Project

General

Profile

Actions

Bug #11802

open

FreeRADIUS sync

Added by Michael Schefczyk almost 2 years ago. Updated almost 2 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
FreeRADIUS
Target version:
-
Start date:
04/12/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:

Description

freeradius3 0.15.7_30 seems to have changed the XMLRPC Sync behavior in a recent update. This leads to the issue that - unlike before - interfaces configuration is now included in the sync with no way to disable that. If one uses Sync to align users across locations, this is not helpful, because the interface IPs in the secondary location(s) will be different. In addition, it sees that the settings under EAP -> Certificates for TLS are no longer synced correctly. Whenever I change a user in the primary location, I now - unlike before - need to manually restate the interfaces and the certificate information in the secondary location. It would be great, if syncing the interface IP configuration was optional and if certificate information was just left intact.

Actions #1

Updated by Cullen Trey almost 2 years ago

Hello,

as an idea to solve the different wishes of pfSense users, one could make the sections configurable per sync ip.

Sync in FreeRadius has at least these two use cases:

1. Sync everything to the second ha pfSense node (mode now in 0.15.7_30)
2. Sync users to every pfSense router in our company network (mode before 0.15.7_30, because only users and clients were synced)

In order two solve all the issues, why not specify per sync IP, what is synced? Like

- All
- Users
- Clients
- Users + Clients
- …

I would only need, the option All and Users.

Actions

Also available in: Atom PDF