'Re: How best to map users to domain name for login'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: How best to map users to domain name for login
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2017-08-24 17:21:09
Message-ID: 57AF6029-2CC1-4F2D-BD98-AEB03400D4F7 () deployingradius ! com
[Download RAW message or body]

On Aug 24, 2017, at 12:53 PM, yani@ecoco.co.uk wrote:
> Thank you for the quick reply,  I'm just a newbie with Freeradius,
> trying to understand its modus operandi :)
> I have come to the conclusion that I will need to modify the schema and
> change the way in which the db is queried after seeing the output below
> for a test user in the test domain domaina.com .

  Hmm... do you already have a user database?

  Yes or no?

  If yes, just point FR to the DB.

  If no, you can create a custom schema that meets your needs.  Then, make FreeRADIUS \
use that schema.

> I suppose it's really only adding a realm field to the
> radius.radcheckdb  and using that in the  subsequent queries. something
> like :

  If you're going to use a custom schema, then use a custom schema.  Don't mangle the \
existing schema.

> if this is what you mean by mangling the data then I'm still missing
> something - ie how to best relate users to realms/domains.

  The answer depends on what your needs are.  As I'm trying to explain, FreeRADIUS \
can do almost anything.  It's easier to create a schema that makes life easy for you, \
and then make FreeRADIUS query that schema.

  So the question of "how to best relate users to realms/domains" is a question for \
YOU.  What are YOUR NEEDS for tracking users?

  Create a system that meets your needs.  It's really the simple.

  But from the current conversation, I suspect you don't know what you want.  Which \
means it's *impossible* to configure the server to do what you want.

  If your only requirement is that each "user@domain" is unique, then just treat the \
whole string as a unique string.  Don't configure realms.  Don't configure domains.  \
Just put "user@domain" into the SQL configuration, and treat *that* as the User-Name.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic