Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Setting Up Directed Realms

 

A directed realm specifies target methods for directed authentication or directed accounting. Its realm configuration file is called RealmName.dir.

The directed authentication feature permits the server to bypass its authentication methods list and map an incoming RADIUS request to one or more specific authentication methods. SBR Carrier chooses the destination method based on routing information found in the request packet. The destination methods might be any authentication methods already configured on the local SBR Carrier server, regardless of how they were configured; for example, a method might have been configured using the Web GUI pages, the LDAP configuration interface, or an .aut configuration file.

If no directed authentication method is configured, every request percolates through the same authentication methods list, as defined in the Authentication Methods page in the Web GUI. Directed realms can also use proxy realms as an authentication method. Directed authentication allows you to tailor an authentication methods list to a customer’s needs.

Directed accounting is also possible. The destination accounting method might be the SBR Carrier accounting log, an external database configured using an .acc file, or a distinct accounting log file that contains entries only for this customer.

To activate these features, you must create RealmName.dir files, place them in the SBR Carrier directory, and list them in the [Directed] section of proxy.ini. Subsequently, any requests that arrive addressed to one of these realm names are processed on the local server using the instructions you have provided in proxy.ini and in the corresponding RealmName.dir file.

After you edit a RealmName.dir file, you must apply your changes as follows. If you have added or changed:

  • Any directed accounting methods at all, you must stop and restart the server to load your new configuration.

  • Directed authentication methods in which external database (SQL or LDAP) authentication is used, you must stop and restart the server to load your new configuration.

  • Directed authentication methods in which local or pass-through (Local, UNIX, Domain, or Host) authentication is used, you can apply your configuration changes dynamically, without stopping the server:

    • Issue the SIGHUP (1) signal to the SBR Carrier process:

    SBR Carrier re-reads proxy.ini, filter.ini, and all .pro and .dir files in the server directory, and resets its realm configuration accordingly.

    Note

    Rarely, you must edit radius.ini while configuring a realm. If you edit radius.ini, you must stop and restart SBR Carrier before your new configuration is fully loaded.