API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 15th, 2017
94
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.29 KB | None | 0 0
raw download clone embed print report
  1. # cat radiusd.conf | egrep -v "#" | egrep -v "^$"
  2. prefix = /usr
  3. exec_prefix = /usr
  4. sysconfdir = /etc
  5. localstatedir = /var
  6. sbindir = ${exec_prefix}/sbin
  7. logdir = /var/log/freeradius
  8. raddbdir = /etc/freeradius
  9. radacctdir = ${logdir}/radacct
  10. confdir = ${raddbdir}
  11. run_dir = ${localstatedir}/run/freeradius
  12. db_dir = $(raddbdir)
  13. libdir = /usr/lib/freeradius
  14. pidfile = ${run_dir}/freeradius.pid
  15. user = freerad
  16. group = freerad
  17. max_request_time = 30
  18. cleanup_delay = 5
  19. max_requests = 1024
  20. listen {
  21. type = auth
  22. ipaddr = *
  23. port = 0
  24. }
  25. listen {
  26. ipaddr = *
  27. port = 0
  28. type = acct
  29. }
  30. hostname_lookups = no
  31. allow_core_dumps = no
  32. regular_expressions = yes
  33. extended_expressions = yes
  34. log {
  35. destination = files
  36. file = ${logdir}/radius.log
  37. syslog_facility = daemon
  38. stripped_names = no
  39. auth = no
  40. auth_badpass = no
  41. auth_goodpass = no
  42. }
  43. checkrad = ${sbindir}/checkrad
  44. security {
  45. max_attributes = 200
  46. reject_delay = 1
  47. status_server = yes
  48. }
  49. proxy_requests = yes
  50. $INCLUDE proxy.conf
  51. $INCLUDE clients.conf
  52. snmp = no
  53. $INCLUDE snmp.conf
  54. thread pool {
  55. start_servers = 5
  56. max_servers = 32
  57. min_spare_servers = 3
  58. max_spare_servers = 10
  59. max_requests_per_server = 0
  60. }
  61. modules {
  62. exec abills_preauth {
  63. program = "/usr/abills/libexec/rauth.pl pre_auth"
  64. wait = yes
  65. input_pairs = request
  66. shell_escape = yes
  67. output_pairs = config
  68. }
  69. exec abills_postauth {
  70. program = "/usr/abills/libexec/rauth.pl post_auth"
  71. wait = yes
  72. input_pairs = request
  73. shell_escape = yes
  74. output_pairs = config
  75. }
  76. exec abills_auth {
  77. program = "/usr/abills/libexec/rauth.pl"
  78. wait = yes
  79. input_pairs = request
  80. shell_escape = yes
  81. output = no
  82. output_pairs = reply
  83. }
  84. exec abills_acc {
  85. program = "/usr/abills/libexec/racct.pl"
  86. wait = yes
  87. input_pairs = request
  88. shell_escape = yes
  89. output = no
  90. output_pairs = reply
  91. }
  92. pap {
  93. auto_header = no
  94. }
  95. chap {
  96. authtype = CHAP
  97. }
  98. pam {
  99. pam_auth = radiusd
  100. }
  101. unix {
  102. radwtmp = ${logdir}/radwtmp
  103. }
  104. $INCLUDE eap.conf
  105. mschap {
  106. }
  107. ldap {
  108. server = "ldap.your.domain"
  109. basedn = "o=My Org,c=UA"
  110. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  111. ldap_connections_number = 5
  112. timeout = 4
  113. timelimit = 3
  114. net_timeout = 1
  115. tls {
  116. start_tls = no
  117. }
  118. dictionary_mapping = ${confdir}/ldap.attrmap
  119. edir_account_policy_check = no
  120. }
  121. realm IPASS {
  122. format = prefix
  123. delimiter = "/"
  124. }
  125. realm suffix {
  126. format = suffix
  127. delimiter = "@"
  128. }
  129. realm realmpercent {
  130. format = suffix
  131. delimiter = "%"
  132. }
  133. realm ntdomain {
  134. format = prefix
  135. delimiter = "\\"
  136. }
  137. checkval {
  138. item-name = Calling-Station-Id
  139. check-name = Calling-Station-Id
  140. data-type = string
  141. }
  142.  
  143. preprocess {
  144. huntgroups = ${confdir}/huntgroups
  145. hints = ${confdir}/hints
  146. with_ascend_hack = no
  147. ascend_channels_per_line = 23
  148. with_ntdomain_hack = no
  149. with_specialix_jetstream_hack = no
  150. with_cisco_vsa_hack = no
  151. }
  152. files {
  153. usersfile = ${confdir}/users
  154. acctusersfile = ${confdir}/acct_users
  155. preproxy_usersfile = ${confdir}/preproxy_users
  156. compat = no
  157. }
  158. detail {
  159. detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
  160. detailperm = 0600
  161. header = "%t"
  162. }
  163. acct_unique {
  164. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  165. }
  166.  
  167. radutmp {
  168. filename = ${logdir}/radutmp
  169. username = %{User-Name}
  170. case_sensitive = yes
  171. check_with_nas = yes
  172. perm = 0600
  173. callerid = "yes"
  174. }
  175. radutmp sradutmp {
  176. filename = ${logdir}/sradutmp
  177. perm = 0644
  178. callerid = "no"
  179. }
  180. attr_filter attr_filter.post-proxy {
  181. attrsfile = ${confdir}/attrs
  182. }
  183. attr_filter attr_filter.pre-proxy {
  184. attrsfile = ${confdir}/attrs.pre-proxy
  185. }
  186. attr_filter attr_filter.access_reject {
  187. key = %{User-Name}
  188. attrsfile = ${confdir}/attrs.access_reject
  189. }
  190. attr_filter attr_filter.accounting_response {
  191. key = %{User-Name}
  192. attrsfile = ${confdir}/attrs.accounting_response
  193. }
  194. counter daily {
  195. filename = ${db_dir}/db.daily
  196. key = User-Name
  197. count-attribute = Acct-Session-Time
  198. reset = daily
  199. counter-name = Daily-Session-Time
  200. check-name = Max-Daily-Session
  201. reply-name = Session-Timeout
  202. allowed-servicetype = Framed-User
  203. cache-size = 5000
  204. }
  205. always fail {
  206. rcode = fail
  207. }
  208. always reject {
  209. rcode = reject
  210. }
  211. always noop {
  212. rcode = noop
  213. }
  214. always handled {
  215. rcode = handled
  216. }
  217. always updated {
  218. rcode = updated
  219. }
  220. always notfound {
  221. rcode = notfound
  222. }
  223. always ok {
  224. rcode = ok
  225. simulcount = 0
  226. mpp = no
  227. }
  228. expr {
  229. }
  230. digest {
  231. }
  232. expiration {
  233. reply-message = "Password Has Expired\r\n"
  234. }
  235. logintime {
  236. reply-message = "You are calling outside your allowed timespan\r\n"
  237. minimum-timeout = 60
  238. }
  239. exec {
  240. wait = yes
  241. input_pairs = request
  242. shell_escape = yes
  243. output = none
  244. output_pairs = reply
  245. }
  246. exec echo {
  247. wait = yes
  248. program = "/bin/echo %{User-Name}"
  249. input_pairs = request
  250. output_pairs = reply
  251. shell_escape = yes
  252. }
  253. ippool main_pool {
  254. range-start = 192.168.1.1
  255. range-stop = 192.168.3.254
  256. netmask = 255.255.255.0
  257. cache-size = 800
  258. session-db = ${db_dir}/db.ippool
  259. ip-index = ${db_dir}/db.ipindex
  260. override = no
  261. maximum-timeout = 0
  262. }
  263. policy {
  264. filename = ${confdir}/policy.txt
  265. }
  266. }
  267. instantiate {
  268. exec
  269. expr
  270. expiration
  271. logintime
  272. }
  273. $INCLUDE policy.conf
  274. $INCLUDE sites-enabled/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!