Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Open the mods-enabled/realm file in the FreeRADIUS home directory for editing.
  2. Find the "realm suffix {" configuration directive, and fill out the fields as appropriate:

    Code Block
    linenumberstrue
    realm suffix {
      format = suffix
      delimiter = "@"
      trust_router = "[Hostname of the Trust Router]"
      rp_realm = "[RP Realm]"
      default_community = "[Default Community of Interest]"
    }
    Tip
    titleExample

    Camford University has a Moonshot IdP registered in the Trust Router portal with a realm of moonshot-idp.camford.ac.uk, so its realm file would look like this:

    Code Block
    linenumberstrue
    realm suffix {
      format = suffix
      delimiter = "@"
      trust_router = "tr.moonshot.ja.net"
      rp_realm = "moonshot-idp.camford.ac.uk"
      default_community = "ov-apc.moonshot.ja.net"
    }

To be able to use the Trust Router support in FreeRADIUS, you must provision the FreeRADIUS user with a credential for the APC (a Moonshot credential).

To troubleshoot error output from FreeRADIUS, run it in debug mode and then continue look at Troubleshooting the Temporary ID Client:

Code Block
languagebash
titleOn RHEL/CentOS/Scientific Linux
linenumberstrue
$ /usr/sbin/radiusd -fxx -l stdout
Code Block
languagebash
titleOn Debian/Ubuntu
linenumberstrue
$ /usr/sbin/freeradius -fxx -l stdout

Server (TIDS)

TIDS is used to accept incoming Trust Router connections and only runs on Trust Router clients acting as Identity Providers. TIDS can be run either as a daemon process by configuring the daemon configuration files, or as a foreground process that delivers its output to the standard console. 

 

 

Warning

This page is still being written. Check back soon...