rlm_realm

Section: FreeRADIUS Module (5)
Updated: 19 May 2006
Index Return to Main Contents
 

NAME

rlm_realm - FreeRADIUS Module  

DESCRIPTION

The rlm_realm module parses the User-Name attribute into a User section and a Realm section. This is used primarily in a proxy situation, however, Realms can also be used locally to provide different service profiles based on the Realm being used.

The main configuration items to be aware of are:

format
This can be either 'prefix' or 'suffix'. It specifies whether the Realm is before or after the User portion in the User-Name string.
delimiter
A single character in quotes, which is used as the delimiting character that separates the Realm and User sections of the string.
ignore_default
This is set to either 'yes' or 'no'. If set to 'yes', this will prevent the module instance from matching a realm against the DEFAULT entry. This may be useful if you have multiple realm module instances. The default is 'no'.
ignore_null
This is set to either 'yes' or 'no'. If set to 'yes', this will prevent the module instance from matching a realm against the NULL entry. This may be useful if you have multiple realm module instances. The default is 'no'.

This module parses the realm from the User-Name attrbiute according to the instance configuration, and then performs a lookup to find a matching realm in the '/etc/raddb/proxy.conf' file. Depending on the configuration of the Realm as matched in the file, the username may be rewritten in a 'stripped' format, or with the Realm portion removed. In either case, a Realm attribute is created and added to the packet on a match, which can be used by other modules.

In order to force proxying for a request, set the Proxy-To-Realm := "realm-name" in the users file, or in a database such as SQL.  

CONFIGURATION

modules {
  ... stuff here ...


  # useranme@realm syntax

  realm suffix {

    format = suffix

    delimiter = "@"

  }


   # realm/username syntax

   realm prefix {

    format = prefix

    delimiter = "/"

  }


  ... stuff here ...
}

 

SECTIONS

authorization, pre-accounting

 

FILES

/etc/raddb/radiusd.conf, /etc/raddb/proxy.conf

 

SEE ALSO

radiusd(8), radiusd.conf(5), proxy.conf(5)  

AUTHORS

Chris Parker, cparker@segv.org


 

Index

NAME
DESCRIPTION
CONFIGURATION
SECTIONS
FILES
SEE ALSO
AUTHORS

linux.jgfs.net manual pages