[RADIATOR] Loading configuration dynamically from SQL database
Remco van Noorloos
rvannoorloos at proxsys.nl
Thu Apr 7 04:58:43 CDT 2011
Good morning,
Today I installed an evaluation version of Radiator and I'm trying to configure it in a way that matches the procedure of our current RADIUS server.
What happens in the current environment with an incoming RADIUS Request is the following:
1) A so-called 'Realm' is selected based on the username. It first searches for a record with the complete username (user at domain.ext). If this doesn't exist it uses the last portion of the username (everything after the '@'). The realm to select is in an SQL database. An SQL query is executed with the username as parameter to determine the realm. (Realms include realmRADIUS / realmLDAP / realmSQL, in fact the different authentication backends used).
2) After the realm is determined, the user is authenticated based on attributes like NAS-Port-Type, Service-Type, Username and Password. For example, if the realmLDAP is selected the user is authenticated against an LDAP backend. The settings for the LDAP server to authenticate by is stored in the same SQL database. Again, an SQL query is used to retrieve the LDAP server, LDAP bind user, LDAP search filter (and so on) with parameters gathered from the RADIUS request. Also group membership check using LDAP is performed.
The same method is used for the realmRADIUS (which uses a query to retrieve RADIUS server details like shared secret instead of LDAP server details).
realmSQL uses an SQL database to authenticate with.
3) After the user gets authenticated other SQL queries are run to generate RADIUS attributes which are added to the Access-Accept message.
So, what am I looking for? I'd like to reproduce the scenario above in Radiator.
- I haven't find a way to dynamically determine the Realm (or Handler?) to use based on the properties described in step 1.
- If a realm/handler gets selected, I'd like to dynamically set the properties to use (for example the LDAP server and filter) for that specific request based on information from an SQL database. The way I see it at the moment is that I need to create Handlers for all LDAP servers / RADIUS servers and other domains. Since I'd like to get this information from the database where it is in now, I doubt it is a good idea to add all these Handlers to the config file. Is there a way to get this info from a database?
I hope you can help me out with these question and I look forward hearing from you.
Best regards,
PROXSYS*
Remco van Noorloos
More information about the radiator
mailing list