1 files changed, 11 insertions, 8 deletions

diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example
index 62d5836..6e1c055 100644
--- a/radsecproxy.conf-example
+++ b/radsecproxy.conf-example
@@ -33,6 +33,13 @@ TLSCertificateKeyPassword	follow the white rabbit
 #also the lines above may be in any order, except that a realm
 #can only be configured to use a server that is previously configured.
 
+#Also note that case insensitive regexp is used for realms, matching
+#the entire username string. The matching is done in the order the
+#realms are specified, using the first match found. Some examples are
+#"@example\.com$", "\.com$", ".*" and "[a-z].*@example\.com$".
+#To treat local users separately you might try first specifying "@"
+#and after that ".*".
+
 client 2001:db8::1 {
 	type	tls
 	secret	verysecret
@@ -50,7 +57,7 @@ server 127.0.0.1 {
 	type	UDP
 	secret	secret
 }
-realm	eduroam.cc {
+realm	@eduroam\.cc$ {
 	server	127.0.0.1
 }
 
@@ -64,16 +71,12 @@ server radius.example.com {
 	secret	verysecret
 }
 
-realm example.com {
+realm @example\.com$ {
 	server 2001:db8::1
 }
-realm com {
+realm \.com$ {
 	server 2001:db8::1
 }
-# Matching of realms is done in the order specified.
-# Except * which is a catch all that is used as a last resort
-# The matching is going to be changed to be regexp of the
-# entire username value
-realm * {
+realm .* {
 	server radius.example.com
 }