Man page - rlm_realm(5)
Packages contas this manual
- rlm_chap(5)
- radrelay(8)
- rlm_ippool_tool(8)
- radmin(8)
- radtest(1)
- radsqlrelay(8)
- rlm_mschap(5)
- rlm_realm(5)
- rlm_attr_filter(5)
- rlm_unix(5)
- rlm_sql(5)
- radwho(1)
- clients.conf(5)
- rlm_digest(5)
- rlm_files(5)
- radlast(1)
- radclient(1)
- rlm_detail(5)
- rlm_idn(5)
- rlm_expr(5)
- raddebug(8)
- rlm_sqlippool_tool(8)
- rlm_unbound(5)
- smbencrypt(1)
- checkrad(5)
- rlm_always(5)
- radeapclient(1)
- radrelay.conf(5)
- radsniff(8)
- rlm_counter(5)
- freeradius(8)
- radcrypt(8)
- radiusd.conf(5)
- rlm_passwd(5)
- rlm_pap(5)
- dictionary(5)
- unlang(5)
- rad_counter(1)
- radzap(1)
- users(5)
apt-get install freeradius-common
Manual
| rlm_realm(5) | FreeRADIUS Module | rlm_realm(5) |
NAME
rlm_realm - FreeRADIUS Module
DESCRIPTION
The rlm_realm module parses the User-Name attribute into a User section and a Realm section. This is used primarily in a proxy situation, however, Realms can also be used locally to provide different service profiles based on the Realm being used.
The main configuration items to be aware of are:
- format
- This can be either 'prefix' or 'suffix'. It specifies whether the Realm is before or after the User portion in the User-Name string.
- delimiter
- A single character in quotes, which is used as the delimiting character that separates the Realm and User sections of the string.
- ignore_default
- This is set to either 'yes' or 'no'. If set to 'yes', this will prevent the module instance from matching a realm against the DEFAULT entry. This may be useful if you have multiple realm module instances. The default is 'no'.
- ignore_null
- This is set to either 'yes' or 'no'. If set to 'yes', this will prevent the module instance from matching a realm against the NULL entry. This may be useful if you have multiple realm module instances. The default is 'no'.
This module parses the realm from the User-Name attribute according to the instance configuration, and then performs a lookup to find a matching realm in the '/etc/freeradius/3.0/proxy.conf' file. Depending on the configuration of the Realm as matched in the file, the username may be rewritten in a 'stripped' format, or with the Realm portion removed. In either case, a Realm attribute is created and added to the packet on a match, which can be used by other modules.
CONFIGURATION
modules {
... stuff here ...
# useranme@realm syntax
realm suffix {
format = suffix
delimiter = "@"
}
# realm/username syntax
realm prefix {
format = prefix
delimiter = "/"
}
... stuff here ...
}
SECTIONS
authorization, pre-accounting
FILES
/etc/freeradius/3.0/radiusd.conf, /etc/freeradius/3.0/proxy.conf
SEE ALSO
radiusd(8), radiusd.conf(5), proxy.conf(5)
AUTHORS
Chris Parker, cparker@segv.org
| 14 March 2004 |