ClearBox Server treats a realm as a context in which all RADIUS
requests are handled, or in other words as a set of rules of how to
process incoming requests for authentication and accounting.
Different requests from different clients may be processed in different ways. When
a request is received from a RADIUS client, ClearBox Server looks
through the list of configured realms to pick up one matching a
request according to the realm-defined rules.
The rules can be defined as:
- 'If this request is from this client, then use this
- 'If a user name found in a request consists of a name itself
separated from a domain name by the at sign (@), the slash (/) or
any other character';
- 'If some attributes set is present, not present in the request,
or it's equal or not equal to a specific value'.
When none of this conditions is satisfied, the server looks at
the client's default realm. If it's not
set, then the server looks through the list of realms to find the
first one marked as default realm. If none is default, then
a request is rejected by the server. That's why it's desirable to
design realms so that there's always a realm matching a request.
Note that if several realms match the request, then the first of
them is selected, so their order in the list of realms is
Besides these static rules, ClearBox may issue a SQL command to
select a proper realm (so called 'Dynamic realm rules').
After the server founds the realm by a request, it uses realm
configuration to determine what to do with the request.
The realm specifies all aspects of a request packet processing:
how to authenticate a user, what rules should a request match to be
accepted, how to log accounting data from the request, etc.
Start with defining realm selection rules at the 'Common'
tab. Select one of them and click 'Apply Changes' when
See how to configure a realm.
Next, define how users are authenticated on the appropriate
'Authentication' tab, then click 'Apply Changes'.
Fill in the necessary data on the 'Authorization' tab sheet
if you need to have packets rejected on some condition or to
include some attributes in the accept response message.
'Accounting' dialog allows you to select how the server will
store accounting records that it received from RADIUS clients.
How to create a new realm:
1. Right-click the 'Realms' node in the left tree and select
'Add New Realm':
2. Type the new realm name instead of <new id> text:
3. Click 'Apply changes'.
© 2001-2007 XPerience Technologies. www.xperiencetech.com