FreeRADIUS authfile equivalent
Alan DeKok
aland at deployingradius.com
Mon May 14 22:50:38 CEST 2007
Steve Forman wrote:
> I'm attempting to migrate a RADIUS service from Interlink RADIUS
> to FreeRADIUS
Good choice. Interlink went bankrupt a few years ago. The current
version of the company is selling the old product, and not doing much else.
> and am running into a bit of a problem I was hoping you
> could help out with. Basically, I have several different domains which
> would all be separated by an @ sign plus the name of the domain. What
> I'd like to do is use separate local "users" files for each of these
> domains. Each "users.domain.com" file would then contain the username and
> password for every user in that domain such that if
> joesmith at domain1.com logs in, he will be authenticated with the
> "joesmith" password contained in "users.domain1.com".
To be honest, if all you need is username/password authentication, I
would suggest using a real database. It's ever so much easier than
poking at text files.
> However, there is
> no authfile in FreeRADIUS so the question is:
> How do I accomplish this same task with FreeRADIUS? Any information
> would be greatly appreciated. Thanks in advance.
It can be done, but it's a lot more complicated.
You can get equivalent functionality by having the main "users" file
do "$INCLUDE" of sub-files for each domain. The domain-specific "users"
file would then list:
user at foo.domain Cleartext-Password := "password"
i.e. Don't strip off the domain, and everything should Just Work. If
it doesn't, try:
user Realm == "foo.domain", Cleartext-Password := "password"
One of the two will work, depending on your local configuration. It's
a little more complicated than what you have now, but it's similar
enough to be not a large leap.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list