Page History

...

1. Open the mods-enabled/realm file in the FreeRADIUS home directory for editing.

2. Find the "realm suffix {" configuration directive, and fill out the fields as appropriate:

   Code Block
   linenumbers true
   realm suffix { format = suffix delimiter = "@" trust_router = "[Hostname of the Trust Router]" rp_realm = "[RP Realm]" default_community = "[Default Community of Interest]" }

   Tip
   title Example
   Camford University has a Moonshot IdP registered in the Trust Router portal with a realm of moonshot-idp.camford.ac.uk, so its realm file would look like this: Code Block linenumbers true realm suffix { format = suffix delimiter = "@" trust_router = "tr.moonshot.ja.net" rp_realm = "moonshot-idp.camford.ac.uk" default_community = "ov-apc.moonshot.ja.net" }

To be able to use the Trust Router support in FreeRADIUS, you must provision the FreeRADIUS user with a credential for the APC (a Moonshot credential).

To troubleshoot error output from FreeRADIUS, run it in debug mode and then continue look at Troubleshooting the Temporary ID Client:

$ /usr/sbin/radiusd -fxx -l stdout

$ /usr/sbin/freeradius -fxx -l stdout

Server (TIDS)

TIDS is used to accept incoming Trust Router connections and only runs on Trust Router clients acting as Identity Providers. TIDS can be run either as a daemon process by configuring the daemon configuration files, or as a foreground process that delivers its output to the standard console.