Steel-Belted Radius Carrier 7.2.x Administration and Configuration Guide > Configuring Realm Support > Setting Up Proxy RADIUS Realms

Setting Up Proxy RADIUS Realms

For each proxy RADIUS realm that you want to configure in Steel-Belted Radius Carrier, you must create a file called RealmName.pro, where RealmName is the name of the realm, and you must add this RealmName to the [Realms] section of the proxy.ini file.

If you create or edit a RealmName.pro file, you can apply your configuration changes dynamically, without stopping the server:

• Issue the HUP signal to the Steel-Belted Radius Carrier process:

kill -HUP ProcessID

After you do this, Steel-Belted Radius Carrier re-reads proxy.ini, filter.ini, and all .pro and .dir files in the server directory, and resets its realm configuration accordingly.

NOTE: Rarely, you must edit radius.ini while configuring a realm. If you do edit radius.ini, you must stop and restart Steel-Belted Radius Carrier before your new configuration is fully loaded.

Refer to the Steel-Belted Radius Carrier 7.2 Reference Guide for field information for a *.pro file.

Configuration Tasks

To set up a Realmname.pro file:

1. Specify proxy RADIUS target selection rules.

Each [name] section of a RealmName.pro file specifies a set of rules that Steel-Belted Radius Carrier can use to select a target for proxy-forwarding within the proxy RADIUS realm. Each [name] section consists of a list of target servers. For any particular request, if the first listed server fails to respond (or is presumed down), then the other servers are tried in the order listed. A [name] section is activated by referencing it from the [Auth] or [Acct] sections.

2. Optionally, configure round-robin load balancing.

If you have multiple target servers in a realm, you can select whether to use them in round-robin fashion (load balancing), primary/backup fashion, or a combination of both. The value of the RoundRobin entry in the [Auth] or [Acct] section indicates the number of targets that are to be used in round-robin fashion.

Refer to the Steel-Belted Radius Carrier 7.2 Reference Guide for information on configuring round-robin options.

3. Configure proxy RADIUS fast-fail options.

You can use the [FastFail] section of a realm configuration file to fine-tune retry policies for individual realms, and for specific targets within a realm. If you provide a [FastFail] section, the ProxyFastFail parameter in the radius.ini [Configuration] section is ignored.

4. Specify username decoration options.

You can use the [ModifyUser] section of a realm configuration file to decorate a realm, where the realm is determined by other means, such as DNIS or attribute mapping. For example, if george@gm and george@ford. are both in the RADIUS database, either user could log in as george, as Steel-Belted Radius Carrier would determine the realm, for example, by DNIS. Based on the realm, Steel-Belted Radius Carrier would append either @gm or @ford to the username, and then use the Local User directed method to authenticate.