API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 19th, 2017
78
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.42 KB | None | 0 0
raw download clone embed print report
  1. prefix = /usr
  2. exec_prefix = /usr
  3. sysconfdir = /etc
  4. localstatedir = /var
  5. sbindir = /usr/sbin
  6. logdir = ${localstatedir}/log/radius
  7. raddbdir = ${sysconfdir}/raddb
  8. radacctdir = ${logdir}/radacct
  9.  
  10. confdir = ${raddbdir}
  11. run_dir = ${localstatedir}/run/radiusd
  12.  
  13. log_file = ${logdir}/radius.log
  14.  
  15. libdir = /usr/lib
  16.  
  17. pidfile = ${run_dir}/radiusd.pid
  18.  
  19. user = radiusd
  20. group = radiusd
  21.  
  22. max_request_time = 30
  23.  
  24. delete_blocked_requests = no
  25.  
  26. cleanup_delay = 5
  27.  
  28. max_requests = 1024
  29.  
  30.  
  31. listen {
  32. ipaddr = 10.250.100.21
  33. port = 1812
  34. type = auth
  35. }
  36.  
  37. listen {
  38. ipaddr = 10.250.100.21
  39. port = 1813
  40. type = acct
  41. }
  42.  
  43.  
  44. hostname_lookups = no
  45.  
  46. allow_core_dumps = no
  47.  
  48. regular_expressions = yes
  49. extended_expressions = yes
  50.  
  51. log_stripped_names = no
  52.  
  53. log_auth = yes
  54. log_auth_badpass = no
  55. usercollide = no
  56.  
  57. lower_user = no
  58. lower_pass = no
  59.  
  60. nospace_user = no
  61. nospace_pass = no
  62.  
  63. checkrad = ${sbindir}/checkrad
  64.  
  65. security {
  66. max_attributes = 200
  67.  
  68. reject_delay = 1
  69.  
  70. status_server = no
  71. }
  72.  
  73. proxy_requests = yes
  74. $INCLUDE ${confdir}/proxy.conf
  75.  
  76. $INCLUDE ${confdir}/clients.conf
  77.  
  78. snmp = no
  79.  
  80. thread pool {
  81. start_servers = 5
  82. max_servers = 32
  83. min_spare_servers = 3
  84. max_spare_servers = 10
  85. max_requests_per_server = 0
  86. }
  87.  
  88. modules {
  89. pap {
  90. encryption_scheme = crypt
  91. }
  92. chap {
  93. authtype = CHAP
  94. }
  95. pam {
  96. pam_auth = radiusd
  97. }
  98. unix {
  99. cache = no
  100. cache_reload = 600
  101. shadow = /etc/shadow
  102. radwtmp = ${logdir}/radwtmp
  103. }
  104.  
  105. $INCLUDE ${confdir}/eap.conf
  106.  
  107. mschap {}
  108. ldap {
  109. server = "ldap.your.domain"
  110. basedn = "o=My Org,c=UA"
  111. filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  112. start_tls = no
  113. access_attr = "dialupAccess"
  114. dictionary_mapping = ${raddbdir}/ldap.attrmap
  115. ldap_connections_number = 5
  116. timeout = 4
  117. timelimit = 3
  118. net_timeout = 1
  119. }
  120.  
  121. realm IPASS {
  122. format = prefix
  123. delimiter = "/"
  124. ignore_default = no
  125. ignore_null = no
  126. }
  127.  
  128. realm suffix {
  129. format = suffix
  130. delimiter = "@"
  131. ignore_default = no
  132. ignore_null = no
  133. }
  134.  
  135. realm realmpercent {
  136. format = suffix
  137. delimiter = "%"
  138. ignore_default = no
  139. ignore_null = no
  140. }
  141.  
  142. realm ntdomain {
  143. format = prefix
  144. delimiter = "\\"
  145. ignore_default = no
  146. ignore_null = no
  147. }
  148.  
  149. checkval {
  150. item-name = Calling-Station-Id
  151. check-name = Calling-Station-Id
  152. data-type = string
  153. }
  154.  
  155. preprocess {
  156. huntgroups = ${confdir}/huntgroups
  157. hints = ${confdir}/hints
  158. with_ascend_hack = no
  159. ascend_channels_per_line = 23
  160. with_ntdomain_hack = no
  161. with_specialix_jetstream_hack = no
  162. with_cisco_vsa_hack = no
  163. }
  164.  
  165. files {
  166. usersfile = ${confdir}/users
  167. acctusersfile = ${confdir}/acct_users
  168. preproxy_usersfile = ${confdir}/preproxy_users
  169. compat = no
  170. }
  171.  
  172. detail {
  173. detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
  174. detailperm = 0600
  175. }
  176.  
  177. acct_unique {
  178. key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  179. }
  180.  
  181. $INCLUDE ${confdir}/sql.conf
  182.  
  183. radutmp {
  184. filename = ${logdir}/radutmp
  185. username = %{User-Name}
  186. case_sensitive = yes
  187. check_with_nas = yes
  188. perm = 0600
  189. callerid = "yes"
  190. }
  191.  
  192. radutmp sradutmp {
  193. filename = ${logdir}/sradutmp
  194. perm = 0644
  195. callerid = "no"
  196. }
  197.  
  198. attr_filter {
  199. attrsfile = ${confdir}/attrs
  200. }
  201.  
  202. counter daily {
  203. filename = ${raddbdir}/db.daily
  204. key = User-Name
  205. count-attribute = Acct-Session-Time
  206. reset = daily
  207. counter-name = Daily-Session-Time
  208. check-name = Max-Daily-Session
  209. allowed-servicetype = Framed-User
  210. cache-size = 5000
  211. }
  212.  
  213. sqlcounter dailycounter {
  214. counter-name = Daily-Session-Time
  215. check-name = Max-Daily-Session
  216. sqlmod-inst = sql
  217. key = User-Name
  218. reset = daily
  219.  
  220. query = "SELECT SUM(AcctSessionTime - \
  221. GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
  222. FROM radacct WHERE UserName='%{%k}' AND \
  223. UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
  224. }
  225.  
  226. sqlcounter monthlycounter {
  227. counter-name = Monthly-Session-Time
  228. check-name = Max-Monthly-Session
  229. sqlmod-inst = sql
  230. key = User-Name
  231. reset = monthly
  232.  
  233. query = "SELECT SUM(AcctSessionTime - \
  234. GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
  235. FROM radacct WHERE UserName='%{%k}' AND \
  236. UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
  237. }
  238.  
  239. always fail {
  240. rcode = fail
  241. }
  242. always reject {
  243. rcode = reject
  244. }
  245. always ok {
  246. rcode = ok
  247. simulcount = 0
  248. mpp = no
  249. }
  250.  
  251. expr {
  252. }
  253.  
  254. digest {
  255. }
  256.  
  257. exec {
  258. wait = yes
  259. input_pairs = request
  260. }
  261.  
  262. exec echo {
  263. wait = yes
  264. program = "/bin/echo %{User-Name}"
  265. input_pairs = request
  266. output_pairs = reply
  267.  
  268. }
  269.  
  270. ippool main_pool {
  271. range-start = 192.168.1.1
  272. range-stop = 192.168.3.254
  273. netmask = 255.255.255.0
  274. cache-size = 800
  275. session-db = ${raddbdir}/db.ippool
  276. ip-index = ${raddbdir}/db.ipindex
  277. override = no
  278. maximum-timeout = 0
  279. }
  280. }
  281.  
  282. instantiate {
  283. exec
  284. expr
  285.  
  286. }
  287.  
  288. authorize {
  289. preprocess
  290. chap
  291. mschap
  292. suffix
  293. eap
  294. sql
  295. files
  296. }
  297.  
  298. authenticate {
  299. Auth-Type PAP {
  300. pap
  301. }
  302. Auth-Type CHAP {
  303. chap
  304. }
  305. Auth-Type MS-CHAP {
  306. mschap
  307. }
  308. unix
  309. eap
  310. }
  311.  
  312. preacct {
  313. preprocess
  314. acct_unique
  315. suffix
  316. files
  317. }
  318.  
  319. accounting {
  320. detail
  321. unix
  322. radutmp
  323. sql
  324. }
  325.  
  326. session {
  327. radutmp
  328. sql
  329. }
  330.  
  331. post-auth {
  332. }
  333.  
  334. pre-proxy {
  335. }
  336.  
  337. post-proxy {
  338. eap
  339. }
  340. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!