Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- prefix = /usr
- exec_prefix = ${prefix}
- sysconfdir = /etc
- localstatedir = /var
- sbindir = ${exec_prefix}/sbin
- logdir = ${localstatedir}/log/radius
- raddbdir = ${sysconfdir}/raddb
- radacctdir = ${logdir}/radacct
- confdir = ${raddbdir}
- run_dir = ${localstatedir}/run/radiusd
- db_dir = $(raddbdir)
- libdir = ${exec_prefix}/lib
- pidfile = ${run_dir}/radiusd.pid
- log_file = ${logdir}/radius.log
- log_destination = files
- user = radiusd
- group = radiusd
- max_request_time = 130
- delete_blocked_requests = no
- cleanup_delay = 10
- max_requests = 1024
- listen {
- ipaddr = *
- port = 0
- type = auth
- }
- listen {
- type = "acct"
- ipaddr = *
- port = 0
- }
- hostname_lookups = no
- allow_core_dumps = no
- regular_expressions = yes
- extended_expressions = yes
- log_stripped_names = yes
- log_auth = yes
- log_auth_badpass = yes
- log_auth_goodpass = yes
- usercollide = no
- lower_user = no
- lower_pass = no
- nospace_user = no
- nospace_pass = no
- checkrad = ${sbindir}/checkrad
- security {
- max_attributes = 200
- reject_delay = 1
- status_server = no
- }
- proxy_requests = no
- $INCLUDE ${confdir}/clients.conf
- snmp = no
- thread pool {
- start_servers = 5
- max_servers = 32
- min_spare_servers = 3
- max_spare_servers = 10
- max_requests_per_server = 0
- }
- modules {
- pap {
- encryption_scheme = crypt
- }
- chap {
- authtype = CHAP
- }
- pam {
- pam_auth = radiusd
- }
- unix {
- cache = no
- cache_reload = 600
- radwtmp = ${logdir}/radwtmp
- }
- $INCLUDE ${confdir}/eap.conf
- mschap {
- authtype = MS-CHAP
- use_mppe = yes
- require_encryption = yes
- require_strong = yes
- }
- ldap {
- server = "ldap.your.domain"
- basedn = "o=My Org,c=UA"
- filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
- start_tls = no
- access_attr = "dialupAccess"
- dictionary_mapping = ${raddbdir}/ldap.attrmap
- ldap_connections_number = 5
- timeout = 4
- timelimit = 3
- net_timeout = 1
- }
- realm IPASS {
- format = prefix
- delimiter = "/"
- ignore_default = no
- ignore_null = no
- }
- realm suffix {
- format = suffix
- delimiter = "@"
- ignore_default = no
- ignore_null = no
- }
- realm realmpercent {
- format = suffix
- delimiter = "%"
- ignore_default = no
- ignore_null = no
- }
- realm ntdomain {
- format = prefix
- delimiter = "\\"
- ignore_default = no
- ignore_null = no
- }
- checkval {
- item-name = Calling-Station-Id
- check-name = Calling-Station-Id
- data-type = string
- }
- preprocess {
- huntgroups = ${confdir}/huntgroups
- hints = ${confdir}/hints
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- }
- files {
- usersfile = ${confdir}/users
- acctusersfile = ${confdir}/acct_users
- preproxy_usersfile = ${confdir}/preproxy_users
- compat = no
- }
- detail {
- detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
- detailperm = 0600
- }
- acct_unique {
- key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
- }
- $INCLUDE ${confdir}/sql.conf
- radutmp {
- filename = ${logdir}/radutmp
- username = %{User-Name}
- case_sensitive = yes
- check_with_nas = yes
- perm = 0600
- callerid = "yes"
- }
- radutmp sradutmp {
- filename = ${logdir}/sradutmp
- perm = 0644
- callerid = "no"
- }
- attr_filter {
- attrsfile = ${confdir}/attrs
- }
- counter daily {
- filename = ${raddbdir}/db.daily
- key = User-Name
- count-attribute = Acct-Session-Time
- reset = daily
- counter-name = Daily-Session-Time
- check-name = Max-Daily-Session
- allowed-servicetype = Framed-User
- cache-size = 5000
- }
- sqlcounter dailycounter {
- counter-name = Daily-Session-Time
- check-name = Max-Daily-Session
- sqlmod-inst = sql
- key = User-Name
- reset = daily
- query = "SELECT SUM(AcctSessionTime - \
- GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
- FROM radacct WHERE UserName='%{%k}' AND \
- UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
- }
- sqlcounter monthlycounter {
- counter-name = Monthly-Session-Time
- check-name = Max-Monthly-Session
- sqlmod-inst = sql
- key = User-Name
- reset = monthly
- query = "SELECT SUM(AcctSessionTime - \
- GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
- FROM radacct WHERE UserName='%{%k}' AND \
- UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
- }
- always fail {
- rcode = fail
- }
- always reject {
- rcode = reject
- }
- always ok {
- rcode = ok
- simulcount = 0
- mpp = no
- }
- expr {
- }
- digest {
- }
- exec {
- wait = yes
- input_pairs = request
- }
- exec echo {
- wait = yes
- program = "/bin/echo %{User-Name}"
- input_pairs = request
- output_pairs = reply
- }
- ippool main_pool {
- range-start = 192.168.1.1
- range-stop = 192.168.3.254
- netmask = 255.255.255.0
- cache-size = 800
- session-db = ${raddbdir}/db.ippool
- ip-index = ${raddbdir}/db.ipindex
- override = no
- maximum-timeout = 0
- }
- }
- instantiate {
- exec
- expr
- }
- authorize {
- preprocess
- mschap
- suffix
- eap
- files
- }
- authenticate {
- Auth-Type MS-CHAP {
- mschap
- }
- unix
- eap
- }
- preacct {
- preprocess
- acct_unique
- suffix
- files
- }
- accounting {
- detail
- unix
- radutmp
- }
- session {
- radutmp
- }
- post-auth {
- }
- pre-proxy {
- }
- post-proxy {
- eap
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement