Re: Server switch
On Tue, Mar 26, 2013 at 10:53:36AM +0100, Emmanuel BILLOT wrote: Considering request show lines like Called-Station-Id = C0-8A-DE-3D-B4-09:TEST or Called-Station-Id = C0-8A-DE-3D-B4-09:WIFI where TEST and WIFI are the SSID concerned. How can we route request to different ports of the server (so instances) by using this ? I mean when SSID is TEST, request is redirected to local instance on port 1820, and when SSID is WIFI, request is redirected to local instance on port 1821 ? Set up proxy.conf with entries for the right ports, then you should be able to do something like (example, untested): authorize { if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) { update control { Tmp-String-0 := %{1} } } switch %{Tmp-String-0} { case 'TEST' { update control { Proxy-To-Realm := testproxy } } case 'WIFI' { update control { Proxy-To-Realm := wifiproxy } } ... } } This should work between different servers; I'm not sure if you'll hit the only one internal proxy limit on one server. Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server switch
Set up proxy.conf with entries for the right ports, then you should be able to do something like (example, untested): authorize { if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) { update control { Tmp-String-0 := %{1} } } switch %{Tmp-String-0} { case 'TEST' { update control { Proxy-To-Realm := testproxy } } case 'WIFI' { update control { Proxy-To-Realm := wifiproxy } } ... } } This should work between different servers; I'm not sure if you'll hit the only one internal proxy limit on one server. Matthew How about hyphen SSID ? ex : WIFI-TEST I failed in writing regex for it... Any idea ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server switch
Set up proxy.conf with entries for the right ports, then you should be able to do something like (example, untested): authorize { if (Calling-Station-Id =~ /^.*:([a-zA-Z]+)$/) { update control { Tmp-String-0 := %{1} } } switch %{Tmp-String-0} { case 'TEST' { update control { Proxy-To-Realm := testproxy } } case 'WIFI' { update control { Proxy-To-Realm := wifiproxy } } ... } } This should work between different servers; I'm not sure if you'll hit the only one internal proxy limit on one server. Matthew Using a wide filter capture i get rad_recv: Access-Request packet from host 172.23.255.199 port 56097, id=53, length=232 User-Name = nag...@ac-orleans-tours.fr Calling-Station-Id = 8C-77-12-53-62-0E NAS-IP-Address = 172.23.255.199 NAS-Port = 16 Called-Station-Id = C0-8A-DE-FA-E9-58:WIFI-ACAD Service-Type = Framed-User Framed-MTU = 1400 NAS-Port-Type = Wireless-802.11 NAS-Identifier = C0-8A-DE-FA-E9-58 Connect-Info = CONNECT 802.11g/n EAP-Message = 0x021f016e6167696f734061632d6f726c65616e732d746f7572732e6672 Vendor-25053-Attr-3 = 0x574946492d41434144 Message-Authenticator = 0xc6f0db77bf6435b74051b3b3db278ca3 # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++? if (Called-Station-Id =~ /^.*:(.*)$/) ? Evaluating (Called-Station-Id =~ /^.*:(.*)$/) - TRUE ++? if (Called-Station-Id =~ /^.*:(.*)$/) - TRUE ++- entering if (Called-Station-Id =~ /^.*:(.*)$/) {...} +++[control] returns notfound ++- if (Called-Station-Id =~ /^.*:(.*)$/) returns notfound expand: %{Tmp-String-0} - ++- entering switch %{Tmp-String-0} {...} +++- switch %{Tmp-String-0} returns notfound ++- group authorize returns notfound ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server switch
On Tue, Mar 26, 2013 at 02:20:40PM +0100, Emmanuel BILLOT wrote: How about hyphen SSID ? ex : WIFI-TEST I failed in writing regex for it... if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) { Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server switch
Le 26/03/2013 14:45, Matthew Newton a écrit : On Tue, Mar 26, 2013 at 02:20:40PM +0100, Emmanuel BILLOT wrote: How about hyphen SSID ? ex : WIFI-TEST I failed in writing regex for it... if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) { Matthew Thanks it seems to be ok. Proxy should resent request to virtual server so it should work. But now i have authorize { if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) { update control { Tmp-String-0 := %{1} } } switch %{Tmp-String-0} { case 'WIFI-ACAD' { update control { Proxy-To-Realm := ACAD } } case 'WIFI-ELEVES' { update control { Proxy-To-Realm := acad } } } } and result is # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++? if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) ? Evaluating (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) - TRUE ++? if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) - TRUE ++- entering if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) {...} expand: %{1} - WIFI-ACAD +++[control] returns notfound ++- if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) returns notfound expand: %{Tmp-String-0} - ++- entering switch %{Tmp-String-0} {...} +++- switch %{Tmp-String-0} returns notfound ++- group authorize returns notfound ERROR: No authenticate method (Auth-Type) found for the request: Rejecting the user Failed to authenticate the user. Using Post-Auth-Type Reject # Executing group from file /etc/raddb/sites-enabled/default +- entering group REJECT {...} - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server switch
On Tue, Mar 26, 2013 at 02:24:21PM +0100, Emmanuel BILLOT wrote: # Executing section authorize from file /etc/raddb/sites-enabled/default +- entering group authorize {...} ++? if (Called-Station-Id =~ /^.*:(.*)$/) ? Evaluating (Called-Station-Id =~ /^.*:(.*)$/) - TRUE ++? if (Called-Station-Id =~ /^.*:(.*)$/) - TRUE ++- entering if (Called-Station-Id =~ /^.*:(.*)$/) {...} +++[control] returns notfound if (Calling-Station-Id =~ /^.*:([a-zA-Z-]+)$/) { update control { Tmp-String-0 := %{1} } } Put quotes around the %{1}. I said it wasn't tested :) Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server switch
On 26/03/2013 13:52, Emmanuel BILLOT wrote: authorize { if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) { update control { Tmp-String-0 := %{1} } } switch %{Tmp-String-0} { That needs to be: switch %{control:Tmp-String-0} { - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server switch
On Tue, Mar 26, 2013 at 02:52:48PM +0100, Emmanuel BILLOT wrote: Thanks it seems to be ok. Proxy should resent request to virtual server so it should work. But now i have authorize { if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) { update control { use instead: update request { Tmp-String-0 := %{1} } } It was an *untested example*. But now I've actually had to go and test it, this works here: authorize { if (Called-Station-Id =~ /^.*:([a-zA-Z-]+)$/) { update request { Tmp-String-0 := %{1} } } switch %{Tmp-String-0} { case 'TEST' { update control { Proxy-To-Realm := testproxy } } case 'WIFI' { update control { Proxy-To-Realm := wifiproxy } } } } Matthew -- Matthew Newton, Ph.D. m...@le.ac.uk Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, ith...@le.ac.uk - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Server switch
Le 26/03/2013 15:05, Phil Mayers a écrit : On 26/03/2013 13:52, Emmanuel BILLOT wrote: authorize { if (Called-Station-Id =~ /^.*:([-a-zA-Z]+)$/) { update control { Tmp-String-0 := %{1} } } switch %{Tmp-String-0} { That needs to be: switch %{control:Tmp-String-0} { - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html That's all working ! Thanks a lot !!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html