Scroll to navigation

rlm_realm(5) FreeRADIUS Module rlm_realm(5)

NAME

rlm_realm - FreeRADIUS Module

DESCRIPTION

The rlm_realm module parses the User-Name attribute into a User section and a Realm section. This is used primarily in a proxy situation, however, Realms can also be used locally to provide different service profiles based on the Realm being used.

The main configuration items to be aware of are:

This can be either 'prefix' or 'suffix'. It specifies whether the Realm is before or after the User portion in the User-Name string.
A single character in quotes, which is used as the delimiting character that separates the Realm and User sections of the string.
This is set to either 'yes' or 'no'. If set to 'yes', this will prevent the module instance from matching a realm against the DEFAULT entry. This may be useful if you have multiple realm module instances. The default is 'no'.
This is set to either 'yes' or 'no'. If set to 'yes', this will prevent the module instance from matching a realm against the NULL entry. This may be useful if you have multiple realm module instances. The default is 'no'.

This module parses the realm from the User-Name attrbiute according to the instance configuration, and then performs a lookup to find a matching realm in the '/etc/raddb/proxy.conf' file. Depending on the configuration of the Realm as matched in the file, the username may be rewritten in a 'stripped' format, or with the Realm portion removed. In either case, a Realm attribute is created and added to the packet on a match, which can be used by other modules.

CONFIGURATION

modules {

... stuff here ...

# useranme@realm syntax
realm suffix {
format = suffix
delimiter = "@"
}

# realm/username syntax
realm prefix {
format = prefix
delimiter = "/"
}

... stuff here ...
}

SECTIONS

authorization, pre-accounting

FILES

/etc/raddb/radiusd.conf, /etc/raddb/proxy.conf

SEE ALSO

radiusd(8), radiusd.conf(5), proxy.conf(5)

AUTHORS

Chris Parker, cparker@segv.org

14 March 2004