Multiple Realms per NAS
Arran Cudbard-Bell
arran.cudbard-bell at hp.com
Wed Jan 6 21:59:19 CET 2010
On 1/6/2010 12:13 PM, Nalin Mistry wrote:
> We have just installed FreeRADIUS and have basic functionality working for ISP and Hotspot applications.
>
> For the ISP application, we would like to specify the realms supported on a NAS basis. Is this feasible and how would one go about configuring it.
>
>
FreeRADIUS uses a policy language for such things, it is up to you to
write the correct policy, there are no built in methods for doing this.
Here are a couple of examples as to how you could achieve it:
If you want a local non-centralized solution then use an instance of the
files module:
raddb/modules/files
files realm_map {
# The default key attribute to use for matches. The content
# of this attribute is used to match the "name" of the
# entry.
key = "%{Client-Shortame}"
usersfile = ${confdir}/realm_map
#acctusersfile = ${confdir}/acct_users
#preproxy_usersfile = ${confdir}/preproxy_users
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
# to 'compat = cistron'. You can the copy your 'users'
# file from Cistron.
compat = no
} raddb/realm_map NASX Realm=='RealmX' Fall-Through = no NASX
Realm=='RealmY' Fall-Through = no NASY Realm=='RealmZ' Fall-Through = no
DEFAULT Auth-Type := Reject Or if you want something SQL based:
authorize {} if("%{sql:SELECT COUNT(*) FROM `my_realm_mappings` WHERE
`nas`='%{Client-Shortname}' AND `realm`='%{Realm}' LIMIT 1" != 1){
reject } -Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6146 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100106/3c3b9f90/attachment.bin>
More information about the Freeradius-Users
mailing list