Realm Config

[Alan DeKok]

On Aug 22, 2023, at 9:29 PM, Carlos Botejara <cbotejara at gmail.com> wrote:
> 
> I need to configure 2 realms, and validate users depending on the realm
> from which they connect, I need specific rules for each site (with
> different sql queries).
> The users are in a mysql database.
> I configured the Realms in the proxy.conf file as follows (because I don't
> have domain)
> realm1 {
>     nostrip
> }
> realm2 {
>     nostrip
> }

  That's a good start.

> The realm is configured in the Mikrotik router of each site.
> The Realm attribute for Mikrotik is Mikrotik-Realm

  That doesn't matter much.

  The approach here is always the same.  Write down what you want to do.  Look at the debug log to see what the NAS is sending, etc.

  In this, case:

* what are the different queries you want to run?

* How different are they?

* do the different queries need different tables, different other things ???

* what are the different rules?

  It's hard to answer a question of "I need to do stuff.  How do I configure it?"  When you give more information we get about what you need, you get better answers.  When the questions are vague, the answers are vague too.

  The recommended approach is to use different SQL tables based on realms.  This means that you can use the standard queries.  You then just need to update the mods-available/sql.conf file, to use the correct table name.  Where that file says:

	authcheck_table = "radcheck"

  You can change that to:

	authcheck_table = "%{%{Realm}_radcheck:-radcheck}"

  i.e. "if the realm exists, use a radcheck table named for the realm, otherwise use the normal radcheck table".

  Do this for all of the tables named in mods-available/sql.

  The server will automatically get the Realm, and use it in the SQL query.  All you need to do is to create a series of tables for each realm.  Your main FreeRADIUS configuration can then be very, very, simple.

  Alan DeKok.