bionic (5) rlm_files.5.gz

Provided by: freeradius-common_3.0.16+dfsg-1ubuntu3.2_all bug

NAME

       rlm_files - FreeRADIUS Module

DESCRIPTION

       The  rlm_files  module  uses  the  'users'  file  for  accessing  authorization  information  for  users.
       Additionally, it supports a 'users' file syntax to be applied to the accounting and pre-proxy sections.

       The main configuration items to be aware of are:

       usersfile
              The filename of the 'users' file, which is parsed during the authorization stage of this module.

       acctusersfile
              The filename of the 'users' file, which is parsed during the accounting stage of this module.

       preproxy_usersfile
              The filename of the 'users' file, which is parsed during the pre_proxy stage of this module.

       compat This option allows FreeRADIUS to parse an old style Cistron syntax.  The default is 'no'.  If  you
              need to parse an old style Cistron file, set this option to 'cistron'.

       key    This  option  lets  you  set  the  attribute  to  use  as  a  key to find entries.  The default is
              "%{%{Stripped-User-Name}:-%{User-Name}}".  Note that the  key  MUST  supply  real  data.   Dynamic
              attributes  like  "Group"  will  not  work,  because  the  "Group" attribute can only be used as a
              comparison, to see if a user is in a Unix group.  It will not return the name of  the  Unix  group
              that a user is in.

       If  you want to use groups as a key, see the rlm_passwd, which will create a real attribute that contains
       the group name.

       This configuration entry enables you to have configurations that perform  per-group  checks,  and  return
       per-group  attributes,  where  the group membership is dynamically defined by a previous module.  It also
       lets you do things like key off of attributes in the reply, and express policies like like "when  I  send
       replies containing attribute FOO with value BAR, do more checks, and maybe send additional attributes".

CONFIGURATION

       modules {
         ... stuff here ...
         files {
           usersfile = %{confdir}/users
           acctusersfile = %{confdir}/acct_users
           preproxy_usersfile = %{confdir}/preproxy_users
           compat = no
           key = %{%{Stripped-User-Name}:-%{User-Name}}
         }
         ... stuff here ...
       }

SECTIONS

       authorization, accounting, pre_proxy

FILES

       /etc/freeradius/3.0/radiusd.conf,        /etc/freeradius/3.0/users,       /etc/freeradius/3.0/acct_users,
       /etc/freeradius/3.0/preproxy_users

SEE ALSO

       radiusd(8), radiusd.conf(5), users(5)

AUTHORS

       Chris Parker, cparker@segv.org

                                                 5 February 2004                                    rlm_files(5)