Best config practices?

sphaero arnaud at sphaero.org
Mon Aug 11 14:05:40 CEST 2008 

Ok,

To finalise for the archive:

In the freeradius config directory I create the following 3 files:
custom-mods.conf, custom-autz.conf, custom-auth.conf
custommods.conf:
ldap bla1 {
	server = "10.48.65.1"
	port = 636
	basedn = "o=bla1"
	filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
	access_attr = "cn"
	tls_require_cert      = "never"
	set_auth_type = yes
}
ldap bla2 {
	server = "10.60.65.1"
	port = 636
	basedn = "o=bla2"
	filter = "(cn=%{Stripped-User-Name:-%{User-Name}})"
	access_attr = "cn"
	tls_require_cert      = "never"
	set_auth_type = yes
}
sql bla3 {
	driver = "rlm_sql_unixodbc"
	# Connect info
	server = "mssql"
	login = "login_User"
	password = "passs"
	radius_db = "database"

	acct_table1 = "radacct"
	acct_table2 = "radacct"

	authcheck_table = "table_user"
	authreply_table = "table_user"

	groupcheck_table = "radgroupcheck"
	groupreply_table = "radgroupreply"
	usergroup_table = "usergroup"

	deletestalesessions = yes

	# Print all SQL statements when in debug mode (-x)
	sqltrace = no
	sqltracefile = ${logdir}/sqltrace.sql

	# number of sql connections to make to server
	num_sql_socks = 5
	sql_user_name = "%{Stripped-User-Name:-%{User-Name:-none}}"
	# Custom query die attributen klaar zet!
	authorize_check_query = "SELECT UserID,Username,'SHA-Password' AS
Attribute, Password, ':=' AS Op FROM ${authcheck_table} WHERE Username =
'%{SQL-User-Name}' ORDER BY UserID"
	authorize_reply_query = "SELECT UserID,Username from {authreply_table}
WHERE Username = '%{SQL-User-Name}' ORDER BY UserID"
}

custom-autz.conf:
Autz-Type bla1 {
	bla1
}
Autz-Type bla2 {
	bla2
}
Autz-Type bla3 {
	bla3
}

custom-auth.conf:
Auth-Type bla1 {
	bla1
}
Auth-Type bla2 {
	bla2
}

add in proxy.conf :
realm DEFAULT {
        type            = radius
        authhost        = LOCAL
        accthost        = LOCAL
}

and finally in users:
DEFAULT Realm == DEFAULT, User-Name =~ ".*@bla1$", Autz-Type := bla1
DEFAULT Realm == DEFAULT, User-Name =~ ".*@bla2$", Autz-Type := bla2
DEFAULT Realm == DEFAULT, User-Name =~ ".*@bla3$", Autz-Type := bla3

that's it. This is for the 1.1 series. 2.0 could be done differently.
Correct?

Rg,

Arnaud

-- 
View this message in context: http://www.nabble.com/Best-config-practices--tp18922693p18924526.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.

More information about the Freeradius-Users mailing list