User's Guide
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Debug Logs
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
Wireless Authentication
Authentication Protocols
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Technical Support
Purchasing Licenses

ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
ClearBox Enterprise Server™ 2.0. User's Guide

Realm Rules Settings

This dialog lets you define a realm rule which determines when the realm is selected to process a newly received authentication or accounting request from a client. Besides, realm rules allow to specify possible user name transformations.

Realm ID. This is an arbitrary name given to the realm at its creation and uniquely identifying it. No two realms may have equal IDs.

Default realm. Check this option to mark a realm as default, i.e. one selected for a request handling when no other matching realms were found. Note, that only one one realm can be marked as 'default'.

None. Select this option to turn off realm matching rules. This realm can be chosen for packet handling only if it's marked as default or it's selected as default in client settings.

Available realm rules

Expand By user name. Select this option if a realm should handle requests with user name in form <user name><some delimiter><user domain name> or <user domain name><some delimiter><user name>, where the most common delimiter is the at sign '@'.

Expand By fully qualified user name. This option is an advanced version of the previous rule type. Select it when a user name may come in one of the listed forms with arbitrary domain or list of domains. This rule is particularly useful when a realm should be selected during inner PEAP authentication phase.

Expand By client IP address. Choose this option to make the realm be selected according to a request source IP address. (Note that NAS address may differ from client address: original request issued by a NAS may be forwarded to the server by RADIUS proxy. In this case that proxy is the RADIUS client.) You may add several clients to the list of realm clients.

Expand By RADIUS attributes. Choose this option when a realm should be selected by one or several attributes from a request packets. ClearBox Server may a realm if an attribute is present in the request; not present; its value is equal or not equal to some value.

Rewrite User Name. Click the button to bring up the dialog window where you can specify the user name selection rule. It allows choosing one of the three options:

- 'Use 'User-Name' attribute': ClearBox performs usual user names handling.
- 'Take the user name from': this option allows to specify what attribute should be treated as a user name. For example, if Calling-Station-ID attribute is selected, then its value will substitute the user name. Besides, you may check Return this name in Access-Accept to make this new user name be sent in pending accounting requests.
- 'Rewrite user name according to this rule': ClearBox uses regular expression to transform the user name. Use {} braces to specify the actual text in the input that matches the expression inside the braces and should be placed as the user name. Regular expression syntax is explained here. If the actual name doesn't match the pattern set, it's not rewritten at all.

For example, when the rewriting rule is {[a-zA-z]*}([0-9]*){[a-zA-z]*}, and UserName=test45645login, the server translates it to testlogin. The first pair of {} brackets puts 'test' into the resulting name, digits are skipped, the second group of letters indicated by {} is added to the name. The result is testlogin. Click Test... to test your regular expressions.

- Use the second rule to define additional $x constant from a user name. Simple rewriting with a regular expression rule may be not enough when two separate parts of a user name should be used somewhere. This option allows to extract some part from a user name, add a prefix and/or a suffix to the result and assign to the $x key. This key then may be used along with other keys. $x is empty (no suffix and prefix are added) if the second rule was not matched and Use the suffix and the prefix only when input matches the rule option is set.

Say, a user specifies his login name in the following manner: 8635678761@john, where 8635678761 is a phone number to make a callback call to, and john is the name itself. You may rewrite the name to john to authenticate him, but callback number may be useful, too. Using the second rule, you may extract the number: {\d+}@\a+, and assign it to $x. It may be used later in a SQL command, for instance.

Click 'Apply Changes' to save your changes.

© 2001-2007 XPerience Technologies.
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)