Man page - rlm_files(5)
Packages contas this manual
- rlm_chap(5)
- radrelay(8)
- rlm_ippool_tool(8)
- radmin(8)
- radtest(1)
- radsqlrelay(8)
- rlm_mschap(5)
- rlm_realm(5)
- rlm_attr_filter(5)
- rlm_unix(5)
- rlm_sql(5)
- radwho(1)
- clients.conf(5)
- rlm_digest(5)
- rlm_files(5)
- radlast(1)
- radclient(1)
- rlm_detail(5)
- rlm_idn(5)
- rlm_expr(5)
- raddebug(8)
- rlm_sqlippool_tool(8)
- rlm_unbound(5)
- smbencrypt(1)
- checkrad(5)
- rlm_always(5)
- radeapclient(1)
- radrelay.conf(5)
- radsniff(8)
- rlm_counter(5)
- freeradius(8)
- radcrypt(8)
- radiusd.conf(5)
- rlm_passwd(5)
- rlm_pap(5)
- dictionary(5)
- unlang(5)
- rad_counter(1)
- radzap(1)
- users(5)
apt-get install freeradius-common
Manual
| rlm_files(5) | FreeRADIUS Module | rlm_files(5) |
NAME
rlm_files - FreeRADIUS Module
DESCRIPTION
The rlm_files module uses the 'users' file for accessing authorization information for users. Additionally, it supports a 'users' file syntax to be applied to the accounting and pre-proxy sections.
The main configuration items to be aware of are:
- usersfile
- The filename of the 'users' file, which is parsed during the authorization stage of this module.
- acctusersfile
- The filename of the 'users' file, which is parsed during the accounting stage of this module.
- preproxy_usersfile
- The filename of the 'users' file, which is parsed during the pre_proxy stage of this module.
- compat
- This option allows FreeRADIUS to parse an old style Cistron syntax. The default is 'no'. If you need to parse an old style Cistron file, set this option to 'cistron'.
- key
- This option lets you set the attribute to use as a key to find entries. The default is "%{%{Stripped-User-Name}:-%{User-Name}}". Note that the key MUST supply real data. Dynamic attributes like "Group" will not work, because the "Group" attribute can only be used as a comparison, to see if a user is in a Unix group. It will not return the name of the Unix group that a user is in.
If you want to use groups as a key, see the rlm_passwd, which will create a real attribute that contains the group name.
This configuration entry enables you to have configurations that perform per-group checks, and return per-group attributes, where the group membership is dynamically defined by a previous module. It also lets you do things like key off of attributes in the reply, and express policies like "when I send replies containing attribute FOO with value BAR, do more checks, and maybe send additional attributes".
CONFIGURATION
modules {
... stuff here ...
files {
usersfile = %{confdir}/users
acctusersfile = %{confdir}/acct_users
preproxy_usersfile = %{confdir}/preproxy_users
compat = no
key = %{%{Stripped-User-Name}:-%{User-Name}}
}
... stuff here ...
}
SECTIONS
authorization, accounting, pre_proxy
FILES
/etc/freeradius/3.0/radiusd.conf, /etc/freeradius/3.0/users, /etc/freeradius/3.0/acct_users, /etc/freeradius/3.0/preproxy_users
SEE ALSO
radiusd(8), radiusd.conf(5), users(5)
AUTHORS
Chris Parker, cparker@segv.org
| 5 February 2004 |