Best config practices?

sphaero arnaud at
Mon Aug 11 11:47:32 CEST 2008

I'm setting up a new freeradius setup using many different authorization
modules. Mostly ldap and sql modules. For authentication I'm hoping to use
the default and as few custom as possible but I have to use some of the ldap
backends for authentication as well. (simple bind)

I wonder what are the best configuration practices. I've heard Alan DeKok
many times; So I want to
change the default config as little as possible.

I was thinking to start adding a few custom files to include in the default

$raddb/custom_mods.conf : the custom ldap and sql module definitions
$raddb/custom_auth.conf : custom authentication entries
$raddb/custom_autz.conf : custom authorization entries

I'm using realms to link the different authorization modules. If I'm correct
I need to add every realm to the proxy.conf file and set it to LOCAL. Is
this really needed?

realm {
        type            = radius
        authhost        = LOCAL
        accthost        = LOCAL

Finally I need to add the realms to users file

DEFAULT Realm == "", Autz-Type :=

(Auth-Type should be figured out by freeradius)

Is this the best way to setup a decent configuration? I'd like to skip the
proxy.conf configuration since it's saying the same for all realms. Anyone
some suggestions?


Arnaud Loonstra
View this message in context:
Sent from the FreeRadius - User mailing list archive at

More information about the Freeradius-Users mailing list