prefix = /usrexec_prefix = ${prefix}sysconfdir = /etclocalstatedir = /var

1. prefix = /usr
2. exec_prefix = ${prefix}
3. sysconfdir = /etc
4. localstatedir = /var
5. sbindir = ${exec_prefix}/sbin
6. logdir = ${localstatedir}/log/radius
7. raddbdir = ${sysconfdir}/raddb
8. radacctdir = ${logdir}/radacct
9. confdir = ${raddbdir}
10. run_dir = ${localstatedir}/run/radiusd
11. db_dir = $(raddbdir)
12. libdir = ${exec_prefix}/lib
13. pidfile = ${run_dir}/radiusd.pid
14. log_file = ${logdir}/radius.log
15. log_destination = files
16.  
17.  
18. user = radiusd
19. group = radiusd
20.  
21. max_request_time = 130
22. delete_blocked_requests = no
23. cleanup_delay = 10
24. max_requests = 1024
25.  
26. listen {
27. ipaddr = *
28. port = 0
29. type = auth
30. }
31.  
32. listen {
33. type = "acct"
34. ipaddr = *
35. port = 0
36. }
37. hostname_lookups = no
38. allow_core_dumps = no
39. regular_expressions = yes
40. extended_expressions = yes
41. log_stripped_names = yes
42. log_auth = yes
43. log_auth_badpass = yes
44. log_auth_goodpass = yes
45. usercollide = no
46. lower_user = no
47. lower_pass = no
48. nospace_user = no
49. nospace_pass = no
50. checkrad = ${sbindir}/checkrad
51. security {
52. max_attributes = 200
53. reject_delay = 1
54. status_server = no
55. }
56. proxy_requests = no
57. $INCLUDE ${confdir}/clients.conf
58. snmp = no
59. thread pool {
60. start_servers = 5
61. max_servers = 32
62. min_spare_servers = 3
63. max_spare_servers = 10
64. max_requests_per_server = 0
65. }
66. modules {
67. pap {
68. encryption_scheme = crypt
69. }
70. chap {
71. authtype = CHAP
72. }
73. pam {
74. pam_auth = radiusd
75. }
76. unix {
77. cache = no
78. cache_reload = 600
79. radwtmp = ${logdir}/radwtmp
80. }
81. $INCLUDE ${confdir}/eap.conf
82. mschap {
83. authtype = MS-CHAP
84. use_mppe = yes
85. require_encryption = yes
86. require_strong = yes
87. }
88. ldap {
89. server = "ldap.your.domain"
90. basedn = "o=My Org,c=UA"
91. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
92. start_tls = no
93. access_attr = "dialupAccess"
94. dictionary_mapping = ${raddbdir}/ldap.attrmap
95. ldap_connections_number = 5
96. timeout = 4
97. timelimit = 3
98. net_timeout = 1
99. }
100. realm IPASS {
101. format = prefix
102. delimiter = "/"
103. ignore_default = no
104. ignore_null = no
105. }
106. realm suffix {
107. format = suffix
108. delimiter = "@"
109. ignore_default = no
110. ignore_null = no
111. }
112. realm realmpercent {
113. format = suffix
114. delimiter = "%"
115. ignore_default = no
116. ignore_null = no
117. }
118. realm ntdomain {
119. format = prefix
120. delimiter = "\\"
121. ignore_default = no
122. ignore_null = no
123. }
124. checkval {
125. item-name = Calling-Station-Id
126. check-name = Calling-Station-Id
127. data-type = string
128. }
129.  
130. preprocess {
131. huntgroups = ${confdir}/huntgroups
132. hints = ${confdir}/hints
133. with_ascend_hack = no
134. ascend_channels_per_line = 23
135. with_ntdomain_hack = no
136. with_specialix_jetstream_hack = no
137. with_cisco_vsa_hack = no
138. }
139. files {
140. usersfile = ${confdir}/users
141. acctusersfile = ${confdir}/acct_users
142. preproxy_usersfile = ${confdir}/preproxy_users
143. compat = no
144. }
145. detail {
146. detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
147. detailperm = 0600
148. }
149. acct_unique {
150. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
151. }
152. $INCLUDE ${confdir}/sql.conf
153.  
154. radutmp {
155. filename = ${logdir}/radutmp
156. username = %{User-Name}
157. case_sensitive = yes
158. check_with_nas = yes
159. perm = 0600
160. callerid = "yes"
161. }
162. radutmp sradutmp {
163. filename = ${logdir}/sradutmp
164. perm = 0644
165. callerid = "no"
166. }
167. attr_filter {
168. attrsfile = ${confdir}/attrs
169. }
170. counter daily {
171. filename = ${raddbdir}/db.daily
172. key = User-Name
173. count-attribute = Acct-Session-Time
174. reset = daily
175. counter-name = Daily-Session-Time
176. check-name = Max-Daily-Session
177. allowed-servicetype = Framed-User
178. cache-size = 5000
179. }
180. sqlcounter dailycounter {
181. counter-name = Daily-Session-Time
182. check-name = Max-Daily-Session
183. sqlmod-inst = sql
184. key = User-Name
185. reset = daily
186. query = "SELECT SUM(AcctSessionTime - \
187. GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
188. FROM radacct WHERE UserName='%{%k}' AND \
189. UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
190. }
191. sqlcounter monthlycounter {
192. counter-name = Monthly-Session-Time
193. check-name = Max-Monthly-Session
194. sqlmod-inst = sql
195. key = User-Name
196. reset = monthly
197. query = "SELECT SUM(AcctSessionTime - \
198. GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
199. FROM radacct WHERE UserName='%{%k}' AND \
200. UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
201. }
202. always fail {
203. rcode = fail
204. }
205. always reject {
206. rcode = reject
207. }
208. always ok {
209. rcode = ok
210. simulcount = 0
211. mpp = no
212. }
213. expr {
214. }
215. digest {
216. }
217. exec {
218. wait = yes
219. input_pairs = request
220. }
221. exec echo {
222. wait = yes
223. program = "/bin/echo %{User-Name}"
224. input_pairs = request
225. output_pairs = reply
226. }
227. ippool main_pool {
228. range-start = 192.168.1.1
229. range-stop = 192.168.3.254
230. netmask = 255.255.255.0
231. cache-size = 800
232. session-db = ${raddbdir}/db.ippool
233. ip-index = ${raddbdir}/db.ipindex
234. override = no
235. maximum-timeout = 0
236. }
237. }
238. instantiate {
239. exec
240. expr
241. }
242. authorize {
243. preprocess
244. mschap
245. suffix
246. eap
247. files
248. }
249. authenticate {
250. Auth-Type MS-CHAP {
251. mschap
252. }
253. unix
254. eap
255. }
256. preacct {
257. preprocess
258. acct_unique
259. suffix
260. files
261. }
262. accounting {
263. detail
264. unix
265. radutmp
266. }
267. session {
268. radutmp
269. }
270. post-auth {
271. }
272. pre-proxy {
273. }
274. post-proxy {
275. eap
276. }