siteadmin:freeradius_useful_configuration
Routing for a variety of realms:
route_realms { ## make sure our domains are sent to the AD proxy's if (&Stripped-User-Domain =~ /^bath\.ac\.uk$/) { ## send requests for bath.ac.uk to the ad servers update { control:Load-Balance-Key := &Calling-Station-ID control:Proxy-To-Realm := 'PROXY-AD' request:Realm := 'PROXY-AD' } } else { if (&request:NAS-Identifier =~ /^mwr-test-eduroam$/) { ## send it to janets eduroam servers update { control:Load-Balance-Key := &Calling-Station-ID control:Proxy-To-Realm := 'PROXY-JANET-EDUROAM' request:Realm := 'PROXY-JANET-EDUROAM' ## RFC5580 says that we should be nice and send a Namespace ID (1 = REALM) and an operator name ## so people know where the request came from and who to should at if there are problems ## we could carry this between servers if we ever needed to have multiple realms #request:Operator-Name := "1bristol.ac.uk" ... just kidding :) request:Operator-Name := "1bath.ac.uk" } } if (&request:NAS-Identifier =~ /^eduroam$/) { ## send it to janets eduroam servers update { control:Load-Balance-Key := &Calling-Station-ID control:Proxy-To-Realm := 'PROXY-JANET-EDUROAM' request:Realm := 'PROXY-JANET-EDUROAM' ## RFC5580 says that we should be nice and send a Namespace ID (1 = REALM) and an operator name ## so people know where the request came from and who to should at if there are problems ## we could carry this between servers if we ever needed to have multiple realms #request:Operator-Name := "1bristol.ac.uk" ... just kidding :) request:Operator-Name := "1bath.ac.uk" } } if (&request:Called-Station-Id =~ /:eduroam$/) { ## send it to janets eduroam servers update { control:Load-Balance-Key := &Calling-Station-ID control:Proxy-To-Realm := 'PROXY-JANET-EDUROAM' request:Realm := 'PROXY-JANET-EDUROAM' ## RFC5580 says that we should be nice and send a Namespace ID (1 = REALM) and an operator name ## so people know where the request came from and who to should at if there are problems ## we could carry this between servers if we ever needed to have multiple realms #request:Operator-Name := "1bristol.ac.uk" ... just kidding :) request:Operator-Name := "1bath.ac.uk" } } if (&request:NAS-Identifier =~ /^govroam$/) { ## send it to janets govroam servers update { control:Load-Balance-Key := &Calling-Station-ID control:Proxy-To-Realm := 'PROXY-JANET-GOVROAM' request:Realm := 'PROXY-JANET-GOVROAM' ## RFC5580 says that we should be nice and send a Namespace ID (1 = REALM) and an operator name ## so people know where the request came from and who to should at if there are problems ## we could carry this between servers if we ever needed to have multiple realms #request:Operator-Name := "1bristol.ac.uk" ... just kidding :) request:Operator-Name := "1bath.ac.uk" } }
Many thanks to Matt Richards from Bath University for this.
siteadmin/freeradius_useful_configuration.txt · Last modified: 2020/02/05 17:17 by admin