Contents

User's Guide
Overview
What It Is
What's New
Key Features List
ClearBox Enterprise vs ClearBox
System Requirements
Purchasing Licenses
Getting Started
Quick Start
Understanding Server Components
Managing User Accounts
Configuring RADIUS Realms
Realm Settings
Realm Rules
Dynamic Realm Rules
Authentication
Authentication Protocols Compatibility
Logging Authentication Packets
Logging Discarded Requests
Authorization
Accounting
Account Log Files
Realm Settings
Configuring SQL Queries
Private RADIUS Attributes
Regular Expressions Syntax
RADIUS Clients
RADIUS Client Settings
Dynamic Clients Settings
SQL Data Sources
SQL Data Source Settings
LDAP Servers
LDAP Server Settings
Remote RADIUS Servers
Remote RADIUS Server Settings
State Servers
State Server Settings
Meta Configuration
Meta Configuration
Meta Configuration Settings
Meta Base Schema
TLS Settings
Creating SSL Certificates
Creating Server Sertificate
Requesting Server Certificate
Creating Client Certificates
Revoking a Certificate or Renewing CRL
Exporting CA Certificate
Issuing a Certificate in Active Directory CA
Remote Configuration
Advanced ISP Billing Integration
DTH Billing Integration
Platypus Billing System Intergration
OnDO SIP Server Integration
How Do I...
Wi-Fi Security
Wireless Authentication
Wi-Fi and RADIUS
Supported EAP Authentication Types
Security Considerations
10 Tips for Wireless Network Security
Administering the Server
Logging
Debug Logs
Troubleshooting
Using Client Tool
List of Server Errors
Maintaining RADIUS Dictionary
Basic Concepts
AAA
Authentication
Wireless Authentication
Authentication Protocols
Authorization
Accounting
RADIUS
RADIUS
Realms
RADIUS Proxy
RADIUS Attributes
Example of RADIUS Packet Transactions
List of Standard RADIUS Attributes
Glossary
Technical Support
Purchasing Licenses
Contacts

 
Home
ClearBox Enterprise Server 2.0 Online Manual
Prev Page Next Page
 
 
ClearBox Enterprise Serverâ„¢ 2.0. User's Guide

RADIUS Realms

ClearBox Server treats a realm as a context in which all RADIUS requests are handled, or in other words as a set of rules of how to process incoming requests for authentication and accounting. Different requests from different clients may be processed in different ways. When a request is received from a RADIUS client, ClearBox Server looks through the list of configured realms to pick up one matching a request according to the realm-defined rules.

The rules can be defined as:

  • 'If this request is from this client, then use this realm';
  • 'If a user name found in a request consists of a name itself separated from a domain name by the at sign (@), the slash (/) or any other character';
  • 'If some attributes set is present, not present in the request, or it's equal or not equal to a specific value'.

When none of this conditions is satisfied, the server looks at the client's default realm. If it's not set, then the server looks through the list of realms to find the first one marked as default realm. If none is default, then a request is rejected by the server. That's why it's desirable to design realms so that there's always a realm matching a request. Note that if several realms match the request, then the first of them is selected, so their order in the list of realms is significant.

Besides these static rules, ClearBox may issue a SQL command to select a proper realm (so called 'Dynamic realm rules').

After the server founds the realm by a request, it uses realm configuration to determine what to do with the request.

The realm specifies all aspects of a request packet processing: how to authenticate a user, what rules should a request match to be accepted, how to log accounting data from the request, etc.

Start with defining realm selection rules at the 'Common' tab. Select one of them and click 'Apply Changes' when ready.

See how to configure a realm.

Next, define how users are authenticated on the appropriate 'Authentication' tab, then click 'Apply Changes'. Fill in the necessary data on the 'Authorization' tab sheet if you need to have packets rejected on some condition or to include some attributes in the accept response message. 'Accounting' dialog allows you to select how the server will store accounting records that it received from RADIUS clients.

How to create a new realm:

1. Right-click the 'Realms' node in the left tree and select 'Add New Realm':

2. Type the new realm name instead of <new id> text:

3. Click 'Apply changes'.


© 2001-2007 XPerience Technologies. www.xperiencetech.com
Converted from CHM to HTML with chm2web Pro 2.7 (unicode)