Freeradius module
The rlm_realm module parses the User-Name attribute into a User section and a Realm section. This is used primarily in a proxy situation, however, Realms can also be used locally to provide different service profiles based on the Realm being used.
The main configuration items to be aware of are:
This can be either 'prefix' or 'suffix'. It specifies whether the Realm is before or after the User portion in the User-Name string.
A single character in quotes, which is used as the delimiting character that separates the Realm and User sections of the string.
This is set to either 'yes' or 'no'. If set to 'yes', this will prevent the module instance from matching a realm against the DEFAULT entry. This may be useful if you have multiple realm module instances. The default is 'no'.
This is set to either 'yes' or 'no'. If set to 'yes', this will prevent the module instance from matching a realm against the NULL entry. This may be useful if you have multiple realm module instances. The default is 'no'.
This module parses the realm from the User-Name attrbiute according to the instance configuration, and then performs a lookup to find a matching realm in the '/etc/raddb/proxy.conf' file. Depending on the configuration of the Realm as matched in the file, the username may be rewritten in a 'stripped' format, or with the Realm portion removed. In either case, a Realm attribute is created and added to the packet on a match, which can be used by other modules.
modules { ... stuff here ... # useranme@realm syntax realm suffix { format = suffix delimiter = "@" } # realm/username syntax realm prefix { format = prefix delimiter = "/" } ... stuff here ... }
authorization, pre-accounting
/etc/raddb/radiusd.conf, /etc/raddb/proxy.conf
radiusd(8), radiusd.conf(5), proxy.conf(5)
Chris Parker, [email protected]