Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring a Directed Realm

 

Table 31 traces the process of configuring a directed authentication or accounting realm for SBR Carrier. Directed realms are configurable only through the configuration files and not through the GUI. Table 31 also lists the sections that you must edit in SBR Carrier configuration files to accomplish each step. You must perform each step in the process unless it is labeled as optional.

Table 31: Configuring a Directed Realm

Step

Directed Realm Configuration Task

File and Section

1

Complete the steps outlined in Stage One of Realm Configuration.

2

Register the RealmName with SBR Carrier. Optionally, you can use wildcards to specify matching rules for realms, and you can specify the default realm for undecorated User-Name attributes.

proxy.ini

[Directed]

Realm1

Realm2 = *.msn.com

Realm3 = <undecorated>

3

Create a realm configuration file.

RealmName.dir

4

Add the customer's user data to your database, which might be an external database (SQL, LDAP) or the SBR Carrier database.

For information about how to add a limited number of users, see Administering Users.

For information about adding users in batches, see Importing and Exporting Data. See also Using the LDAP Configuration Interface.

5

Configure the authentication method in SBR Carrier.

See Setting Up EAP Methods. See also Configuring SQL Authentication and Configuring LDAP Authentication.

6

Register the authentication method with the realm.

RealmName.dir [AuthMethods]

7

Enable directed authentication in the realm.

[Auth]

Enable=1

8

(Optional) Specify the name of the server certificate that must be used for EAP requests received from the directed realm.

ServerCertificate=

9

(Optional) Indicate that any realm names and delimiters are to be stripped from the User-Name before authentication is performed.

  • A value of 0 indicates realm names should not be stripped.

  • A value of 1 indicates realm names should be stripped.

StripRealm=

10

Understand the data that the customer uses (or plans to use) to store accounting and billing records. This indicates the accounting methods to use.

11

Configure the accounting method(s) in SBR Carrier.

For more information, refer to the proxy.ini file in the SBR Carrier Reference Guide.

 

11a

You can set up unique accounting log files by copying account.ini from the server directory to another directory, renaming it (if desired, but keep the .ini extension), and editing it to record accounting attributes by each customer. Use account.ini file syntax.

For more information, refer to the account.ini file in SBR Carrier Reference Guide.

.ini files

11b

You can log to external SQL databases by copying an .acc file from the server directory to another directory, renaming it (if desired, but keep the .acc extension), and editing it to record accounting attributes by each customer. Use .acc file syntax.

See SQL Accounting Overview.

.acc files

12

Name each accounting method.

proxy.ini [DirectedAcct

Methods]

13

Register the accounting method with the realm.

RealmName.dir [AcctMethods]

14

Enable directed accounting in the realm.

[Acct]

Enable=1

15

(Optional) Indicate that any realm names and delimiters are to be stripped from the User-Name before accounting is performed.

  • A value of 0 indicates realm names should not be stripped.

  • A value of 1 indicates realm names should be stripped.

StripRealm=

16

(Optional) Indicate that accounting attributes should be logged locally on the SBR Carrier server as well as being directed to the realm.

  • A value of 0 indicates accounting attributes should not be logged locally.

  • A value of 1 indicates accounting attributes should be logged locally.

RecordLocally=

17

(Optional) Provide DNIS information for this realm.

[Called-Station-ID]

18

Load your new configuration.

If you have added or changed any directed accounting methods, you must stop and restart the server.

If you added or changed directed authentication methods in which external database (SQL or LDAP) authentication is used, you must stop and restart the server.

 

19

If you have added or changed directed authentication methods in which local or pass-through (Local, UNIX, Domain, Host) authentication is used, it is possible to load your new realm configuration dynamically, without stopping and restarting the server.

Issue the SIGHUP (1) signal to the SBR Carrier process:

#./sbrd hup

SBR Carrier re-reads proxy.ini and all .dir files in the server directory, and resets its realm configuration accordingly.

Note: Rarely, you must edit radius.ini while configuring a realm. If you do edit radius.ini, you must stop and restart the Radius Carrier before your new configuration is fully loaded.