NAME¶
rlm_files - FreeRADIUS Module
DESCRIPTION¶
The
rlm_files module uses the 'users' file for accessing authorization
information for users. Additionally, it supports a 'users' file syntax to be
applied to the accounting and pre-proxy sections.
The main configuration items to be aware of are:
- usersfile
- The filename of the 'users' file, which is parsed during the authorization
stage of this module.
- acctusersfile
- The filename of the 'users' file, which is parsed during the accounting
stage of this module.
- preproxy_usersfile
- The filename of the 'users' file, which is parsed during the pre_proxy
stage of this module.
- compat
- This option allows FreeRADIUS to parse an old style Cistron syntax. The
default is 'no'. If you need to parse an old style Cistron file, set this
option to 'cistron'.
- key
- This option lets you set the attribute to use as a key to find entries.
The default is "%{Stripped-User-Name:-%{User-Name}}". Note that
the key MUST supply real data. Dynamic attributes like "Group"
will not work, because the "Group" attribute can only be used as
a comparison, to see if a user is in a Unix group. It will not return the
name of the Unix group that a user is in.
If you want to use groups as a key, see the
rlm_passwd, which will create
a real attribute that contains the group name.
This configuration entry enables you to have configurations that perform
per-group checks, and return per-group attributes, where the group membership
is dynamically defined by a previous module. It also lets you do things like
key off of attributes in the reply, and express policies like like "when
I send replies containing attribute FOO with value BAR, do more checks, and
maybe send additional attributes".
CONFIGURATION¶
modules {
... stuff here ...
files {
usersfile = %{confdir}/users
acctusersfile = %{confdir}/acct_users
preproxy_usersfile = %{confdir}/preproxy_users
compat = no
key = %{Stripped-User-Name:-%{User-Name}}
}
... stuff here ...
}
SECTIONS¶
authorization, accounting, pre_proxy
FILES¶
/etc/raddb/radiusd.conf, /etc/raddb/users,
/etc/raddb/acct_users, /etc/raddb/preproxy_users
SEE ALSO¶
radiusd(8),
radiusd.conf(5),
users(5)
AUTHORS¶
Chris Parker, cparker@segv.org