Re: Freeradius2 and proxing
Vincent Magnin wrote: I've writen a patch for realms.c and now, I've a better behaviour: ... Does exist a better way to use the DEFAULT realm? Nope. I've added a patch with the same behavior. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Freeradius2 and proxing
Alan DeKok [EMAIL PROTECTED] a écrit : Does exist a better way to use the DEFAULT realm? Nope. I've added a patch with the same behavior. Thank you, Vincent Magnin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius2 and proxing
Vincent Magnin wrote: Well, I've writen a patch for realms.c and now, I've a better behaviour: ... Does exist a better way to use the DEFAULT realm? I think that patch is OK. The ignore_default and ignore_null configuration for the realms module were deleted because they were a bad way to implement failover or fallback. The new unlang does it much better. But this is a simple way to do fallback for a realm that doesn't require changes to the realms module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Freeradius2 and proxing
I do not receive any comment about my supplied patch.
I will try to explain my issue better:
Freeradius 2.0.1 (or latest CVS):
src/modules/rlm_realm/rlm_realm.c:
/*
* Allow DEFAULT realms unless told not to.
*/
realm = realm_find(realmname);
if (!realm) {
DEBUG2(rlm_realm: No such realm \%s\,
(realmname == NULL) ? NULL : realmname);
return 0;
}
if (inst-ignore_default (strcmp(realm-name, DEFAULT)) == 0) {
DEBUG2(rlm_realm: Found DEFAULT, but skipping due to config.);
return 0;
}
realname contains the realm (suffix/ntdomain authorize).
If the 'realname' is not defined in proxy.conf and if a DEFAULT realm
is defined in proxy.conf; realm_find returns NULL.
Thus, the correct debug message is shown:
lm_realm: No such realm example.com
But, DEFAULT realm is not handled (- return 0).
From my point of view, something is missing here to handle the DEFAULT realm.
Regards,
Vincent Magnin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Freeradius2 and proxing
Hi, I do not receive any comment about my supplied patch. I will try to explain my issue better: I understood what you stated - and the patch does appear to handle the 'old style' 1.1.x DEFAULT handle properly. ..the old system could just be given a DEFAULT and stuff would go to it . i'm not sure if theres another quirky thing somewhere else..but your patch does seem to do what it claims :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius2 and proxing
Well,
I've writen a patch for realms.c and now, I've a better behaviour:
rlm_realm: Looking up realm extern.realm.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm DEFAULT
rlm_realm: Proxying request from user anonymous to realm DEFAULT
rlm_realm: Adding Realm = DEFAULT
rlm_realm: Preparing to proxy authentication request to realm DEFAULT
Does exist a better way to use the DEFAULT realm?
Regards,
Vincent Magnin
Vincent Magnin [EMAIL PROTECTED] a écrit :
In freeradius 1, if I need to proxy requests whose realm are remote,
I put the following in proxy.conf:
realm DEFAULT {
type = radius
authhost = remote.server1.com:1812
accthost = remote.server1.com:1813
secret =
ldflag = round_robin
nostrip }
realm DEFAULT {
type = radius
authhost = remote.server2.com:1812
accthost = remote.server2.com:1813
secret =
ldflag = round_robin
nostrip
}
I've tried to put the same lines in my freeradius2 config file and it
does not work as expected:
radius -X output:
rlm_realm: Looking up realm extern.realm.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm extern.realm.com
Then, the request is done locally.
If I put in my proxy.conf file this domain explicitely, it works fine:
realm extern.realm.com {
type = radius
authhost = remote.server2.com:1812
accthost = remote.server2.com:1813
secret =
ldflag = round_robin
nostrip
}
radius -X output:
rlm_realm: Looking up realm extern.realm.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm extern.realm.com
rlm_realm: Proxying request from user anonymous to realm extern.realm.com
rlm_realm: Adding Realm = extern.realm.com
rlm_realm: Preparing to proxy accounting request to realm
extern.realm.com
Switzerland
--- freeradius-server-2.0.1/src/main/realms.c 2008-01-09 14:39:13.0 +0100
+++ freeradius-server-2.0.1-defaultrealm/src/main/realms.c 2008-02-07 14:14:26.0 +0100
@@ -1323,11 +1323,21 @@
REALM *realm_find(const char *name)
{
REALM myrealm;
-
+ REALM *ret;
+
if (!name) name = NULL;
myrealm.name = name;
- return rbtree_finddata(realms_byname, myrealm);
+ ret = rbtree_finddata(realms_byname, myrealm);
+
+ if (!ret) {
+ const char *defrealm = DEFAULT;
+
+ myrealm.name = defrealm;
+ ret = rbtree_finddata(realms_byname, myrealm);
+ }
+
+ return ret;
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius2 and proxing
In freeradius 1, if I need to proxy requests whose realm are remote,
I put the following in proxy.conf:
realm DEFAULT {
type = radius
authhost = remote.server1.com:1812
accthost = remote.server1.com:1813
secret =
ldflag = round_robin
nostrip }
realm DEFAULT {
type = radius
authhost = remote.server2.com:1812
accthost = remote.server2.com:1813
secret =
ldflag = round_robin
nostrip
}
I've tried to put the same lines in my freeradius2 config file and it
does not work as expected:
radius -X output:
rlm_realm: Looking up realm extern.realm.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: No such realm extern.realm.com
Then, the request is done locally.
If I put in my proxy.conf file this domain explicitely, it works fine:
realm extern.realm.com {
type = radius
authhost = remote.server2.com:1812
accthost = remote.server2.com:1813
secret =
ldflag = round_robin
nostrip
}
radius -X output:
rlm_realm: Looking up realm extern.realm.com for User-Name =
[EMAIL PROTECTED]
rlm_realm: Found realm extern.realm.com
rlm_realm: Proxying request from user anonymous to realm extern.realm.com
rlm_realm: Adding Realm = extern.realm.com
rlm_realm: Preparing to proxy accounting request to realm
extern.realm.com
Regards,
Vincent Magnin
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
