On Wed, Nov 9, 2011 at 11:55 PM, walter harms <[email protected]> wrote: >> What do you mean by "realms should be equal"? What is "m2m? > > equal = the realms will differ in names only, not in configuration > m2m = machine to machine - no user interaction
radius doesn't really care whether it's a "no user interaction" or "user have to enter username and password" scenario. > >>> so dropping everything outside >>> these realms would be ok. the number of "users" will be very limited. >>> I did not expect that this would be anything complicated. It's not. Not if you know what you want :) > Our dial-ins (now no radiusd) are moved to a 3.party and they told me > "setup a radiusd" with 6 realms". I guess the machines will get usernames, > perhaps very box the same. the realm will simple reflect the region they > are calling from. First thing: you need to know what username the radius will get. For example: - user1@region1 - user1@region2 Next step: figure out what you want to do with them If you treat them equally, and you process AAA for them locally, then there's really no need for you to touch proxy.conf at all. By default, all realms will be handled locally. You'll only need to add the users (user1@region1, user1@region2, etc) to sql (or whatever backend you'll be using), and it should just work. If a user entry is present, and the password match, they'll pass. If the user is not in the backend (for example, if the username is incorrect, or if the realm-part is incorrect) then it will be rejected. It's as simple as that. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
