Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

rlm_files(5) [debian man page]

rlm_files(5)							 FreeRADIUS Module						      rlm_files(5)

NAME

       rlm_files - FreeRADIUS Module

DESCRIPTION

       The  rlm_files  module  uses  the 'users' file for accessing authorization information for users.  Additionally, it supports a 'users' file
       syntax to be applied to the accounting and pre-proxy sections.

       The main configuration items to be aware of are:

       usersfile
	      The filename of the 'users' file, which is parsed during the authorization stage of this module.

       acctusersfile
	      The filename of the 'users' file, which is parsed during the accounting stage of this module.

       preproxy_usersfile
	      The filename of the 'users' file, which is parsed during the pre_proxy stage of this module.

       compat This option allows FreeRADIUS to parse an old style Cistron syntax.  The default is 'no'.  If you need to parse an old style Cistron
	      file, set this option to 'cistron'.

       key    This option lets you set the attribute to use as a key to find entries.  The default is "%{Stripped-User-Name:-%{User-Name}}".  Note
	      that the key MUST supply real data.  Dynamic attributes like "Group" will not work, because the "Group" attribute can only  be  used
	      as a comparison, to see if a user is in a Unix group.  It will not return the name of the Unix group that a user is in.

       If you want to use groups as a key, see the rlm_passed, which will create a real attribute that contains the group name.

       This configuration entry enables you to have configurations that perform per-group checks, and return per-group attributes, where the group
       membership is dynamically defined by a previous module.	It also lets you do things like key off of attributes in the  reply,  and  express
       policies like like "when I send replies containing attribute FOO with value BAR, do more checks, and maybe send additional attributes".

CONFIGURATION

       modules {
	 ... stuff here ...
	 files {
	   usersfile = %{confdir}/users
	   acctusersfile = %{confdir}/acct_users
	   preproxy_usersfile = %{confdir}/preproxy_users
	   compat = no
	   key = %{Stripped-User-Name:-%{User-Name}}
	 }
	 ... stuff here ...
       }

SECTIONS

       authorization, accounting, pre_proxy

FILES

       /etc/raddb/radiusd.conf, /etc/raddb/users, /etc/raddb/acct_users, /etc/raddb/preproxy_users

SEE ALSO

       radiusd(8), radiusd.conf(5), users(5)

AUTHORS

       Chris Parker, cparker@segv.org

								  5 February 2004						      rlm_files(5)

Check Out this Related Man Page

rlm_acct_unique(5)						 FreeRADIUS Module						rlm_acct_unique(5)

NAME

       rlm_acct_unique - FreeRADIUS Module

DESCRIPTION

       The rlm_acct_unique module creates a unique accounting session Id.

       Many  NAS  vendors have their equipment supply an Acct-Session-Id attribute which is not unique over reboots.  This makes accounting diffi-
       cult, as there will be many independent sessions with the same Acct-Session-Id attribute.  This module uses the Acct-Session-Id	attribute,
       along with other attributes in the request, to create a more unique session ID, called Acct-Unique-Session-Id.

       The main configuration items to be aware of are:

       key    A list of the attributes used in calculating an MD5 hash which is used as the value for the unique session id.

CONFIGURATION

       modules {
	 ...
	 acct_unique {
	    key = "User-Name, Acct-Session-Id, NAS-IP-Address, NAS-Port"
	 }
	 ...
       }
	...
       preacct {
	 ...
	 acct_unique
	 ...
       }

       After  generating  the MD5 hash, the module adds it to the accounting request packet received from the client.  It will look something like
       this in your detail file:

	    Acct-Unique-Session-Id = "c66ef57e480b9d26"

       NOTE:  Any attribute you specify that is not found in the 'dictionary' file will cause the server to fail and exit with an error.

       NOTE:  If you want the Acct-Unique-Session-Id of the Start and the Stop packet of a particular session to match, you must  use  values  for
       the key that will stay the same for the Start and Stop.	The above example is a good start.  Adding 'Acct-Session-Time', for example, would
       cause a mismatch because that value is not the same on the Start and Stop accounting packets.

SECTIONS

       authorization, pre-accounting, accounting

FILES

       /etc/raddb/radiusd.conf

SEE ALSO

       radiusd(8), radiusd.conf(5)

AUTHORS

       Chris Parker, cparker@segv.org

								  3 February 2004						rlm_acct_unique(5)
Man Page