Using realms without proxying

2009-09-03 Thread James Wu
Hi everyone,

I'm using freeradius-2.1.4 with MySQL and would like to set up realms
without proxying. The reason is that I'd like to keep all the requests
to a single Radius server, however would like to separate the users'
radreplies based on their username/groups. I know that I can use
groupnames to have group based policies but I would like to have the
groupname as part of the login name, hence the realms.

The main reason for wanting to set up realms is so that I can have a
username with usern...@groupname format and use the variables %{Realm}
and %{Stripped-User-Name}. When I do set up realms, it seems that I have
to proxy. Is there another way of accomplishing this?

James

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Using realms without proxying

2009-09-03 Thread Leigh Martell
Just proxy the realm locally..

realm managers {
auth = LOCAL
acct = LOCAL
nostrip
}

You may want to make sure you acct query is not using the stripped user name
though.

-Leigh

On Thu, Sep 3, 2009 at 4:27 PM, James Wu ja...@connection.ca wrote:

 Hi everyone,

 I'm using freeradius-2.1.4 with MySQL and would like to set up realms
 without proxying. The reason is that I'd like to keep all the requests
 to a single Radius server, however would like to separate the users'
 radreplies based on their username/groups. I know that I can use
 groupnames to have group based policies but I would like to have the
 groupname as part of the login name, hence the realms.

 The main reason for wanting to set up realms is so that I can have a
 username with usern...@groupname format and use the variables %{Realm}
 and %{Stripped-User-Name}. When I do set up realms, it seems that I have
 to proxy. Is there another way of accomplishing this?

 James

 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Realms and proxying

2008-08-19 Thread Dean, Barry
I currently have a realm defined:

realm liv.ac.uk {
type= radius
authhost= LOCAL
accthost= LOCAL
}

I now have one of my departments, which for various complex reasons, has been 
allowed to have its own user accounts.
They have the subdomain name csc.liv.ac.uk. I want to proxy RADIUS to their 
server.

If I add:

realm csc.liv.ac.uk {
type= radius
authhost= server.csc.liv.ac.uk:1812
accthost= server.csc.liv.ac.uk:1813
}

Is this position dependant? Does it have to appear before the liv.ac.uk realm 
to prevent [EMAIL PROTECTED] being caught by the first realm?

I have:

realm suffix {
format = suffix
delimiter = @
}

in radius.conf.

---
Barry Dean
Networks Team
Computing Services Department
Tel: 0151 794 5641 (x45641)



-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Re: Realms and proxying

2008-08-19 Thread Stefan Winter

Hi,


Is this position dependant? Does it have to appear before the liv.ac.uk realm to prevent 
[EMAIL PROTECTED] being caught by the first realm?
  


No, unless you use a regex in the realm stanza, the matches are 
*literal* realms. i.e. realm liv.ac.uk does not match foo.bar.liv.ac.uk.


Greetings,

Stefan Winter

--
Stefan WINTER
Ingenieur de Recherche
Fondation RESTENA - Réseau Téléinformatique de l'Education Nationale et de la 
Recherche
6, rue Richard Coudenhove-Kalergi
L-1359 Luxembourg

Tel: +352 424409 1
Fax: +352 422473

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html