newbie and realms

walter harms wharms at bfs.de
Wed Nov 9 14:45:25 CET 2011 


Am 09.11.2011 13:42, schrieb Fajar A. Nugraha:
> On Wed, Nov 9, 2011 at 6:42 PM, walter harms <wharms at bfs.de> wrote:
>>>> Can someone point me to a documentation that explains
>>>> how to setup that "realms" ?
>>>
>>>   raddb/proxy.conf  That is the *only* place to configure realms, and it
>>> is well documented.
>>>
>> i found:
>> http://linux.die.net/man/5/rlm_realm
>> http://wiki.freeradius.org/Proxy
>>
>> but i do not find the point where to place the name of the realm.
> 
> Did you read http://wiki.freeradius.org/Proxy.conf (or proxy.conf that
> came with the default installation)?
> 
> Like Alan said, if you don't know what realms are, you don't need to use them.
> 
> If you DO need them, basically you just need to figure out what you
> want to do with them; for example:
> - AAA for users @domain-A.com will be proxied to server-a.com
> - users @domain-B.com will be processed locally using virtual server virtual-B
> - users @domain-C.com will be processed by the default server.
> 
> After that, everything in proxy.conf should be self-explanatory.
> 
> Regarding the names, a realm name usually matches whatever is included
> in user-name; e.g. if user-name is user1 at domain-A.com, then you need
> to define a realm called "domain-A.com" on proxy.conf (see examples
> for "realm example.com" and "realm virtual.example.com").
> 
> However there are cases where freeradius realm names does not need to
> match what's in user-name, that is if:
> - you manually set "Proxy-To-Realm" control attribute, or
> - you use wildcard (see last example on proxy.conf).
> 
> If you still have no idea what I'm talking about, then better describe
> what you need. Perhaps you don't need realms at all.
> 

mmh, i am starting to understand, i was expecting something different
therefore i did not realize what i have found.

use case:
my task is to setup a radiusd for 6 realms (Again not my idea). all realms
should be equal and will be used for m2m only. so dropping everything outside
these realms would be ok. the number of "users" will be very limited.
I did not expect that this would be anything complicated.

re,
 wh

More information about the Freeradius-Users mailing list