glossary/Authorization

Quick Links

• Wiki Home
• Concepts for beginners
• Basic Configuration
• Pre-built packages
• Building from source code
• Troubleshooting
• Contributing with GitHub
• Browse the Source
• Main web site

Always use radiusd -X when debugging!

Authorization refers to the granting of specific types of service (including "no service") to a user, based on their authentication, what services they are requesting, and the current system state. Authorization may be based on restrictions, for example time-of-day restrictions, or physical location restrictions, or restrictions against multiple logins by the same user. Authorization determines the nature of the service which is granted to a user. Examples of types of service include, but are not limited to:

• IP address filtering;
• address assignment;
• route assignment;
• QoS/differential services;
• bandwidth control/traffic management;
• compulsory tunneling to a specific endpoint;
• encryption.

Authorization methods

FreeRADIUS supports many authorization methods, including:

• Unlang configuration
• Local files (cf. users)
• rlm_dbm
• LDAP Database
  • Any LDAPv3 compliant directory
  • Novell eDirectory
  • OpenLDAP
  • Sun One Directory Server
• A locally executed program (like a CGI program)
• rlm_perl
• rlm_python
• rlm_sql
  • rlm_sql_oracle
  • rlm_sql_mysql
  • rlm_sql_postgresql
  • rlm_sql_sybase
  • rlm_sql_db2
  • Any rlm_sql_iodbc or rlm_sql_unixodbc supported database

See also

• Supported Attributes
• RFC 2865
• AAA
• AAAA