Best config practices?

Alan DeKok aland at
Mon Aug 11 11:59:28 CEST 2008

sphaero wrote:
> I was thinking to start adding a few custom files to include in the default
> config.
> $raddb/custom_mods.conf : the custom ldap and sql module definitions
> $raddb/custom_auth.conf : custom authentication entries
> $raddb/custom_autz.conf : custom authorization entries

  In 2.0.5, the raddb/modules directory can hold modules.  The
raddb/sites-enabled/ directory holds custom virtual servers.

> I'm using realms to link the different authorization modules.

  I'm not sure what that means..

> If I'm correct
> I need to add every realm to the proxy.conf file and set it to LOCAL. Is
> this really needed?

  You need to add realms to proxy.conf.  See the default proxy.conf,
"realm LOCAL" for an example of configuring a local realm.

> Finally I need to add the realms to users file
> DEFAULT Realm == "", Autz-Type :=

  That will work.  But in 2.0.5, I would suggest *not* using Autz-Type.
 The new virtual server functionality is much more powerful.

  Still... if this works for you, there's no harm in using it.

  Alan DeKok.

More information about the Freeradius-Users mailing list