...
- Open the
mods-enabled/realm
file in the FreeRADIUS home directory for editing. Find the "
realm suffix {
" configuration directive, and fill out the fields as appropriate:Code Block linenumbers true realm suffix { format = suffix delimiter = "@" trust_router = "[Hostname of the Trust Router]" rp_realm = "[RP Realm]" default_community = "[Default Community of Interest]" }
Tip title Example Camford University has a Moonshot IdP registered in the Trust Router portal with a realm of moonshot-idp.camford.ac.uk, so its realm file would look like this:
Code Block linenumbers true realm suffix { format = suffix delimiter = "@" trust_router = "tr.moonshot.ja.net" rp_realm = "moonshot-idp.camford.ac.uk" default_community = "ov-apc.moonshot.ja.net" }
To be able to use the Trust Router support in FreeRADIUS, you must provision the FreeRADIUS user with a credential for the APC (a Moonshot credential).
To troubleshoot error output from FreeRADIUS, run it in debug mode and then continue look at Troubleshooting the Temporary ID Client:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
$ /usr/sbin/radiusd -fxx -l stdout |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
$ /usr/sbin/freeradius -fxx -l stdout |
Server (TIDS)
TIDS is used to accept incoming Trust Router connections and only runs on Trust Router clients acting as Identity Providers. TIDS can be run either as a daemon process by configuring the daemon configuration files, or as a foreground process that delivers its output to the standard console.
Warning |
---|
This page is still being written. Check back soon... |