RE: Reals Based Upon Port
Thanks for the reply, here is what I am trying to do External Servers Send Requests To - 1812,1813 --- FreeRadiusd -- Backend_Servers_Set01 (1812,1813) External Servers Send Requests To - 1815,1816 -- FreeRadiusd -- Backend_Servers_Set02 (1815,1816) I guess I am not sure where the listen section goes? Maybe I removed it from my proxy.conf file? -Original Message- From: freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org [mailto:freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Thursday, December 16, 2010 3:07 AM To: FreeRadius users mailing list Subject: Re: Reals Based Upon Port Brian Carpio wrote: I'm pretty clear on how I would add a new home_server_pool called like alt-server-balance with the other two home_servers defined which listen on the 1815,1816 the part I am confused about is how to define the new realm, since I'm using DEFAULT to send all traffic to server-balance how do I define a new realm which will accept traffic on 1815,1816 and send it to alt-server-balance. I hope that makes sense. No. You've confused *incoming* connections with *outgoing* connections. Realms allow you to send packets to outgoing connections. Realms do *not* accept traffic. You're stuck on implementing a particular solution. Instead, focus on the problem. It will usually be easier than you think. Draw a diagram of how you want packets to flow in/out of the server. Incoming packets require a listen section. Outgoing packets require a home_server definition. The glue in between is the realms, and/or the policies you want to configure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Reals Based Upon Port
Hmm my line breaks where removed from my email External Servers Send Requests To - 1812,1813 --- FreeRadiusd -- Backend_Servers_Set01 (1812,1813) External Servers Send Requests To - 1815,1816 -- FreeRadiusd -- Backend_Servers_Set02 (1815,1816) Lets try agian -Original Message- From: freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org [mailto:freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org] On Behalf Of Brian Carpio Sent: Friday, December 17, 2010 9:10 AM To: FreeRadius users mailing list Subject: RE: Reals Based Upon Port Thanks for the reply, here is what I am trying to do External Servers Send Requests To - 1812,1813 --- FreeRadiusd -- Backend_Servers_Set01 (1812,1813) External Servers Send Requests To - 1815,1816 -- FreeRadiusd -- Backend_Servers_Set02 (1815,1816) I guess I am not sure where the listen section goes? Maybe I removed it from my proxy.conf file? -Original Message- From: freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org [mailto:freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Thursday, December 16, 2010 3:07 AM To: FreeRadius users mailing list Subject: Re: Reals Based Upon Port Brian Carpio wrote: I'm pretty clear on how I would add a new home_server_pool called like alt-server-balance with the other two home_servers defined which listen on the 1815,1816 the part I am confused about is how to define the new realm, since I'm using DEFAULT to send all traffic to server-balance how do I define a new realm which will accept traffic on 1815,1816 and send it to alt-server-balance. I hope that makes sense. No. You've confused *incoming* connections with *outgoing* connections. Realms allow you to send packets to outgoing connections. Realms do *not* accept traffic. You're stuck on implementing a particular solution. Instead, focus on the problem. It will usually be easier than you think. Draw a diagram of how you want packets to flow in/out of the server. Incoming packets require a listen section. Outgoing packets require a home_server definition. The glue in between is the realms, and/or the policies you want to configure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reals Based Upon Port
Brian Carpio wrote: Thanks for the reply, here is what I am trying to do External Servers Send Requests To - 1812,1813 --- FreeRadiusd -- Backend_Servers_Set01 (1812,1813) External Servers Send Requests To - 1815,1816 -- FreeRadiusd -- Backend_Servers_Set02 (1815,1816) I guess I am not sure where the listen section goes? radiusd.conf.Or, read raddb/sites-available/README Maybe I removed it from my proxy.conf file? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Reals Based Upon Port
/ end radiusd.conf - What would happen is that the radiusd requests wheren't being proxies any more, freeradius was trying to authenticate the user --- output from radiusd -X rad_recv: Access-Request packet from host 192.168.180.110 port 58754, id=13, length=112 User-Name = tuser10104 User-Password = password Calling-Station-Id = 00-90-4b-13-a3-8a Acct-Session-Id = 1000 Framed-IP-Address = 70.3.0.99 Cisco-Service-Info = Time 0, Content 0 NAS-IP-Address = 192.168.181.29 server default { WARNING: Empty section. Using default return values. No authenticate method (Auth-Type) configuration found for the request: Rejecting the user Failed to authenticate the user. } # server default Using Post-Auth-Type Reject WARNING: Unknown value specified for Post-Auth-Type. Cannot perform requested action. Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 13 to 192.168.180.110 port 58754 Waking up in 4.9 seconds. Cleaning up request 0 ID 13 with timestamp +20 Ready to process requests. end output - I even tried to add virtual_server = default to the proxy.conf but that didn't seem to work either... Sorry I am probably making this more difficult then it needs to be, but again I simply want to use freeradius as a load balancer / proxy server. Thanks, Brian Carpio -Original Message- From: freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org [mailto:freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, December 17, 2010 9:31 AM To: FreeRadius users mailing list Subject: Re: Reals Based Upon Port Brian Carpio wrote: Thanks for the reply, here is what I am trying to do External Servers Send Requests To - 1812,1813 --- FreeRadiusd -- Backend_Servers_Set01 (1812,1813) External Servers Send Requests To - 1815,1816 -- FreeRadiusd -- Backend_Servers_Set02 (1815,1816) I guess I am not sure where the listen section goes? radiusd.conf.Or, read raddb/sites-available/README Maybe I removed it from my proxy.conf file? No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reals Based Upon Port
Brian Carpio wrote: Thanks for your help Alan, but I think I am not giving you the right information.. (that or I don't understand the README) So we are using freeradius for proxying requests to different backend servers only (basically using freeradius as a load balancer), we aren't using it to actually authenticate users at all, when we simply wanted to listen on 1812 and 1813 and proxy to multiple home_servers on 1812 and 1813 everything works fine So set Proxy-To-Realm manually. The virtual server sections need to be little more than: server x { listen { type = ... ipaddr = ... } authorize { update control { Proxy-To-Realm := 'x } } preacct { update control { Proxy-To-Realm := 'x } } } Really. That's *it*. Fill in the listen config. Define the realms, and use the ~20 lines of text above. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Reals Based Upon Port
Thanks this is working perfectly now! -Original Message- From: freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org [mailto:freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Friday, December 17, 2010 1:32 PM To: FreeRadius users mailing list Subject: Re: Reals Based Upon Port Brian Carpio wrote: Thanks for your help Alan, but I think I am not giving you the right information.. (that or I don't understand the README) So we are using freeradius for proxying requests to different backend servers only (basically using freeradius as a load balancer), we aren't using it to actually authenticate users at all, when we simply wanted to listen on 1812 and 1813 and proxy to multiple home_servers on 1812 and 1813 everything works fine So set Proxy-To-Realm manually. The virtual server sections need to be little more than: server x { listen { type = ... ipaddr = ... } authorize { update control { Proxy-To-Realm := 'x } } preacct { update control { Proxy-To-Realm := 'x } } } Really. That's *it*. Fill in the listen config. Define the realms, and use the ~20 lines of text above. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reals Based Upon Port
Brian Carpio wrote: I'm pretty clear on how I would add a new home_server_pool called like alt-server-balance with the other two home_servers defined which listen on the 1815,1816 the part I am confused about is how to define the new realm, since I'm using DEFAULT to send all traffic to server-balance how do I define a new realm which will accept traffic on 1815,1816 and send it to alt-server-balance. I hope that makes sense. No. You've confused *incoming* connections with *outgoing* connections. Realms allow you to send packets to outgoing connections. Realms do *not* accept traffic. You're stuck on implementing a particular solution. Instead, focus on the problem. It will usually be easier than you think. Draw a diagram of how you want packets to flow in/out of the server. Incoming packets require a listen section. Outgoing packets require a home_server definition. The glue in between is the realms, and/or the policies you want to configure. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Reals Based Upon Port
So I am still a bit confused by this (I'm just now getting back to this issue). So I have the following setup: - Radiusd Server -- 2 home_servers listening on 1812 and 1813 -- 2 home_servers listening on 1815 and 1816 In my proxy.conf I have the following: proxy server { default_fallback = no } home_server server01 { type = auth+acct ipaddr = server01 port = 1812,1813 secret = s3cret require_message_authenticator = no response_window = 20 zombie_period = 10 status_check = request username = t...@test.com password = s3cret check_interval = 5 num_answers_to_alive = 3 } home_server server02 { type = auth+acct ipaddr = server02 port = 1812,1813 secret = s3cret require_message_authenticator = no response_window = 20 zombie_period = 10 status_check = request username = t...@test.com password = s3cret check_interval = 5 num_answers_to_alive = 3 } home_server_pool server-balance { type = load-balance home_server = server01 home_server = server02 } realm DEFAULT { pool = server-balance nostrip } I'm pretty clear on how I would add a new home_server_pool called like alt-server-balance with the other two home_servers defined which listen on the 1815,1816 the part I am confused about is how to define the new realm, since I'm using DEFAULT to send all traffic to server-balance how do I define a new realm which will accept traffic on 1815,1816 and send it to alt-server-balance. I hope that makes sense. Thanks, Brian Carpio -Original Message- From: freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org [mailto:freeradius-users-bounces+bcarpio=broadhop@lists.freeradius.org] On Behalf Of Alan DeKok Sent: Wednesday, August 18, 2010 7:09 PM To: FreeRadius users mailing list Subject: Re: Reals Based Upon Port Brian Carpio wrote: Currently I am using freeradius2-2.1.8-2 to load balance radius traffic between two hosts, I have a single realm DEFAULT setup which proxies the radius traffic between the two servers and that works great, however now I have an unusual need to proxy auth/acct radius traffic to non standard ports and I'm unsure how (or even it's even possible) to setup a new realm which is based on destination port for instance. Read raddb/proxy.conf. Look for port. This is documented. - NOTE: Traffic coming into freeradius on 1815/1816 will be sent to this Alt realm... Set up a virtual server to handle requests sent to those ports. See raddb/sites-available/README I am just wondering if this is possible. Or if I would need to setup another instance of freeradius with its own configuration to do this alternative ports setup. No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reals Based Upon Port
Hi, Currently I am using freeradius2-2.1.8-2 to load balance radius traffic between two hosts, I have a single realm DEFAULT setup which proxies the radius traffic between the two servers and that works great, however now I have an unusual need to proxy auth/acct radius traffic to non standard ports and I'm unsure how (or even it's even possible) to setup a new realm which is based on destination port for instance. Default Server 1 - Auth/Acct - Port 1812,1813 Default Server 2 - Auth/Acct - Port 1812,1813 Pool Default - Default Server 1 - Default Server 2 Realm Default - Pool Default - NOTE: Traffic coming into freeradius on the standard 1812/1813 ports will be sent to this default realm (which I have working perfectly now) Up to this point I have it all working Alt Server 1 - Auth/Acct - Port 1815/1816 Alt Server 2 - Auth/Acct - Port 1815/1816 Pool Alt - Alt Server 1 - Alt Server 2 Realm Alt - Pool Alt - NOTE: Traffic coming into freeradius on 1815/1816 will be sent to this Alt realm... I am just wondering if this is possible. Or if I would need to setup another instance of freeradius with its own configuration to do this alternative ports setup. Thanks a lot! Brian Carpio Senior Systems Engineer Office: +1.303.962.7242 Mobile: +1.720.319.8617 Email: bcar...@broadhop.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Reals Based Upon Port
Brian Carpio wrote: Currently I am using freeradius2-2.1.8-2 to load balance radius traffic between two hosts, I have a single realm DEFAULT setup which proxies the radius traffic between the two servers and that works great, however now I have an unusual need to proxy auth/acct radius traffic to non standard ports and I'm unsure how (or even it's even possible) to setup a new realm which is based on destination port for instance. Read raddb/proxy.conf. Look for port. This is documented. - NOTE: Traffic coming into freeradius on 1815/1816 will be sent to this Alt realm... Set up a virtual server to handle requests sent to those ports. See raddb/sites-available/README I am just wondering if this is possible. Or if I would need to setup another instance of freeradius with its own configuration to do this alternative ports setup. No. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html