API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 19th, 2017
84
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.52 KB | None | 0 0
raw download clone embed print report
  1. cat /tmp/radiusd.conf
  2.  
  3.  
  4. prefix = /usr
  5. exec_prefix = /usr
  6. sysconfdir = /etc
  7. localstatedir = /var
  8. sbindir = /usr/sbin
  9. logdir = ${localstatedir}/log/radius
  10. raddbdir = ${sysconfdir}/raddb
  11. radacctdir = ${logdir}/radacct
  12.  
  13. confdir = ${raddbdir}
  14. run_dir = ${localstatedir}/run/radiusd
  15.  
  16. log_file = ${logdir}/radius.log
  17.  
  18. libdir = /usr/lib
  19.  
  20. pidfile = ${run_dir}/radiusd.pid
  21.  
  22.  
  23. user = radiusd
  24. group = radiusd
  25.  
  26. max_request_time = 30
  27.  
  28. delete_blocked_requests = no
  29.  
  30. cleanup_delay = 5
  31.  
  32. max_requests = 1024
  33.  
  34.  
  35.  
  36.  
  37. listen {
  38. ipaddr =
  39. port = 1812
  40. type = auth
  41. }
  42.  
  43. listen {
  44. ipaddr =
  45. port = 1813
  46. type = acct
  47. }
  48.  
  49.  
  50.  
  51. listen {
  52. ipaddr =
  53. port = 1812
  54. type = auth
  55. }
  56.  
  57. listen {
  58. ipaddr =
  59. port = 1813
  60. type = acct
  61. }
  62.  
  63.  
  64.  
  65.  
  66.  
  67.  
  68.  
  69. hostname_lookups = no
  70.  
  71. allow_core_dumps = no
  72.  
  73. regular_expressions = yes
  74. extended_expressions = yes
  75.  
  76. log_stripped_names = no
  77.  
  78. log_auth = yes
  79. log_auth_badpass = no
  80. usercollide = no
  81.  
  82. lower_user = no
  83. lower_pass = no
  84.  
  85. nospace_user = no
  86. nospace_pass = no
  87.  
  88. checkrad = ${sbindir}/checkrad
  89.  
  90. security {
  91. max_attributes = 200
  92.  
  93. reject_delay = 1
  94.  
  95. status_server = no
  96. }
  97.  
  98. proxy_requests = yes
  99. $INCLUDE ${confdir}/proxy.conf
  100.  
  101.  
  102.  
  103. $INCLUDE ${confdir}/clients.conf
  104.  
  105.  
  106. snmp = no
  107.  
  108.  
  109. thread pool {
  110. start_servers = 5
  111.  
  112. max_servers = 32
  113.  
  114. min_spare_servers = 3
  115. max_spare_servers = 10
  116.  
  117. max_requests_per_server = 0
  118. }
  119.  
  120. modules {
  121.  
  122. pap {
  123. encryption_scheme = crypt
  124. }
  125.  
  126. chap {
  127. authtype = CHAP
  128. }
  129.  
  130. pam {
  131. pam_auth = radiusd
  132. }
  133.  
  134. unix {
  135. cache = no
  136.  
  137. cache_reload = 600
  138.  
  139. shadow = /etc/shadow
  140.  
  141. radwtmp = ${logdir}/radwtmp
  142. }
  143.  
  144. $INCLUDE ${confdir}/eap.conf
  145.  
  146. mschap {
  147.  
  148.  
  149.  
  150.  
  151.  
  152. }
  153.  
  154. ldap {
  155. server = "ldap.your.domain"
  156. basedn = "o=My Org,c=UA"
  157. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  158.  
  159. start_tls = no
  160.  
  161.  
  162. access_attr = "dialupAccess"
  163.  
  164. dictionary_mapping = ${raddbdir}/ldap.attrmap
  165.  
  166. ldap_connections_number = 5
  167.  
  168. timeout = 4
  169. timelimit = 3
  170. net_timeout = 1
  171.  
  172. }
  173.  
  174.  
  175.  
  176.  
  177.  
  178. realm IPASS {
  179. format = prefix
  180. delimiter = "/"
  181. ignore_default = no
  182. ignore_null = no
  183. }
  184.  
  185. realm suffix {
  186. format = suffix
  187. delimiter = "@"
  188. ignore_default = no
  189. ignore_null = no
  190. }
  191.  
  192. realm realmpercent {
  193. format = suffix
  194. delimiter = "%"
  195. ignore_default = no
  196. ignore_null = no
  197. }
  198.  
  199. realm ntdomain {
  200. format = prefix
  201. delimiter = "\\"
  202. ignore_default = no
  203. ignore_null = no
  204. }
  205.  
  206. checkval {
  207. item-name = Calling-Station-Id
  208.  
  209. check-name = Calling-Station-Id
  210.  
  211. data-type = string
  212.  
  213. }
  214.  
  215.  
  216.  
  217. preprocess {
  218. huntgroups = ${confdir}/huntgroups
  219. hints = ${confdir}/hints
  220.  
  221. with_ascend_hack = no
  222. ascend_channels_per_line = 23
  223.  
  224. with_ntdomain_hack = no
  225.  
  226. with_specialix_jetstream_hack = no
  227.  
  228. with_cisco_vsa_hack = no
  229. }
  230.  
  231. files {
  232. usersfile = ${confdir}/users
  233. acctusersfile = ${confdir}/acct_users
  234. preproxy_usersfile = ${confdir}/preproxy_users
  235.  
  236. compat = no
  237. }
  238.  
  239. detail {
  240. detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
  241.  
  242. detailperm = 0600
  243.  
  244. }
  245.  
  246.  
  247.  
  248.  
  249.  
  250.  
  251.  
  252.  
  253.  
  254. sql_log {
  255. path = ${radacctdir}/sql-relay
  256. acct_table = "radacct"
  257. postauth_table = "radpostauth"
  258.  
  259. Start = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
  260. NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
  261. AcctSessionTime, AcctTerminateCause) VALUES \
  262. ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
  263. '%{Framed-IP-Address}', '%S', '0', '0', '');"
  264. Stop = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
  265. NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
  266. AcctSessionTime, AcctTerminateCause) VALUES \
  267. ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
  268. '%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \
  269. '%{Acct-Terminate-Cause}');"
  270. Alive = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
  271. NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
  272. AcctSessionTime, AcctTerminateCause) VALUES \
  273. ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
  274. '%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');"
  275.  
  276. Post-Auth = "INSERT INTO ${postauth_table} \
  277. (user, pass, reply, date) VALUES \
  278. ('%{User-Name}', '%{User-Password:-Chap-Password}', \
  279. '%{reply:Packet-Type}', '%S');"
  280. }
  281.  
  282. acct_unique {
  283. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  284. }
  285.  
  286.  
  287. $INCLUDE ${confdir}/sql.conf
  288.  
  289.  
  290.  
  291.  
  292. radutmp {
  293. filename = ${logdir}/radutmp
  294.  
  295. username = %{User-Name}
  296.  
  297.  
  298. case_sensitive = yes
  299.  
  300. check_with_nas = yes
  301.  
  302. perm = 0600
  303.  
  304. callerid = "yes"
  305. }
  306.  
  307. radutmp sradutmp {
  308. filename = ${logdir}/sradutmp
  309. perm = 0644
  310. callerid = "no"
  311. }
  312.  
  313. attr_filter {
  314. attrsfile = ${confdir}/attrs
  315. }
  316.  
  317. counter daily {
  318. filename = ${raddbdir}/db.daily
  319. key = User-Name
  320. count-attribute = Acct-Session-Time
  321. reset = daily
  322. counter-name = Daily-Session-Time
  323. check-name = Max-Daily-Session
  324. allowed-servicetype = Framed-User
  325. cache-size = 5000
  326. }
  327.  
  328. sqlcounter dailycounter {
  329. counter-name = Daily-Session-Time
  330. check-name = Max-Daily-Session
  331. sqlmod-inst = sql
  332. key = User-Name
  333. reset = daily
  334.  
  335. query = "SELECT SUM(AcctSessionTime - \
  336. GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
  337. FROM radacct WHERE UserName='%{%k}' AND \
  338. UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
  339.  
  340.  
  341.  
  342.  
  343.  
  344. }
  345.  
  346. sqlcounter monthlycounter {
  347. counter-name = Monthly-Session-Time
  348. check-name = Max-Monthly-Session
  349. sqlmod-inst = sql
  350. key = User-Name
  351. reset = monthly
  352.  
  353. query = "SELECT SUM(AcctSessionTime - \
  354. GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
  355. FROM radacct WHERE UserName='%{%k}' AND \
  356. UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
  357.  
  358.  
  359. }
  360.  
  361. always fail {
  362. rcode = fail
  363. }
  364. always reject {
  365. rcode = reject
  366. }
  367. always ok {
  368. rcode = ok
  369. simulcount = 0
  370. mpp = no
  371. }
  372.  
  373. expr {
  374. }
  375.  
  376. digest {
  377. }
  378.  
  379. exec {
  380. wait = yes
  381. input_pairs = request
  382. }
  383.  
  384. exec echo {
  385. wait = yes
  386.  
  387. program = "/bin/echo %{User-Name}"
  388.  
  389. input_pairs = request
  390.  
  391. output_pairs = reply
  392.  
  393. }
  394.  
  395. ippool main_pool {
  396.  
  397. range-start = 192.168.1.1
  398. range-stop = 192.168.3.254
  399.  
  400. netmask = 255.255.255.0
  401.  
  402. cache-size = 800
  403.  
  404. session-db = ${raddbdir}/db.ippool
  405.  
  406. ip-index = ${raddbdir}/db.ipindex
  407.  
  408. override = no
  409.  
  410. maximum-timeout = 0
  411. }
  412.  
  413.  
  414.  
  415. }
  416.  
  417. instantiate {
  418. exec
  419.  
  420. expr
  421.  
  422. }
  423.  
  424. authorize {
  425. preprocess
  426.  
  427.  
  428.  
  429. chap
  430.  
  431. mschap
  432.  
  433.  
  434.  
  435. suffix
  436.  
  437. eap
  438. sql
  439.  
  440. files
  441.  
  442.  
  443.  
  444.  
  445. }
  446.  
  447.  
  448.  
  449. authenticate {
  450. Auth-Type PAP {
  451. pap
  452. }
  453.  
  454. Auth-Type CHAP {
  455. chap
  456. }
  457.  
  458. Auth-Type MS-CHAP {
  459. mschap
  460. }
  461.  
  462.  
  463.  
  464. unix
  465.  
  466.  
  467. eap
  468. }
  469.  
  470.  
  471. preacct {
  472. preprocess
  473.  
  474. acct_unique
  475.  
  476. suffix
  477.  
  478. files
  479. }
  480.  
  481. accounting {
  482. detail
  483.  
  484. unix
  485.  
  486. radutmp
  487.  
  488.  
  489. sql
  490.  
  491.  
  492.  
  493. }
  494.  
  495.  
  496. session {
  497. radutmp
  498.  
  499. sql
  500. }
  501.  
  502.  
  503. post-auth {
  504.  
  505.  
  506. sql
  507.  
  508.  
  509.  
  510. }
  511.  
  512. pre-proxy {
  513.  
  514.  
  515. }
  516.  
  517. post-proxy {
  518.  
  519.  
  520.  
  521.  
  522.  
  523. eap
  524. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!