3.119.9. DefaultRealm Previous topic Parent topic Child topic Next topic

This optional parameter can be used to specify a default realm to use for received TACACS requests that have a user name that does not include a realm. If the incoming user name does not have a realm (i.e. there is no @something following the user name) and if DefaultRealm is specified, the User-Name in the resulting RADIUS request will have @defaultrealm appended to it. The realm can then be used to trigger a specific <Realm> or <Handler> clause. This is useful if you operate a number of TACACS clients for different customer groups and where some or all of your customers log in without specifying a realm.
Tip
You can override this on a per-client basis by setting DefaultRealm in the Client clause.
# Realmless logins to this NAS will be treated
# as if they are for realm open.com.au
<ServerTACACSPLUS>
      Key ....
      DefaultRealm open.com.au
</ServerTACACSPLUS>
<Realm open.com.au>
      .....
</Realm>