A Logo

Feel free to include my content in your page via my
RSS feed

Help Irongeek.com pay for
bandwidth and research equipment:

Subscribestar or Patreon

Search Irongeek.com:

Affiliates:
Irongeek Button
Social-engineer-training Button

Help Irongeek.com pay for bandwidth and research equipment:

paypalpixle


Man page of rlm_files

rlm_files

Section: FreeRADIUS Module (5)
Updated: 5 February 2004
Index of this MAN page

Back To MAN Pages From BackTrack 5 R1 Master List  

NAME

rlm_files - FreeRADIUS Module  

DESCRIPTION

The rlm_files module uses the 'users' file for accessing authorization information for users. Additionally, it supports a 'users' file syntax to be applied to the accounting and pre-proxy sections.

The main configuration items to be aware of are:

usersfile
The filename of the 'users' file, which is parsed during the authorization stage of this module.
acctusersfile
The filename of the 'users' file, which is parsed during the accounting stage of this module.
preproxy_usersfile
The filename of the 'users' file, which is parsed during the pre_proxy stage of this module.
compat
This option allows FreeRADIUS to parse an old style Cistron syntax. The default is 'no'. If you need to parse an old style Cistron file, set this option to 'cistron'.
key
This option lets you set the attribute to use as a key to find entries. The default is "%{Stripped-User-Name:-%{User-Name}}". Note that the key MUST supply real data. Dynamic attributes like "Group" will not work, because the "Group" attribute can only be used as a comparison, to see if a user is in a Unix group. It will not return the name of the Unix group that a user is in.

If you want to use groups as a key, see the rlm_passed, which will create a real attribute that contains the group name.

This configuration entry enables you to have configurations that perform per-group checks, and return per-group attributes, where the group membership is dynamically defined by a previous module. It also lets you do things like key off of attributes in the reply, and express policies like like "when I send replies containing attribute FOO with value BAR, do more checks, and maybe send additional attributes".  

CONFIGURATION


modules {
  ... stuff here ...

files {
usersfile = %{confdir}/users
acctusersfile = %{confdir}/acct_users
preproxy_usersfile = %{confdir}/preproxy_users
compat = no
key = %{Stripped-User-Name:-%{User-Name}}
}
... stuff here ...
}

 

SECTIONS

authorization, accounting, pre_proxy

 

FILES

/etc/raddb/radiusd.conf, /etc/raddb/users, /etc/raddb/acct_users, /etc/raddb/preproxy_users

 

SEE ALSO

radiusd(8), radiusd.conf(5), users(5)  

AUTHORS

Chris Parker, cparker@segv.org


 

Index

NAME
DESCRIPTION
CONFIGURATION
SECTIONS
FILES
SEE ALSO
AUTHORS

This document was created by man2html, using the manual pages.
Time: 07:34:21 GMT, September 13, 2011

Printable version of this article

15 most recent posts on Irongeek.com:


If you would like to republish one of the articles from this site on your webpage or print journal please contact IronGeek.

Copyright 2020, IronGeek
Louisville / Kentuckiana Information Security Enthusiast