Hello, I'm trying to port a configuration from FreeRadius to tac_plus-ng. The FreeRadius server has several
virtual servers that each have their own unique LDAP configurations. Each NAS request gets assigned to a virtual server based on the NAS IP/subnet. This is all done on the same listening port. I'm trying to find a way to replicate this behavior in tac_plus-ng.
To avoid misconfiguration on the NAS side influencing the "virtual server" selection, I would like to point all NAS devices to the same server IP/port.
I came up with a possible solution of configuring multiple realms with each listening on a different port, then using iptables to modify the destination port of incoming requests based on the source IP. I believe this is similar to what HAProxy would do. Whether I use iptables or HAProxy though, I believe this adds an additional layer of configuration: iptables/HAProxy would need to be configured separately from tac-plus_ng. This configuration would be rather fragile because I have to account for various one-off legacy equipment that needs to be pointed to a specific realm. I could write a script to generate the proxying configuration based on my tac-plus_ng devices configurations, but all this additional complexity leaves me wondering if there's a better solution.
Any help is much appreciated.
Carter