Vincent Rusilowicz wrote: > I have a Multi Tennant VPN gateway that I terminate multiple customers > on. If I authenticate sessions to local database on router there is no > segregation, so one customer can authenticate to another customers VPN > (inserting the connection into that specific VRF) with any local > username password on the router. I can source radius auth requests from > IP’s specific to individual customer VRF’s and need to use a segregated > username password database to service these requests. I would like the > solution to be able to scale to at least 100 clients that use individual > username/password files. Is the solution you recommended above the best > way to handle this.
No. This is what databases are for. Create a database with 3 columns. One is client IP. The second is the user name. The third is the password. When the server receives a request, you can select the password by client IP and user-name. That leaves RADIUS doing RADIUS work, and databases storing data. Using the RADIUS server to store lots of client accounts works, but is best to avoid for complicated situations. > Are you saying make multiple instances inside the existing files module, > like how “second_files” was created, or copy the files module multiple > times to creating client specifi file names and modify its content to > files files_192.168.1.2 { . Yes. > If I use the above I would only need to add the : > > case 192.168.1.2 { > files_192.168.1.2 > > section for each additional client correct and files module created right? Yes. > For this method I should remove the virtual server I created and add the > lines you suggest to the default file in sites-available in the > authorize section? Yes. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html