Multiple Daloradius Instances With One Freeradius

[Gomez1996]

Hello,

I am working on a project where I need to set up multiple instances of daloRADIUS, each running on a separate subdomain, and all of them authenticating through a single FreeRADIUS server. While setting up multiple instances of daloRADIUS is straightforward, I am encountering challenges in ensuring that each daloRADIUS instance has segregated data, relevant only to its specific subdomain.

Here's the context of what I'm trying to achieve:

Multiple ISPs/Subdomains: Each daloRADIUS instance corresponds to a different ISP or subdomain. Single FreeRADIUS Server: All daloRADIUS instances authenticate through a single FreeRADIUS server. Data Isolation: Each daloRADIUS instance should only access and manage data relevant to its specific subdomain/ISP, without any overlap. I am looking for guidance or suggestions on how to configure the database and FreeRADIUS server to ensure data isolation among the multiple daloRADIUS instances. Specifically, I would like to know:

How to structure the database(s) to facilitate segregated data management for each daloRADIUS instance. Any necessary modifications to the FreeRADIUS configuration that would be required to handle this setup. Best practices or considerations to keep in mind for maintaining security and performance in such a setup. Any insights, suggestions, or examples of similar implementations would be greatly appreciated.

Thank you!

[filippolauria]

If I have correctly understood what you're trying to achieve, I don't see an easy way of doing it with daloRADIUS.

The fact is that daloRADIUS permission management system focuses on actions (not data): if an operator is allowed to "list users" they will be able to list all users. Consider also that for each working instance (freeRADIUS+daloRADIUS, named location in daloRADIUS) a single database (raddb, in the official installation guide) that contains both freeRADIUS and daloRADIUS tables is needed.