我需要一些关于 freeradius 代理配置的建议。
代理在“简单”配置中工作正常(使用单个目标服务器或每个域具有单个目标),但我需要按其源地址转发数据包,因为在任何情况下,域都是相同的。
因此,如果用户“john@REALM”来自 ip addr 10.20.30.40,则代理应将数据包转发到 SERVER-A;如果同一用户“john@REALM”来自 ip addr 40.30.20.10,则代理应将数据包转发到 SERVER-B。
提前感谢您的任何建议/想法,Gianluca
问问题
1624 次
1 回答
0
split_username_nai
if (Stripped-User-Domain == 'REALM') {
switch "%{Packet-Src-IP-Address}" {
case 10.20.30.40 {
update control {
Proxy-To-Realm := 'SERVER-A'
}
}
case 40.30.20.10 {
update control {
Proxy-To-Realm := 'SERVER-B'
}
}
}
}
split_username_nai is a policy which is in the default configuration of the server, it'll break apart a username string into Stripped-User-Name and Stripped-User-Domain.
We check the value of Stripped-User-Domain, to see that it's 'REALM' then switch over the Src-IP-Address of the RADIUS packet (this could be any attribute, like NAS-IP-Address or Called-Station-ID), and set the Proxy-To-Realm attribute appropriately.
After the request leaves the authorize section, the server will proxy the request to the appropriate realm.
于 2014-09-09T13:47:53.587 回答