newbie and realms

Fajar A. Nugraha list at fajar.net
Wed Nov 9 13:42:00 CET 2011


On Wed, Nov 9, 2011 at 6:42 PM, walter harms <wharms at bfs.de> wrote:
>>> Can someone point me to a documentation that explains
>>> how to setup that "realms" ?
>>
>>   raddb/proxy.conf  That is the *only* place to configure realms, and it
>> is well documented.
>>
> i found:
> http://linux.die.net/man/5/rlm_realm
> http://wiki.freeradius.org/Proxy
>
> but i do not find the point where to place the name of the realm.

Did you read http://wiki.freeradius.org/Proxy.conf (or proxy.conf that
came with the default installation)?

Like Alan said, if you don't know what realms are, you don't need to use them.

If you DO need them, basically you just need to figure out what you
want to do with them; for example:
- AAA for users @domain-A.com will be proxied to server-a.com
- users @domain-B.com will be processed locally using virtual server virtual-B
- users @domain-C.com will be processed by the default server.

After that, everything in proxy.conf should be self-explanatory.

Regarding the names, a realm name usually matches whatever is included
in user-name; e.g. if user-name is user1 at domain-A.com, then you need
to define a realm called "domain-A.com" on proxy.conf (see examples
for "realm example.com" and "realm virtual.example.com").

However there are cases where freeradius realm names does not need to
match what's in user-name, that is if:
- you manually set "Proxy-To-Realm" control attribute, or
- you use wildcard (see last example on proxy.conf).

If you still have no idea what I'm talking about, then better describe
what you need. Perhaps you don't need realms at all.

-- 
Fajar




More information about the Freeradius-Users mailing list