Multiple Realms per NAS

Arran Cudbard-Bell arran.cudbard-bell at hp.com
Wed Jan 6 21:59:19 CET 2010


On 1/6/2010 12:13 PM, Nalin Mistry wrote:
> We have just installed FreeRADIUS and have basic functionality working for  ISP and Hotspot applications.
>
> For the ISP application, we would like to specify the realms supported on a NAS basis. Is this feasible and how would one go about configuring it.
>
>    

FreeRADIUS uses a policy language for such things, it is up to you to 
write the correct policy, there are no built in methods for doing this.

Here are a couple of examples as to how you could achieve it:

If you want a local non-centralized solution then use an instance of the 
files module:

raddb/modules/files

files realm_map {
# The default key attribute to use for matches. The content
# of this attribute is used to match the "name" of the
# entry.
key = "%{Client-Shortame}"
usersfile = ${confdir}/realm_map
#acctusersfile = ${confdir}/acct_users
#preproxy_usersfile = ${confdir}/preproxy_users
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
# to 'compat = cistron'. You can the copy your 'users'
# file from Cistron.
compat = no
} raddb/realm_map NASX Realm=='RealmX' Fall-Through = no NASX 
Realm=='RealmY' Fall-Through = no NASY Realm=='RealmZ' Fall-Through = no 
DEFAULT Auth-Type := Reject Or if you want something SQL based: 
authorize {} if("%{sql:SELECT COUNT(*) FROM `my_realm_mappings` WHERE 
`nas`='%{Client-Shortname}' AND `realm`='%{Realm}' LIMIT 1" != 1){ 
reject } -Arran


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6146 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100106/3c3b9f90/attachment.bin>


More information about the Freeradius-Users mailing list