ClearBox Server™ v2.3 General Server Extension User's Guide

RADIUS Realms

ClearBox Server treats a realm as a context in which all RADIUS requests are handled, a set of rules how to process incoming requests for authentication and accounting. Different requests from different clients may be processed in different ways. When a request is received from a RADIUS client, ClearBox Server looks through the list of configured realms and sees if a request matches realm-defined rules.

The rules can be in the following form:

  • If this request is from <...> client, then use this realm.
  • If the user name found in the request consists from a user name separated by a delimiter, such as the at sign (@) or the slash (/), from a domain name.
  • If some attribute is present, not present in the request, or it's equal or not equal to a specific value.

If none of this conditions is satisfied then the server looks at the client's default realm. If it's not set, then the server looks through the list of realms to find one marked as default realm. If no realm is default, then a request is rejected by the server. That's why it's desirable to define realms in such a way that there's always a realm for the request. Note that if several realms match the request the first of them is selected, so their order in the list of realms is significant.

When the server founds the realm of the request it uses realm configuration to determine what to do with the request.

The realm specifies all aspects of a request packet processing: how to authenticate a user, what rules should a request match to be accepted, how to log accounting data from the request, etc.

Start with defining realm selection rules at the 'Common' tab. Select one of them and click 'Apply Changes' when ready.

See how to configure a realm with Configurator Tool.

Next, define how users are authenticated on the appropriate 'Authentication' tab, then click 'Apply Changes'. Fill in the necessary data on the 'Authorization' tab sheet if you need to have packets rejected on some condition or to include some attributes in the accept response message. 'Accounting' dialog allows you to select how the server will store accounting records it received from RADIUS clients.


© 2001-2004 XPerience Technologies. www.xperiencetech.com

Browser Based Help. Published by chm2web software.