Re: Realms Setup Help Needed

Sat, 12 Mar 2005 11:19:40 -0800 

But at least I have it working now.

I hope to be able to help someone else now if I run across someone.

I did, and in the proxy doc file is where I must have got confused.

The realms are configured in two places. The first place is the
file /etc/raddb/proxy.conf, which is included by radiusd.conf. The
second place is from the /etc/raddb/realms file. The formats and
sample configurations are included as comments in the respective
files. 


If you use the /etc/raddb/realms file to enter realm configurations you will

 need to add the hostname and secret for the remote server in the
 file /etc/raddb/clients. On the remote server you need to add the
 hostname of your server and the same secret to /etc/raddb/clients as well


- A user logs in with a realm
 - The hints file gets processed as usual
 - The user is checked against the huntgroups file. At this point
   the user _might_ already be rejected.
 - The realm is looked up in the realms file. If it isn't defined,
   the users file is processed normally.
 - If the 'notrealm' option is defined, the user is processed
   locally.
 - The realm is stripped from the username unless "nostrip" was
   set, and the request is sent to a remote radius server. Note that
   any stripping done in the hints file doesn't have an effect on the
   username sent to the remote radius server unless you set the
   "hints" option.
 - The remote server replies with ACK or REJECT





Radius wrote:

Sat Mar 12 10:59:25 2005 : Auth: Login OK: [signup/newone] (from client 65.172.18.3 port 55)
Sat Mar 12 10:59:25 2005 : Auth: Login OK: [signup/newone] (from client kingserv port 55)
Sat Mar 12 11:00:38 2005 : Auth: Login OK: [signup/newone] (from client 65.172.18.3 port 55)
Sat Mar 12 11:00:38 2005 : Auth: Login OK: [signup/newone] (from client kingserv port 55)

Alan DeKok wrote:

Radius <[EMAIL PROTECTED]> wrote:


A lot of the stuff found on-line about this, must have been outdated.


 The documentation that comes with the server is the best source to
use.  Outside documentaion should be used only when the server docs
are unclear.



In the freedom radius.log, will it will be normal to have double entries for every login?


 I have no idea what you mean by that.

 Perhaps a practice of posting EXAMPLES would help.

 Alan DeKok.


- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html






- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to