[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: 3.2.0: dynamic_home_servers ?
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2022-06-01 13:14:39
Message-ID: D58EA829-B1E0-4BB9-B7D3-C5164BA4A0A6 () deployingradius ! com
[Download RAW message or body]

On May 31, 2022, at 11:17 AM, Stefan Winter <stefan.winter@restena.lu> wrote:
> so the whole test
> 
> > %{home_server_dynamic:%{1}} |
> 
> really means "does a home_server with the stanza name %{1} exist, either in the \
> list of home_servers defined in proxy.conf -> expands to 0; or in the \
> home_servers/* list -> expands to 1; or nowhere -> expands to <nothing>.

  Yes.

> So I'd have to rename my server_x home_server stanzas inside realms.conf to the \
> realm they serve to make that match, and get my "case 0" out of it.

  That should work, yes.

> Real life has the complication though that one such home_server serves multiple \
> realms. But the stanza can have only one name. I guess so long as stanzas with \
> different names (=matching realms) can exist with the same destination server IP \
> inside, that can be done. But then still this is not as flexible as realms.conf, \
> e.g. regex realm matches are missing etc. (and not having a _pool hurts too)

  That is definitely a problem.  The dynamic home servers are just that... home \
servers, and only home servers.  :(

  For now it's too hard to add dynamic pools of home servers.  And I don't think \
there's ever a reason to mix statically defined home servers, and dynamically defined \
home servers for the same realm / pool.

> So, the workaround I referred to earlier, about checking whether suffix has already \
> found something and then not going dynamic, is maybe the better option after all.

  Yes.

  If there are additional features which could help, that's easy enough to add.  \
Maybe perhaps relaxing the restrictions on home server names, and then adding some \
new configuration which says "this home server is for realm FOO".   Even something \
like the following might work:

* add a list of dynamically mapped realms -> home servers.  The home servers can be \
named anything

* read in a dynamic home server from raddb/home_servers/,
  * the filename is the realm / domain name
  * the "home_server NAME { ... }" can be anything, we don't care about it

* there can be multiple soft links to the same file, in which case each filename maps \
to a realm, which uses the same home server.


  I think that's compatible with the existing scheme.  And should be a bit more \
useful.

  It still doesn't get pools of home servers, or failover, but it is a step forwards.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]