newbie and realms

[Fajar A. Nugraha]

On Wed, Nov 9, 2011 at 11:55 PM, walter harms <wharms at bfs.de> wrote:
>>   What do you mean by "realms should be equal"?  What is "m2m?
>
> equal = the realms will differ in names only, not in configuration
> m2m   = machine to machine - no user interaction

radius doesn't really care whether it's a "no user interaction" or
"user have to enter username and password" scenario.

>
>>> so dropping everything outside
>>> these realms would be ok. the number of "users" will be very limited.
>>> I did not expect that this would be anything complicated.

It's not. Not if you know what you want :)

> Our dial-ins (now no radiusd) are moved to a 3.party and they told me
> "setup a radiusd" with 6 realms". I guess the machines will get usernames,
> perhaps very box the same. the realm will simple reflect the region they
> are calling from.

First thing: you need to know what username the radius will get. For example:
- user1 at region1
- user1 at region2

Next step: figure out what you want to do with them

If you treat them equally, and you process AAA for them locally, then
there's really no need for you to touch proxy.conf at all. By default,
all realms will be handled locally.

You'll only need to add the users (user1 at region1, user1 at region2, etc)
to sql (or whatever backend you'll be using), and it should just work.
If a user entry is present, and the password match, they'll pass. If
the user is not in the backend (for example, if the username is
incorrect, or if the realm-part is incorrect) then it will be
rejected.

It's as simple as that.

-- 
Fajar