Robert Roll <robert.r...@utah.edu> wrote: > > I'd like to try load balancing EAP/PEAP/MSCHAPV2 using freeradius. I > looked at the proxy.conf and it seems that there are two options, > because you have to insure the same end client talks to the same > radius server. There seems to be client-balance that uses IP source > addresses and there is Load-Balance-Key something like > > update control { > Load-Balance-Key := "%{NAS-IP-Address} %{NAS-Port} %{User-Name} > %{Calling-Station-ID}" > } > > Currently, we have a Radiator server that uses client mac-addresses for this > purpose. If I do > want to use the Load-Balance-Key, I'm honestly not sure where to put the > update of the > Load-Balance-Key.. Does it go in the proxy.conf ? > Straight into your 'authorize' section, as close to the top as you like/can. The following is roughly what we use, we only do it for 'Realm == DEFAULT' as that is for our 'eduroam'ing userbase: ---- authorize { preprocess
suffix [unlang/policy that is used for *all* packets] eap { ok = return } # done after eap so we find can record what guests are using if (Realm == DEFAULT) { update control { Load-Balance-Key := "%{NAS-IPv6-Address} %{NAS-IP-Address} %{NAS-Port} %{User-Name} %{Calling-Station-Id}" } # break out of 'authorize' early to spare CPU cycles handled } [unlang/policy that is used for all *non-proxied* packets] } ---- Cheers -- Alexander Clouter .sigmonster says: People who push both buttons should get their wish. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html