Govroam

The Roaming solution for the public sector

User Tools

Site Tools

You are here: start » siteadmin » basic_freeradius_orps_configuration
siteadmin:basic_freeradius_orps_configuration

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
siteadmin:basic_freeradius_orps_configuration [2022/09/05 13:38] adminsiteadmin:basic_freeradius_orps_configuration [2024/11/21 15:00] (current) admin
Line 6: Line 6:
   * mods-available -> govroam_logs   * mods-available -> govroam_logs
  
-Delete any other links in the sites-enabled directory ('status' can be left/added if you're allowing status checks). Attempting to run 'govroam' and 'default' will likely result in problems stating the RADIUS server.+Delete any other links in the sites-enabled directory ('status' can be left/added if you're allowing status checks). Attempting to run 'govroam' and 'default' will likely result in problems starting the RADIUS server.
  
 ===clients.conf:=== ===clients.conf:===
Line 31: Line 31:
         secret = something         secret = something
         ipaddr = 10.10.10.31         ipaddr = 10.10.10.31
-        operator = "localidp1."+        operator = "1localnet"
 } }
  
Line 46: Line 46:
  
 # Realms that don't match any other listed send to the pool of govroam servers # Realms that don't match any other listed send to the pool of govroam servers
-realm "~.+$" {+realm "~^[^@\]([a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}$" {
     auth_pool = govroam     auth_pool = govroam
     nostrip     nostrip
Line 85: Line 85:
         port = 1812         port = 1812
         type = auth         type = auth
-        operator = "localidp1"+        operator = "1localnet"
  
 } }
Line 103: Line 103:
         authorize {         authorize {
                 preprocess                 preprocess
-                update request { +                update request {  
-                        Operator-Name := 1your.domain # Adds the Operator Name attribute to the request.+                        Operator-Name = 1your.domain # Adds the Operator Name attribute to the request, if it doesn't already exist.
                 }                 }
                 auth_log                 auth_log
Line 127: Line 127:
                 # Lots of logging                 # Lots of logging
                 reply_log                 reply_log
- if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS") {+                # Only send F-TICKS to Jisc when proxying between sites. 
 + if ( "%{home_server:operator}" != "NRPS" && "%{client:operator}" != "NRPS" && "%{request:Called-Station-Id}" =~ /:govroam$/) {
     f_ticks     f_ticks
  }  }
Line 156: Line 157:
  
 <code> <code>
-# F-TICKS+# F-TICKS - only appropriate for Regional Federation Operators
 linelog f_ticks { linelog f_ticks {
         filename = syslog         filename = syslog
         format = ""         format = ""
         reference = "f_ticks.%{%{reply:Packet-Type}:-format}"         reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
-f_ticks { +        f_ticks { 
-              Access-Accept ="F-TICKS/govroam/1.0#REALM=%{Realm}#VISCOUNTRY=GB#VISINST=%{Operator-Name}#CSI=%{Calling-Station-Id}#RESULT=OK#FEDID=XX#" # Replace XX with your supplied ID +              Access-Accept ="F-TICKS/govroam/1.0#REALM=%{Realm}#VISCOUNTRY=GB#VISINST=%{Operator-Name}#CSI=%{Calling-Station-Id}#RESULT=OK#FEDID=XX#" # Replace XX with your supplied ID,
- +
-}+
  
 +        }
  
  
Line 216: Line 216:
 </code> </code>
  
 +Once configured you can test using [[public:Testing Tools|eapol_test]]
siteadmin/basic_freeradius_orps_configuration.1662385099.txt.gz · Last modified: 2022/09/05 13:38 by admin