How best to map users to domain name for login

Thu Aug 24 19:21:09 CEST 2017

On Aug 24, 2017, at 12:53 PM, yani at ecoco.co.uk wrote:
> Thank you for the quick reply,  I'm just a newbie with Freeradius,
> trying to understand its modus operandi :)
> I have come to the conclusion that I will need to modify the schema and
> change the way in which the db is queried after seeing the output below
> for a test user in the test domain domaina.com .

  Hmm... do you already have a user database?

  Yes or no?

  If yes, just point FR to the DB.

  If no, you can create a custom schema that meets your needs.  Then, make FreeRADIUS use that schema.

> I suppose it's really only adding a realm field to the
> radius.radcheckdb  and using that in the  subsequent queries. something
> like :

  If you're going to use a custom schema, then use a custom schema.  Don't mangle the existing schema.

> if this is what you mean by mangling the data then I'm still missing
> something - ie how to best relate users to realms/domains.

  The answer depends on what your needs are.  As I'm trying to explain, FreeRADIUS can do almost anything.  It's easier to create a schema that makes life easy for you, and then make FreeRADIUS query that schema.

  So the question of "how to best relate users to realms/domains" is a question for YOU.  What are YOUR NEEDS for tracking users?

  Create a system that meets your needs.  It's really the simple.

  But from the current conversation, I suspect you don't know what you want.  Which means it's *impossible* to configure the server to do what you want.

  If your only requirement is that each "user at domain" is unique, then just treat the whole string as a unique string.  Don't configure realms.  Don't configure domains.  Just put "user at domain" into the SQL configuration, and treat *that* as the User-Name.

  Alan DeKok.