.conf, or, e.g. EAP virtual server settings) through a particular "virtual server" - i.e. a particular config. That's it - it's a configuration. The modules are global to the server, so what you did first was right. For config management, if you really don't want it instantiated on some servers, I guess you could $INCLUDE a file instead of the instantiate{} block, and move this to a separate file dependent on the server. We do this sort of thing with cfengine, often using a symlink with the hostname in it, and the $INCLUDE is to the symlink. Then have one file per server with the required config. Cheers, Matthew -- Matthew Newton, Ph.D. <m...@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ith...@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html