Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

rlm_realm(5) [debian man page]

rlm_realm(5)							 FreeRADIUS Module						      rlm_realm(5)

NAME

       rlm_realm - FreeRADIUS Module

DESCRIPTION

       The  rlm_realm module parses the User-Name attribute into a User section and a Realm section.  This is used primarily in a proxy situation,
       however, Realms can also be used locally to provide different service profiles based on the Realm being used.

       The main configuration items to be aware of are:

       format This can be either 'prefix' or 'suffix'.	It specifies whether the Realm is before or  after  the  User  portion	in  the  User-Name
	      string.

       delimiter
	      A single character in quotes, which is used as the delimiting character that separates the Realm and User sections of the string.

       ignore_default
	      This  is	set  to  either  'yes'	or 'no'.  If set to 'yes', this will prevent the module instance from matching a realm against the
	      DEFAULT entry.  This may be useful if you have multiple realm module instances.  The default is 'no'.

       ignore_null
	      This is set to either 'yes' or 'no'.  If set to 'yes', this will prevent the module instance from matching a realm against the  NULL
	      entry.  This may be useful if you have multiple realm module instances.  The default is 'no'.

       This  module  parses  the  realm from the User-Name attrbiute according to the instance configuration, and then performs a lookup to find a
       matching realm in the '/etc/raddb/proxy.conf' file.  Depending on the configuration of the Realm as matched in the file, the  username  may
       be  rewritten  in  a  'stripped'  format, or with the Realm portion removed.  In either case, a Realm attribute is created and added to the
       packet on a match, which can be used by other modules.

CONFIGURATION

       modules {
	 ... stuff here ...
	 # useranme@realm syntax
	 realm suffix {
	   format = suffix
	   delimiter = "@"
	 }
	  # realm/username syntax
	  realm prefix {
	   format = prefix
	   delimiter = "/"
	 }
	 ... stuff here ...
       }

SECTIONS

       authorization, pre-accounting

FILES

       /etc/raddb/radiusd.conf, /etc/raddb/proxy.conf

SEE ALSO

       radiusd(8), radiusd.conf(5), proxy.conf(5)

AUTHORS

       Chris Parker, cparker@segv.org

								   14 March 2004						      rlm_realm(5)

Check Out this Related Man Page

rlm_files(5)							 FreeRADIUS Module						      rlm_files(5)

NAME

       rlm_files - FreeRADIUS Module

DESCRIPTION

       The  rlm_files  module  uses  the 'users' file for accessing authorization information for users.  Additionally, it supports a 'users' file
       syntax to be applied to the accounting and pre-proxy sections.

       The main configuration items to be aware of are:

       usersfile
	      The filename of the 'users' file, which is parsed during the authorization stage of this module.

       acctusersfile
	      The filename of the 'users' file, which is parsed during the accounting stage of this module.

       preproxy_usersfile
	      The filename of the 'users' file, which is parsed during the pre_proxy stage of this module.

       compat This option allows FreeRADIUS to parse an old style Cistron syntax.  The default is 'no'.  If you need to parse an old style Cistron
	      file, set this option to 'cistron'.

       key    This option lets you set the attribute to use as a key to find entries.  The default is "%{Stripped-User-Name:-%{User-Name}}".  Note
	      that the key MUST supply real data.  Dynamic attributes like "Group" will not work, because the "Group" attribute can only  be  used
	      as a comparison, to see if a user is in a Unix group.  It will not return the name of the Unix group that a user is in.

       If you want to use groups as a key, see the rlm_passed, which will create a real attribute that contains the group name.

       This configuration entry enables you to have configurations that perform per-group checks, and return per-group attributes, where the group
       membership is dynamically defined by a previous module.	It also lets you do things like key off of attributes in the  reply,  and  express
       policies like like "when I send replies containing attribute FOO with value BAR, do more checks, and maybe send additional attributes".

CONFIGURATION

       modules {
	 ... stuff here ...
	 files {
	   usersfile = %{confdir}/users
	   acctusersfile = %{confdir}/acct_users
	   preproxy_usersfile = %{confdir}/preproxy_users
	   compat = no
	   key = %{Stripped-User-Name:-%{User-Name}}
	 }
	 ... stuff here ...
       }

SECTIONS

       authorization, accounting, pre_proxy

FILES

       /etc/raddb/radiusd.conf, /etc/raddb/users, /etc/raddb/acct_users, /etc/raddb/preproxy_users

SEE ALSO

       radiusd(8), radiusd.conf(5), users(5)

AUTHORS

       Chris Parker, cparker@segv.org

								  5 February 2004						      rlm_files(5)
Man Page