daily pastebin goal
44%
SHARE
TWEET

Untitled

a guest Oct 3rd, 2017 67 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #%PAM-1.0
  2. auth       requisite    pam_google_authenticator.so forward_pass
  3. auth       required     pam_sss.so use_first_pass
  4. account    required     pam_nologin.so
  5. account    include      password-auth
  6. session    include      password-auth
  7.    
  8. DEFAULT Auth-Type := PAM
  9.     #DEFAULT Group == "remoteaccess", Auth-Type := Reject
  10.     #        Reply-Message = "You are a member of the Correct remoteaccess Group"
  11.  
  12.     DEFAULT Framed-Protocol == PPP
  13.             Framed-Protocol = PPP,
  14.             Framed-Compression = Van-Jacobson-TCP-IP
  15.     DEFAULT Hint == "CSLIP"
  16.             Framed-Protocol = SLIP,
  17.             Framed-Compression = Van-Jacobson-TCP-IP
  18.    
  19. server default {
  20. listen {
  21.         type = auth
  22.         ipaddr = *
  23.         port = 0
  24.         limit {
  25.               max_connections = 16
  26.               lifetime = 0
  27.               idle_timeout = 300
  28.         }
  29. }
  30. listen {
  31.         ipaddr = *
  32.         port = 0
  33.         type = acct
  34.  
  35.         limit {
  36.                 idle_timeout = 300
  37.         }
  38. }
  39. listen {
  40.         type = auth
  41.         ipv6addr = ::   # any.  ::1 == localhost
  42.         port = 0
  43.         limit {
  44.               max_connections = 16
  45.               lifetime = 0
  46.               idle_timeout = 300
  47.         }
  48. }
  49. listen {
  50.         ipv6addr = ::
  51.         port = 0
  52.         type = acct
  53.         limit {
  54.         }
  55. }
  56. authorize {
  57.         filter_username
  58.         preprocess
  59.         chap
  60.         mschap
  61.         digest
  62.         suffix
  63.         eap {
  64.                 ok = return
  65.         }
  66.         files
  67.         -sql
  68.         -ldap
  69.         expiration
  70.         logintime
  71.         pap
  72. }
  73. authenticate {
  74.         Auth-Type PAP {
  75.                 pap
  76.         }
  77.         Auth-Type CHAP {
  78.                 chap
  79.         }
  80.         Auth-Type MS-CHAP {
  81.                 mschap
  82.         }
  83.         mschap
  84.         digest
  85.         pam
  86.         eap
  87. }
  88. preacct {
  89.         preprocess
  90.         acct_unique
  91.         suffix
  92.         files
  93. }
  94. accounting {
  95.         detail
  96.         unix
  97.         -sql
  98.         exec
  99.         attr_filter.accounting_response
  100. }
  101. session {
  102. }
  103. post-auth {
  104.         update {
  105.                 &reply: += &session-state:
  106.         }
  107.         -sql
  108.         exec
  109.         remove_reply_message_if_eap
  110.         Post-Auth-Type REJECT {
  111.                 -sql
  112.                 attr_filter.access_reject
  113.                 eap
  114.                 remove_reply_message_if_eap
  115.         }
  116.         Post-Auth-Type Challenge {
  117.         }
  118.  
  119. }
  120. pre-proxy {
  121. }
  122. post-proxy {
  123.         eap
  124. }
  125. }
  126.    
  127. prefix = /usr
  128. exec_prefix = /usr
  129. sysconfdir = /etc
  130. localstatedir = /var
  131. sbindir = /usr/sbin
  132. logdir = ${localstatedir}/log/radius
  133. raddbdir = ${sysconfdir}/raddb
  134. radacctdir = ${logdir}/radacct
  135. name = radiusd
  136. confdir = ${raddbdir}
  137. modconfdir = ${confdir}/mods-config
  138. certdir = ${confdir}/certs
  139. cadir   = ${confdir}/certs
  140. run_dir = ${localstatedir}/run/${name}
  141. db_dir = ${localstatedir}/lib/radiusd
  142. debug_level = 9
  143. libdir = /usr/lib64/freeradius
  144. pidfile = ${run_dir}/${name}.pid
  145. correct_escapes = true
  146. max_request_time = 30
  147. cleanup_delay = 5
  148. max_requests = 16384
  149. hostname_lookups = no
  150. log {
  151.         destination = files
  152.         colourise = yes
  153.         file = ${logdir}/radius.log
  154.         syslog_facility = daemon
  155.         stripped_names = yes
  156.         auth = yes
  157.         auth_badpass = yes
  158.         auth_goodpass = yes
  159.         msg_denied = "You are already logged in - access denied"
  160. }
  161. checkrad = ${sbindir}/checkrad
  162. security {
  163.         user = root
  164.         group = root
  165.         allow_core_dumps = no
  166.         max_attributes = 200
  167.         reject_delay = 1
  168.         status_server = yes
  169. }
  170. proxy_requests  = yes
  171. $INCLUDE proxy.conf
  172. $INCLUDE clients.conf
  173. thread pool {
  174.         start_servers = 5
  175.         max_servers = 32
  176.         min_spare_servers = 3
  177.         max_spare_servers = 10
  178.         max_requests_per_server = 0
  179.         auto_limit_acct = no
  180. }
  181. modules {
  182.         $INCLUDE mods-enabled/
  183. }
  184.  
  185. instantiate {
  186. }
  187.  
  188. policy {
  189.         $INCLUDE policy.d/
  190. }
  191. $INCLUDE sites-enabled/
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top