Best config practices?

sphaero arnaud at sphaero.org
Mon Aug 11 11:47:32 CEST 2008


I'm setting up a new freeradius setup using many different authorization
modules. Mostly ldap and sql modules. For authentication I'm hoping to use
the default and as few custom as possible but I have to use some of the ldap
backends for authentication as well. (simple bind)

I wonder what are the best configuration practices. I've heard Alan DeKok
many times; 
http://deployingradius.com/documents/configuration/setup.html. So I want to
change the default config as little as possible.

I was thinking to start adding a few custom files to include in the default
config.

$raddb/custom_mods.conf : the custom ldap and sql module definitions
$raddb/custom_auth.conf : custom authentication entries
$raddb/custom_autz.conf : custom authorization entries

I'm using realms to link the different authorization modules. If I'm correct
I need to add every realm to the proxy.conf file and set it to LOCAL. Is
this really needed?

realm test.com {
        type            = radius
        authhost        = LOCAL
        accthost        = LOCAL
}

Finally I need to add the realms to users file

DEFAULT Realm == "test.com", Autz-Type := test.com

(Auth-Type should be figured out by freeradius)

Is this the best way to setup a decent configuration? I'd like to skip the
proxy.conf configuration since it's saying the same for all realms. Anyone
some suggestions?

Rg,

Arnaud Loonstra
-- 
View this message in context: http://www.nabble.com/Best-config-practices--tp18922693p18922693.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list