On 1/6/2010 12:13 PM, Nalin Mistry wrote:
We have just installed FreeRADIUS and have basic functionality working for ISP and Hotspot applications.For the ISP application, we would like to specify the realms supported on a NAS basis. Is this feasible and how would one go about configuring it.
FreeRADIUS uses a policy language for such things, it is up to you to write the correct policy, there are no built in methods for doing this.
Here are a couple of examples as to how you could achieve it:If you want a local non-centralized solution then use an instance of the files module:
raddb/modules/files
files realm_map {
# The default key attribute to use for matches. The content
# of this attribute is used to match the "name" of the
# entry.
key = "%{Client-Shortame}"
usersfile = ${confdir}/realm_map
#acctusersfile = ${confdir}/acct_users
#preproxy_usersfile = ${confdir}/preproxy_users
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
# to 'compat = cistron'. You can the copy your 'users'
# file from Cistron.
compat = no
} raddb/realm_map NASX Realm=='RealmX' Fall-Through = no NASX
Realm=='RealmY' Fall-Through = no NASY Realm=='RealmZ' Fall-Through = no
DEFAULT Auth-Type := Reject Or if you want something SQL based:
authorize {} if("%{sql:SELECT COUNT(*) FROM `my_realm_mappings` WHERE
`nas`='%{Client-Shortname}' AND `realm`='%{Realm}' LIMIT 1" != 1){
reject } -Arran
smime.p7s
Description: S/MIME Cryptographic Signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
