NAME¶
rlm_realm - FreeRADIUS Module
DESCRIPTION¶
The
rlm_realm module parses the User-Name attribute into a User section
and a Realm section. This is used primarily in a proxy situation, however,
Realms can also be used locally to provide different service profiles based on
the Realm being used.
The main configuration items to be aware of are:
- format
- This can be either 'prefix' or 'suffix'. It specifies whether the Realm is
before or after the User portion in the User-Name string.
- delimiter
- A single character in quotes, which is used as the delimiting character
that separates the Realm and User sections of the string.
- ignore_default
- This is set to either 'yes' or 'no'. If set to 'yes', this will prevent
the module instance from matching a realm against the DEFAULT entry. This
may be useful if you have multiple realm module instances. The default is
'no'.
- ignore_null
- This is set to either 'yes' or 'no'. If set to 'yes', this will prevent
the module instance from matching a realm against the NULL entry. This may
be useful if you have multiple realm module instances. The default is
'no'.
This module parses the realm from the User-Name attrbiute according to the
instance configuration, and then performs a lookup to find a matching realm in
the '/etc/raddb/proxy.conf' file. Depending on the configuration of the Realm
as matched in the file, the username may be rewritten in a 'stripped' format,
or with the Realm portion removed. In either case, a Realm attribute is
created and added to the packet on a match, which can be used by other
modules.
CONFIGURATION¶
modules {
... stuff here ...
# useranme@realm syntax
realm suffix {
format = suffix
delimiter = "@"
}
# realm/username syntax
realm prefix {
format = prefix
delimiter = "/"
}
... stuff here ...
}
SECTIONS¶
authorization, pre-accounting
FILES¶
/etc/raddb/radiusd.conf, /etc/raddb/proxy.conf
SEE ALSO¶
radiusd(8),
radiusd.conf(5),
proxy.conf(5)
AUTHORS¶
Chris Parker, cparker@segv.org