Realm Config

Wed Aug 23 02:09:22 UTC 2023

Thanks for answer Alan

El mar, 22 ago 2023 a las 22:44, Alan DeKok (<aland at deployingradius.com>)
escribió:

> On Aug 22, 2023, at 9:29 PM, Carlos Botejara <cbotejara at gmail.com> wrote:
> >
> > I need to configure 2 realms, and validate users depending on the realm
> > from which they connect, I need specific rules for each site (with
> > different sql queries).
> > The users are in a mysql database.
> > I configured the Realms in the proxy.conf file as follows (because I
> don't
> > have domain)
> > realm1 {
> >     nostrip
> > }
> > realm2 {
> >     nostrip
> > }
>
>   That's a good start.
>
> > The realm is configured in the Mikrotik router of each site.
> > The Realm attribute for Mikrotik is Mikrotik-Realm
>
>   That doesn't matter much.
>
>   The approach here is always the same.  Write down what you want to do.
> Look at the debug log to see what the NAS is sending, etc.
>
>   In this, case:
>
> * what are the different queries you want to run?
> Way to validate the user, in one realm I will receive username/password,
> while in the other only user (a mac address)
>

> * How different are they?
> Not much. One of the sites will authenticate by username and password,
> while the other will do so only by mac.
>     Mikrotik runs a DHCP service, and it will validate against freeradius
> (macs are already loaded in the database), only in this case, Mikrotik
> sends only the MAC as user and does not send password.
>

> * do the different queries need different tables, different other things
> ???
> No, I use the same tables.

> * what are the different rules?
>
   they send bandwidth, vlan, IP address.

>
>   It's hard to answer a question of "I need to do stuff.  How do I
> configure it?"  When you give more information we get about what you need,
> you get better answers.  When the questions are vague, the answers are
> vague too.
>   Yes, that's true, sorry, you're right.
>   The recommended approach is to use different SQL tables based on
> realms.  This means that you can use the standard queries.  You then just
> need to update the mods-available/sql.conf file, to use the correct table
> name.  Where that file says:
>
>         authcheck_table = "radcheck"
>
>   You can change that to:
>
>         authcheck_table = "%{%{Realm}_radcheck:-radcheck}"
>
>   i.e. "if the realm exists, use a radcheck table named for the realm,
> otherwise use the normal radcheck table".
>
>   Do this for all of the tables named in mods-available/sql.
>
>   The server will automatically get the Realm, and use it in the SQL
> query.  All you need to do is to create a series of tables for each realm.
> Your main FreeRADIUS configuration can then be very, very, simple.
>   How does Freeradius interpret the Realm if Mikrotik sends it as
> Mikrotik-Realm?
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

Thanks!