newbie and realms
Fajar A. Nugraha
list at fajar.net
Thu Nov 10 04:35:36 CET 2011
On Wed, Nov 9, 2011 at 11:55 PM, walter harms <wharms at bfs.de> wrote:
>> What do you mean by "realms should be equal"? What is "m2m?
>
> equal = the realms will differ in names only, not in configuration
> m2m = machine to machine - no user interaction
radius doesn't really care whether it's a "no user interaction" or
"user have to enter username and password" scenario.
>
>>> so dropping everything outside
>>> these realms would be ok. the number of "users" will be very limited.
>>> I did not expect that this would be anything complicated.
It's not. Not if you know what you want :)
> Our dial-ins (now no radiusd) are moved to a 3.party and they told me
> "setup a radiusd" with 6 realms". I guess the machines will get usernames,
> perhaps very box the same. the realm will simple reflect the region they
> are calling from.
First thing: you need to know what username the radius will get. For example:
- user1 at region1
- user1 at region2
Next step: figure out what you want to do with them
If you treat them equally, and you process AAA for them locally, then
there's really no need for you to touch proxy.conf at all. By default,
all realms will be handled locally.
You'll only need to add the users (user1 at region1, user1 at region2, etc)
to sql (or whatever backend you'll be using), and it should just work.
If a user entry is present, and the password match, they'll pass. If
the user is not in the backend (for example, if the username is
incorrect, or if the realm-part is incorrect) then it will be
rejected.
It's as simple as that.
--
Fajar
More information about the Freeradius-Users
mailing list