table of contents
- buster 3.0.17+dfsg-1.1
- buster-backports 3.0.21+dfsg-1~bpo10+1
- testing 3.0.21+dfsg-2
- unstable 3.0.21+dfsg-2.2
rlm_files(5) | FreeRADIUS Module | rlm_files(5) |
NAME¶
rlm_files - FreeRADIUS ModuleDESCRIPTION¶
The rlm_files module uses the 'users' file for accessing authorization information for users. Additionally, it supports a 'users' file syntax to be applied to the accounting and pre-proxy sections.The main configuration items to be aware of are:
- usersfile
- The filename of the 'users' file, which is parsed during the authorization stage of this module.
- acctusersfile
- The filename of the 'users' file, which is parsed during the accounting stage of this module.
- preproxy_usersfile
- The filename of the 'users' file, which is parsed during the pre_proxy stage of this module.
- compat
- This option allows FreeRADIUS to parse an old style Cistron syntax. The default is 'no'. If you need to parse an old style Cistron file, set this option to 'cistron'.
- key
- This option lets you set the attribute to use as a key to find entries. The default is "%{%{Stripped-User-Name}:-%{User-Name}}". Note that the key MUST supply real data. Dynamic attributes like "Group" will not work, because the "Group" attribute can only be used as a comparison, to see if a user is in a Unix group. It will not return the name of the Unix group that a user is in.
If you want to use groups as a key, see the rlm_passwd, which will create a real attribute that contains the group name.
This configuration entry enables you to have configurations that perform per-group checks, and return per-group attributes, where the group membership is dynamically defined by a previous module. It also lets you do things like key off of attributes in the reply, and express policies like like "when I send replies containing attribute FOO with value BAR, do more checks, and maybe send additional attributes".
CONFIGURATION¶
modules { ... stuff here ... files { usersfile = %{confdir}/users acctusersfile = %{confdir}/acct_users preproxy_usersfile = %{confdir}/preproxy_users compat = no key = %{%{Stripped-User-Name}:-%{User-Name}} } ... stuff here ...
}
SECTIONS¶
authorization, accounting, pre_proxyFILES¶
/etc/freeradius/3.0/radiusd.conf, /etc/freeradius/3.0/users, /etc/freeradius/3.0/acct_users, /etc/freeradius/3.0/preproxy_usersSEE ALSO¶
radiusd(8), radiusd.conf(5), users(5)AUTHORS¶
Chris Parker, cparker@segv.org5 February 2004 |