Routing for a variety of realms:
route_realms {
## make sure our domains are sent to the AD proxy's
if (&Stripped-User-Domain =~ /^bath\.ac\.uk$/) {
## send requests for bath.ac.uk to the ad servers
update {
control:Load-Balance-Key := &Calling-Station-ID
control:Proxy-To-Realm := 'PROXY-AD'
request:Realm := 'PROXY-AD'
}
} else {
if (&request:NAS-Identifier =~ /^mwr-test-eduroam$/) {
## send it to janets eduroam servers
update {
control:Load-Balance-Key := &Calling-Station-ID
control:Proxy-To-Realm := 'PROXY-JANET-EDUROAM'
request:Realm := 'PROXY-JANET-EDUROAM'
## RFC5580 says that we should be nice and send a Namespace ID (1 = REALM) and an operator name
## so people know where the request came from and who to should at if there are problems
## we could carry this between servers if we ever needed to have multiple realms
#request:Operator-Name := "1bristol.ac.uk" ... just kidding :)
request:Operator-Name := "1bath.ac.uk"
}
}
if (&request:NAS-Identifier =~ /^eduroam$/) {
## send it to janets eduroam servers
update {
control:Load-Balance-Key := &Calling-Station-ID
control:Proxy-To-Realm := 'PROXY-JANET-EDUROAM'
request:Realm := 'PROXY-JANET-EDUROAM'
## RFC5580 says that we should be nice and send a Namespace ID (1 = REALM) and an operator name
## so people know where the request came from and who to should at if there are problems
## we could carry this between servers if we ever needed to have multiple realms
#request:Operator-Name := "1bristol.ac.uk" ... just kidding :)
request:Operator-Name := "1bath.ac.uk"
}
}
if (&request:Called-Station-Id =~ /:eduroam$/) {
## send it to janets eduroam servers
update {
control:Load-Balance-Key := &Calling-Station-ID
control:Proxy-To-Realm := 'PROXY-JANET-EDUROAM'
request:Realm := 'PROXY-JANET-EDUROAM'
## RFC5580 says that we should be nice and send a Namespace ID (1 = REALM) and an operator name
## so people know where the request came from and who to should at if there are problems
## we could carry this between servers if we ever needed to have multiple realms
#request:Operator-Name := "1bristol.ac.uk" ... just kidding :)
request:Operator-Name := "1bath.ac.uk"
}
}
if (&request:NAS-Identifier =~ /^govroam$/) {
## send it to janets govroam servers
update {
control:Load-Balance-Key := &Calling-Station-ID
control:Proxy-To-Realm := 'PROXY-JANET-GOVROAM'
request:Realm := 'PROXY-JANET-GOVROAM'
## RFC5580 says that we should be nice and send a Namespace ID (1 = REALM) and an operator name
## so people know where the request came from and who to should at if there are problems
## we could carry this between servers if we ever needed to have multiple realms
#request:Operator-Name := "1bristol.ac.uk" ... just kidding :)
request:Operator-Name := "1bath.ac.uk"
}
}
Many thanks to Matt Richards from Bath University for this.