Re: Freeradius2 and proxing
Vincent Magnin wrote: I've writen a patch for realms.c and now, I've a better behaviour: ... Does exist a better way to use the DEFAULT realm? Nope. I've added a patch with the same behavior. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Freeradius2 and proxing
Alan DeKok [EMAIL PROTECTED] a écrit : Does exist a better way to use the DEFAULT realm? Nope. I've added a patch with the same behavior. Thank you, Vincent Magnin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius2 and proxing
Vincent Magnin wrote: Well, I've writen a patch for realms.c and now, I've a better behaviour: ... Does exist a better way to use the DEFAULT realm? I think that patch is OK. The ignore_default and ignore_null configuration for the realms module were deleted because they were a bad way to implement failover or fallback. The new unlang does it much better. But this is a simple way to do fallback for a realm that doesn't require changes to the realms module. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Freeradius2 and proxing
I do not receive any comment about my supplied patch. I will try to explain my issue better: Freeradius 2.0.1 (or latest CVS): src/modules/rlm_realm/rlm_realm.c: /* * Allow DEFAULT realms unless told not to. */ realm = realm_find(realmname); if (!realm) { DEBUG2(rlm_realm: No such realm \%s\, (realmname == NULL) ? NULL : realmname); return 0; } if (inst-ignore_default (strcmp(realm-name, DEFAULT)) == 0) { DEBUG2(rlm_realm: Found DEFAULT, but skipping due to config.); return 0; } realname contains the realm (suffix/ntdomain authorize). If the 'realname' is not defined in proxy.conf and if a DEFAULT realm is defined in proxy.conf; realm_find returns NULL. Thus, the correct debug message is shown: lm_realm: No such realm example.com But, DEFAULT realm is not handled (- return 0). From my point of view, something is missing here to handle the DEFAULT realm. Regards, Vincent Magnin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re: Freeradius2 and proxing
Hi, I do not receive any comment about my supplied patch. I will try to explain my issue better: I understood what you stated - and the patch does appear to handle the 'old style' 1.1.x DEFAULT handle properly. ..the old system could just be given a DEFAULT and stuff would go to it . i'm not sure if theres another quirky thing somewhere else..but your patch does seem to do what it claims :-) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Freeradius2 and proxing
Well, I've writen a patch for realms.c and now, I've a better behaviour: rlm_realm: Looking up realm extern.realm.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm DEFAULT rlm_realm: Proxying request from user anonymous to realm DEFAULT rlm_realm: Adding Realm = DEFAULT rlm_realm: Preparing to proxy authentication request to realm DEFAULT Does exist a better way to use the DEFAULT realm? Regards, Vincent Magnin Vincent Magnin [EMAIL PROTECTED] a écrit : In freeradius 1, if I need to proxy requests whose realm are remote, I put the following in proxy.conf: realm DEFAULT { type = radius authhost = remote.server1.com:1812 accthost = remote.server1.com:1813 secret = ldflag = round_robin nostrip } realm DEFAULT { type = radius authhost = remote.server2.com:1812 accthost = remote.server2.com:1813 secret = ldflag = round_robin nostrip } I've tried to put the same lines in my freeradius2 config file and it does not work as expected: radius -X output: rlm_realm: Looking up realm extern.realm.com for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm extern.realm.com Then, the request is done locally. If I put in my proxy.conf file this domain explicitely, it works fine: realm extern.realm.com { type = radius authhost = remote.server2.com:1812 accthost = remote.server2.com:1813 secret = ldflag = round_robin nostrip } radius -X output: rlm_realm: Looking up realm extern.realm.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm extern.realm.com rlm_realm: Proxying request from user anonymous to realm extern.realm.com rlm_realm: Adding Realm = extern.realm.com rlm_realm: Preparing to proxy accounting request to realm extern.realm.com Switzerland --- freeradius-server-2.0.1/src/main/realms.c 2008-01-09 14:39:13.0 +0100 +++ freeradius-server-2.0.1-defaultrealm/src/main/realms.c 2008-02-07 14:14:26.0 +0100 @@ -1323,11 +1323,21 @@ REALM *realm_find(const char *name) { REALM myrealm; - + REALM *ret; + if (!name) name = NULL; myrealm.name = name; - return rbtree_finddata(realms_byname, myrealm); + ret = rbtree_finddata(realms_byname, myrealm); + + if (!ret) { + const char *defrealm = DEFAULT; + + myrealm.name = defrealm; + ret = rbtree_finddata(realms_byname, myrealm); + } + + return ret; } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Freeradius2 and proxing
In freeradius 1, if I need to proxy requests whose realm are remote, I put the following in proxy.conf: realm DEFAULT { type = radius authhost = remote.server1.com:1812 accthost = remote.server1.com:1813 secret = ldflag = round_robin nostrip } realm DEFAULT { type = radius authhost = remote.server2.com:1812 accthost = remote.server2.com:1813 secret = ldflag = round_robin nostrip } I've tried to put the same lines in my freeradius2 config file and it does not work as expected: radius -X output: rlm_realm: Looking up realm extern.realm.com for User-Name = [EMAIL PROTECTED] rlm_realm: No such realm extern.realm.com Then, the request is done locally. If I put in my proxy.conf file this domain explicitely, it works fine: realm extern.realm.com { type = radius authhost = remote.server2.com:1812 accthost = remote.server2.com:1813 secret = ldflag = round_robin nostrip } radius -X output: rlm_realm: Looking up realm extern.realm.com for User-Name = [EMAIL PROTECTED] rlm_realm: Found realm extern.realm.com rlm_realm: Proxying request from user anonymous to realm extern.realm.com rlm_realm: Adding Realm = extern.realm.com rlm_realm: Preparing to proxy accounting request to realm extern.realm.com Regards, Vincent Magnin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html