Configuring a Directed Realm
Table 31 traces the process of configuring a directed authentication or accounting realm for SBR Carrier. Directed realms are configurable only through the configuration files and not through the GUI. Table 31 also lists the sections that you must edit in SBR Carrier configuration files to accomplish each step. You must perform each step in the process unless it is labeled as optional.
Table 31: Configuring a Directed Realm
Directed Realm Configuration Task
File and Section
Complete the steps outlined in Stage One of Realm Configuration.
Register the RealmName with SBR Carrier. Optionally, you can use wildcards to specify matching rules for realms, and you can specify the default realm for undecorated User-Name attributes.
Realm2 = *.msn.com
Realm3 = <undecorated>
Create a realm configuration file.
Add the customer's user data to your database, which might be an external database (SQL, LDAP) or the SBR Carrier database.
For information about how to add a limited number of users, see Administering Users.
Configure the authentication method in SBR Carrier.
Register the authentication method with the realm.
Enable directed authentication in the realm.
(Optional) Specify the name of the server certificate that must be used for EAP requests received from the directed realm.
(Optional) Indicate that any realm names and delimiters are to be stripped from the User-Name before authentication is performed.
Understand the data that the customer uses (or plans to use) to store accounting and billing records. This indicates the accounting methods to use.
Configure the accounting method(s) in SBR Carrier.
For more information, refer to the proxy.ini file in the SBR Carrier Reference Guide.
You can set up unique accounting log files by copying account.ini from the server directory to another directory, renaming it (if desired, but keep the .ini extension), and editing it to record accounting attributes by each customer. Use account.ini file syntax.
For more information, refer to the account.ini file in SBR Carrier Reference Guide.
You can log to external SQL databases by copying an .acc file from the server directory to another directory, renaming it (if desired, but keep the .acc extension), and editing it to record accounting attributes by each customer. Use .acc file syntax.
Name each accounting method.
Register the accounting method with the realm.
Enable directed accounting in the realm.
(Optional) Indicate that any realm names and delimiters are to be stripped from the User-Name before accounting is performed.
(Optional) Indicate that accounting attributes should be logged locally on the SBR Carrier server as well as being directed to the realm.
(Optional) Provide DNIS information for this realm.
Load your new configuration.
If you have added or changed any directed accounting methods, you must stop and restart the server.
If you added or changed directed authentication methods in which external database (SQL or LDAP) authentication is used, you must stop and restart the server.
If you have added or changed directed authentication methods in which local or pass-through (Local, UNIX, Domain, Host) authentication is used, it is possible to load your new realm configuration dynamically, without stopping and restarting the server.
Issue the SIGHUP (1) signal to the SBR Carrier process:
SBR Carrier re-reads proxy.ini and all .dir files in the server directory, and resets its realm configuration accordingly.
Note: Rarely, you must edit radius.ini while configuring a realm. If you do edit radius.ini, you must stop and restart the Radius Carrier before your new configuration is fully loaded.