Trying to do proxy using realm and 2 VS

Thu, 28 Mar 2013 08:48:50 -0700 

Hi all,

I'm currently working on a fresh FreeRadius 2.x install, in order to separate 
Radius auth for Administrators (Firewall, Routeurs & Switchs administration) 
and Customers access (VPN SSL / IPSec).

My first try was to rewrite all the config into virtual servers (previously, 
all was written into radiusd.conf :().

So what I did :

[root@server   /etc/raddb]$ ll sites-enabled/
total 0
lrwxrwxrwx. 1 root root 33 Mar 19 12:01 administrator -> 
/etc/raddb/sites-available/administrator
lrwxrwxrwx. 1 root root 43 Mar 26 18:16 customer -> 
/etc/raddb/sites-available/coreye_customers

This is my two VS :

server administrator {
# Authenticate / Authorize listener
        listen {
                ipaddr = *
                port = 1600
                type = auth
        }
# Accounting listener
        listen {
                ipaddr = *
                port = 1601
                type = acct
        }
[...]


server customer {

# Authenticate / Authorize listener
        listen {
                ipaddr = *
                port = 1602
                type = auth
        }
# Accounting listener
        listen {
                ipaddr = *
                port = 1603
                type = acct
        }
[...]

And in order to proxy, I want to forward using proxy depending realm 
(proxy.conf)

realm ".*customer$" {
        virtual_server = customer
}

realm ".*admin$" {
        virtual_server = administrator
}

realm NULL {
        virtual_server = administrator
}


But when logging into Radius, it works for VS Administrator (login admin or 
user@admin), but if I try using login@customer, it's never proxy to virtual 
server customer.

I tried different methods always shown in the mailing list, but no way, it's 
never working ...

Proxy to realm into authorize section :
if (Realm == customer) {
                        update control {
                                Proxy-To-Realm := customer
                        }
                }

Not working ... The request is always managed by administrator vs.
Always played using dynamic clients example and 
FreeRADIUS-Client-Virtual-Server = "customer", but not working again.

I suspect the problem located in my NAS MySQL table, where "server" column is 
forced to virtual server "administrator"

Is anything I missed to do ? What's the best solution to do this kind of 
configuration when nas are stored in MySQL DB, and some of the nas clients 
could be used by different virtual servers ? What the is the best way to have a 
single radius IP server, and two different virtual servers with two different 
set of rules ?

Thanks in advance for your help !

Fabien VINCENT
http://www.coreye.fr<http://www.coreye.fr/>



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to