summaryrefslogtreecommitdiffstats
path: root/man/man5/rlm_files.5
blob: 52f4734ae3e5bd459a91f2b5c89dcc45e0a3e9e5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
.\"     # DS - begin display
.de DS
.RS
.nf
.sp
..
.\"     # DE - end display
.de DE
.fi
.RE
.sp
..
.TH rlm_files 5 "5 February 2004" "" "FreeRADIUS Module"
.SH NAME
rlm_files \- FreeRADIUS Module
.SH DESCRIPTION
The \fIrlm_files\fP module uses the 'users' file for accessing
authorization information for users.  Additionally, it supports
a 'users' file syntax to be applied to the accounting and pre-proxy
sections.
.PP
The main configuration items to be aware of are:
.IP usersfile
The filename of the 'users' file, which is parsed during the
authorization stage of this module.
.IP acctusersfile
The filename of the 'users' file, which is parsed during the
accounting stage of this module.
.IP preproxy_usersfile
The filename of the 'users' file, which is parsed during the
pre_proxy stage of this module.
.IP compat
This option allows FreeRADIUS to parse an old style Cistron syntax.
The default is 'no'.  If you need to parse an old style Cistron
file, set this option to 'cistron'.
.IP key
This option lets you set the attribute to use as a key to find
entries.  The default is "%{%{Stripped-User-Name}:-%{User-Name}}".  Note
that the key MUST supply real data.  Dynamic attributes like "Group"
will not work, because the "Group" attribute can only be used as a
comparison, to see if a user is in a Unix group.  It will not return
the name of the Unix group that a user is in.
.PP
If you want to use groups as a key, see the \fIrlm_passwd\fP, which
will create a real attribute that contains the group name.
.PP
This configuration entry enables you to have configurations that
perform per-group checks, and return per-group attributes, where the
group membership is dynamically defined by a previous module.  It also
lets you do things like key off of attributes in the reply, and
express policies like "when I send replies containing attribute
FOO with value BAR, do more checks, and maybe send additional
attributes".
.SH CONFIGURATION
.PP
.DS
modules {
  ... stuff here ...
.br
  files {
.br
    usersfile = %{confdir}/users
.br
    acctusersfile = %{confdir}/acct_users
.br
    preproxy_usersfile = %{confdir}/preproxy_users
.br
    compat = no
.br
    key = %{%{Stripped-User-Name}:-%{User-Name}}
.br
  }
.br
  ... stuff here ...
.br
}
.DE
.PP
.SH SECTIONS
.BR authorization,
.BR accounting,
.BR pre_proxy
.PP
.SH FILES
.I /etc/raddb/radiusd.conf,
.I /etc/raddb/users,
.I /etc/raddb/acct_users,
.I /etc/raddb/preproxy_users
.PP
.SH "SEE ALSO"
.BR radiusd (8),
.BR radiusd.conf (5),
.BR users (5)
.SH AUTHORS
Chris Parker, cparker@segv.org