Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation  Back up to About Overview 
  
[+] Expand All
[-] Collapse All

Configuring a Directed Realm

Table 30 traces the process of configuring a directed authentication or accounting realm for SBR Carrier. Directed realms are configurable only through the configuration files and not through the GUI. Table 30 also lists the sections that you must edit in SBR Carrier configuration files to accomplish each step. You must perform each step in the process unless it is labeled as optional.

Table 30: Configuring a Directed Realm

Step

Directed Realm Configuration Task

File and Section

1

Complete the steps outlined in Stage One of Realm Configuration.

2

Register the RealmName with SBR Carrier. Optionally, you can use wildcards to specify matching rules for realms, and you can specify the default realm for undecorated User-Name attributes.

proxy.ini

[Directed]

Realm1

Realm2 = *.msn.com

Realm3 = <undecorated>

3

Create a realm configuration file.

RealmName.dir

4

Add the customer's user data to your database, which might be an external database (SQL, LDAP) or the SBR Carrier database.

For information about how to add a limited number of users, see Administering Users.

For information about adding users in batches, see Importing and Exporting Data. See also Using the LDAP Configuration Interface.

5

Configure the authentication method in SBR Carrier.

See Setting Up EAP Methods. See also Configuring SQL Authentication and Configuring LDAP Authentication.

6

Register the authentication method with the realm.

RealmName.dir [AuthMethods]

7

Enable directed authentication in the realm.

[Auth]

Enable=1

8

(Optional) Indicate that any realm names and delimiters are to be stripped from the User-Name before authentication is performed.

  • A value of 0 indicates realm names should not be stripped.
  • A value of 1 indicates realm names should be stripped.

StripRealm=

9

Understand the data that the customer uses (or plans to use) to store accounting and billing records. This indicates the accounting methods to use.

10

Configure the accounting method(s) in SBR Carrier.

For more information, refer to the proxy.ini file in the SBR Carrier Reference Guide.

 

10a

You can set up unique accounting log files by copying account.ini from the server directory to another directory, renaming it (if desired, but keep the .ini extension), and editing it to record accounting attributes by each customer. Use account.ini file syntax.

For more information, refer to the account.ini file in SBR Carrier Reference Guide.

.ini files

10b

You can log to external SQL databases by copying an .acc file from the server directory to another directory, renaming it (if desired, but keep the .acc extension), and editing it to record accounting attributes by each customer. Use .acc file syntax.

See SQL Accounting Overview.

.acc files

11

Name each accounting method.

proxy.ini [DirectedAcct
Methods]

12

Register the accounting method with the realm.

RealmName.dir [AcctMethods]

13

Enable directed accounting in the realm.

[Acct]

Enable=1

14

(Optional) Indicate that any realm names and delimiters are to be stripped from the User-Name before accounting is performed.

  • A value of 0 indicates realm names should not be stripped.
  • A value of 1 indicates realm names should be stripped.

StripRealm=

15

(Optional) Indicate that accounting attributes should be logged locally on the SBR Carrier server as well as being directed to the realm.

  • A value of 0 indicates accounting attributes should not be logged locally.
  • A value of 1 indicates accounting attributes should be logged locally.

RecordLocally=

16

(Optional) Provide DNIS information for this realm.

[Called-Station-ID]

17

Load your new configuration.

If you have added or changed any directed accounting methods, you must stop and restart the server.

If you added or changed directed authentication methods in which external database (SQL or LDAP) authentication is used, you must stop and restart the server.

 

18

If you have added or changed directed authentication methods in which local or pass-through (Local, UNIX, Domain, Host) authentication is used, it is possible to load your new realm configuration dynamically, without stopping and restarting the server.

Issue the SIGHUP (1) signal to the SBR Carrier process:

#./sbrd hup

SBR Carrier re-reads proxy.ini and all .dir files in the server directory, and resets its realm configuration accordingly.

Note: Rarely, you must edit radius.ini while configuring a realm. If you do edit radius.ini, you must stop and restart the Radius Carrier before your new configuration is fully loaded.

 

Modified: 2017-03-07