Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ##
- ## /netup/utm5/radius5.cfg
- ## UTM5 RADIUS server configuration file
- ##
- ## =============================================================================
- ## MAIN RADIUS SERVER PARAMETERS
- ## =============================================================================
- ## core_host
- ## Description: IP address of a host running the utm5_core
- ## Possible values: an IP address
- ## Required field.
- core_host=127.0.0.1
- ## core_port
- ## Description: UTM5 core listening port. Equal to stream_bind_port parameter
- ## in utm5.cfg.
- ## Possible values: an integer from 1 to 65534
- ## Required field.
- core_port=12758
- ## radius_login
- ## Description: A system user login to access the UTM5 core.
- ## Possible values: <string>
- ## Default value: radius
- ## radius_password
- ## Description: A system user password to access the UTM5 core.
- ## Possible values: <string>
- ## Default value: radius
- ## radius_ssl_type
- ## Description: SSL connection type. If 'none' is set, the connection
- ## is unencrypted.
- ## Possible values: tls1, ssl3, none
- ## Default value: none
- #radius_ssl_type=none
- ## radius_acct_host
- ## Description: IP address of the host receiving Accounting-Requests.
- ## Possible values: interface IP address or 0.0.0.0
- ## Default value: 0.0.0.0
- ## radius_acct_port
- ## Description: Port of the host receiving Accounting-Requests.
- ## Possible values: an integer from 1 to 65534
- ## Default value: 1813
- ## radius_auth_host
- ## Description: IP address of the host receiving Access-Requests.
- ## Possible values: interface IP address or 0.0.0.0
- ## Default value: 0.0.0.0
- ## radius_auth_port
- ## Description: Port of the host receiving Access-Requests.
- ## Possible values: an integer from 1 to 65534
- ## Default value: 1812
- ## radius_auth_mppe
- ## Description: Enables MPPE 128 bit key generation used for authorization
- ## via MS-CHAP-v2 protocol.
- ## Possible values: enable
- ## Default value: the keys are not generated
- ## radius_auth_vap
- ## Description: If the value is set, authorization of blocked users, whose
- ## logins are set in IP traffic service link, is disallowed.
- ## Possible values: 1
- ## Default value: authorization is allowed
- ## radius_ippool_acct_timeout
- ## Description: A time interval during which the IP address is labeled as
- ## occupied after sending Access-Accept.
- ## Possible values: time in seconds
- ## Default value: 30
- ## radius_ippool_timeout
- ## Description: A time interval during which the IP address is labeled as
- ## occupied after receiving Accounting-Start.
- ## Possible values: time in seconds
- ## Default value: The address is labeled as occupied until coming of the
- ## Stop packet
- ## radius_auth_null
- ## Description: If enabled, the RADIUS server authorizes requests without
- ## User-Password(2) attribute, if the user's password, defined in the
- ## service link, is empty.
- ## Possible values: yes, enable
- ## Default value: authorization without a password is not performed
- #radius_auth_null=yes
- ## radius_auth_h323_remote_address
- ## Description: If enabled, then telephone calls authentication is performed
- ## using h323-remote-address(9;23) attribute value, but not using
- ## User-Name(1) attribute. The attribute value is used as a login.
- ## Possible values: enable, on, yes
- ## Default value: replacement of login with h323-remote-address is not
- ## performed
- ## radius_nas_port_vpn
- ## Description: This parameter is checked against NAS-Port-Type(61) attribute
- ## value when connecting using the login specified in the IP traffic service
- ## link. Several values can be set.
- ## Possible values: a positive integer
- ## Default value: Checking against NAS-Port-Type for the IP traffic service
- ## link is not performed
- ## radius_nas_port_dialup
- ## Description: This parameter is checked against NAS-Port-Type(61) attribute
- ## value when connecting using the login specified in the Dial-up service
- ## link. Several values can be set.
- ## Possible values: a positive integer
- ## Default value: checking against NAS-Port-Type for the Dial-up service link
- ## is not performed
- ## radius_nas_port_tel
- ## Description: This parameter is checked against NAS-Port-Type(61) attribute
- ## value when connecting using the login specified in the Telephony service
- ## link. Several values can be set.
- ## Possible values: a positive integer
- ## Default value: checking against NAS-Port-Type for the Telephony service
- ## link is not performed
- ## radius_card_autoadd
- ## Description: If 'yes' is set, the automatic registration of users is
- ## enabled via the RADIUS server using prepaid cards. In this case in the
- ## Login field a user enters the card number and in the Password field - the
- ## PIN code. In case of the Telephony service, in the Login field it is
- ## entered the PIN code or its first part and the remainder is used as a
- ## password.
- ## Possible values: yes, on, enable
- ## Default value: automatic registration is not performed
- radius_card_autoadd=no
- ## send_xpgk_ep_number
- ## Description: If this option is enabled, for the Telephony service, when a
- ## user is being authorized, in Access-Accept it is transmitted the
- ## Cisco-AVPair(9;1) attribute with the value:
- ## xpgk-ep-number=<a semicolon separated list of telephone numbers>.
- ## Possible values: <any>
- ## Default value: telephone numbers are not transmitted in affirmative replies
- ## to authorization requests
- ## send_h323_ivr_in
- ## Description: If this option is enabled, for the Telephony service, when a
- ## user is being authorized, in Access-Accept it is transmitted the
- ## Cisco-AVPair(9;1) attribute with the value: h323-ivr-in=terminal-alias:
- ## <a semicolon separated list of telephone numbers>.
- ## Possible values: <any>
- ## Default value: telephone numbers are not transmitted in affirmative replies
- ## to authorization requests
- ## enable_fast_telephony
- ## Description: This option enables the rapid mechanism for determination of
- ## directions and zones when rating telephone calls. In this case templates
- ## for telephone directions must contain the digits from 0 to 9 and the
- ## symbols: ^ $ + )( |.
- ## Possible values: enable, yes
- ## Default value: the default mechanism for determination of zone/direction
- ## is used
- ## h323_origin_reject
- ## Description: Sets zero cost for Accounting-Requests in which the
- ## h323-call-origin(9;26) attribute equals the value of this parameter.
- ## Possible values: <string>
- ## Default value: unset
- #h323_origin_reject=originate {answer|callback|etc}
- ## interim_update_interval
- ## Description: Enables session control mechanism using Interim-Update
- ## packets. The value is transmitted in the Acct-Interim-Interval(85)
- ## attribute of the Access-Accept packet.
- ## Possible values: time in seconds, more than 61
- ## Default value: the default session closure control mechanism is used
- interim_update_interval=62
- ## radius_default_session_timeout
- ## Description: A value of the Session-Timeout(27) attribute transmitted in
- ## Access-Accept for the IP traffic service link.
- ## Possible values: a positive integer
- ## Default value: 86400
- ## radius_callback_avpair_enable
- ## Description: Enables transmission of the Cisco-AVPair(9;1) attribute with
- ## the value lcp:callback-dialstring=<callback number>, where
- ## <callback number> is the part of the login from the beginning to the
- ## ':'-symbol.
- ## Possible values: <any>
- ## Default value: unset
- ## radius_acct_rewrite_login_answer
- ## Description: If the value of the h323-call-origin(9;26) attribute is
- ## 'originate', then setting this parameter enables replacing of the login
- ## with the value of the h323-remote-address(9;23) attribute when processing
- ## Accounting-Request packets.
- ## Possible values: enable, on, true
- ## Default value: unset
- ## radius_acct_rewrite_login_originate
- ## Description: If the value of the h323-call-origin(9;26) attribute is
- ## 'answer', then setting this parameter enables replacing of the login with
- ## the value of the h323-remote-address(9;23) attribute when processing
- ## Accounting-Request packets.
- ## Possible values: enable, on, true
- ## Default value: unset
- ## =============================================================================
- ## LOGGING (valid if logfile rotation is enabled)
- ## =============================================================================
- log_level=3
- ## Description: Logging level.
- ## Possible values: 0, 1, 2, 3
- ## Default value: 2
- ## log_file_main
- ## Description: Main logfile path.
- ## Possible values: <filename>
- ## Default value: STDERR
- log_file_main=/netup/utm5/log/radius.log
- ## log_file_debug
- ## Description: Debug logfile path.
- ## Possible values: <filename>
- ## Default value: STDERR
- log_file_debug=/netup/utm5/log/radius.log
- ## log_file_critical
- ## Description: Critical logfile path.
- ## Possible values: <filename>
- ## Default value: STDERR
- rotate_logs=enable
- ## Description: Enables rotation of logfiles.
- ## Possible values: yes, on, enable
- ## Default value: rotation is disabled
- max_logfile_size=100000000
- ## Description: Maximum logfile size. When logfile size reaches this limit,
- ## a rotation is performed.
- ## Possible values: a size in bytes
- ## Default value: 2485760
- max_logfile_count=10
- ## Description: Maximum number of logfiles to retain. Valid if logfile rotation
- ## is on.
- ## Default value: not limited
- ##radius_card_autoadd=yes
- radius_auth_mppe=enable
- radius_auth_vap=0
- radius_ippool_timeout=0
- radius_ippool_acct_timeout=0
- blocked_pool_name=minus
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement