Chapter 10: Managing the RADIUS Servers
References
232
Framed-MTU = 1500,
Filter-Id = Developers,
Filter-Id = Dialin
#
# By default, use SafeWord for authentication and
SafeWord will assign users to one of the Group Records
defined above. (SafeWord should also generally be set up
to assign any static IP addresses.)
#
DEFAULT Password = "SAFEWORD"
Sample authfile
The example below shows a sample
authfile
configured to demand RADIUS
authentication for the DEFAULT domain through a server which is known as
“last.samplecompany.com.”.
#
This file contains a list of separate “realms” that use the
RADIUS protocol to authenticate users requesting access,
together with the DNS name or IP address of a RADIUS server
to which RADIUS requests should be forwarded for that
domain. This allows several RADIUS servers to share the
burden of authenticating a large population of users, with
each RADIUS server handling a separate, named group or
“domain” of authorized users.
#
The first field of each line is a realm name. All realm
names must be unique within a separate IP network, and all
must be referenced with the exact same name in all authfiles
of all cooperating RADIUS servers.
#
The second field identifies the type of authentication
required by the associated realm. For this version of the
SafeWord RADIUS server, the only authentication allowed is
“RADIUS”.
#
The third field contains the DNS name or IP address of the
RADIUS server that is equipped to provide further
authentication services for this domain. In a chain of
forwarding RADIUS servers, it points at the next RADIUS
server in the chain. For the last server in the chain, this
field will contain the DNS name or IP address of the host
containing this file. (The last server in the chain will use
this field to point to itself.) Each of the DNS names or IP
addresses referenced in this file must match an entry in the