Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # diff radiusd.conf radiusd.conf.test
- 2d1
- < exec_prefix = /usr
- 18a18
- >
- 30a31,32
- >
- >
- 43a46,53
- >
- >
- >
- >
- >
- >
- >
- >
- 48,49c58,59
- < regular_expressions = yes
- < extended_expressions = yes
- ---
- > regular_expressions = yes
- > extended_expressions = yes
- 66c76
- < max_attributes = 200
- ---
- > max_attributes = 200
- 68c78
- < reject_delay = 1
- ---
- > reject_delay = 1
- 70c80
- < status_server = no
- ---
- > status_server = no
- 75a86,87
- >
- >
- 78c90,92
- < snmp = no
- ---
- >
- > snmp = no
- >
- 81,85c95,102
- < start_servers = 5
- < max_servers = 32
- < min_spare_servers = 3
- < max_spare_servers = 10
- < max_requests_per_server = 0
- ---
- > start_servers = 5
- >
- > max_servers = 32
- >
- > min_spare_servers = 3
- > max_spare_servers = 10
- >
- > max_requests_per_server = 0
- 89,103c106,127
- < pap {
- < encryption_scheme = crypt
- < }
- < chap {
- < authtype = CHAP
- < }
- < pam {
- < pam_auth = radiusd
- < }
- < unix {
- < cache = no
- < cache_reload = 600
- < shadow = /etc/shadow
- < radwtmp = ${logdir}/radwtmp
- < }
- ---
- >
- > pap {
- > encryption_scheme = crypt
- > }
- >
- > chap {
- > authtype = CHAP
- > }
- >
- > pam {
- > pam_auth = radiusd
- > }
- >
- > unix {
- > cache = no
- >
- > cache_reload = 600
- >
- > shadow = /etc/shadow
- >
- > radwtmp = ${logdir}/radwtmp
- > }
- 107,218c131,285
- < mschap {}
- < ldap {
- < server = "ldap.your.domain"
- < basedn = "o=My Org,c=UA"
- < filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
- < start_tls = no
- < access_attr = "dialupAccess"
- < dictionary_mapping = ${raddbdir}/ldap.attrmap
- < ldap_connections_number = 5
- < timeout = 4
- < timelimit = 3
- < net_timeout = 1
- < }
- <
- < realm IPASS {
- < format = prefix
- < delimiter = "/"
- < ignore_default = no
- < ignore_null = no
- < }
- <
- < realm suffix {
- < format = suffix
- < delimiter = "@"
- < ignore_default = no
- < ignore_null = no
- < }
- <
- < realm realmpercent {
- < format = suffix
- < delimiter = "%"
- < ignore_default = no
- < ignore_null = no
- < }
- <
- < realm ntdomain {
- < format = prefix
- < delimiter = "\\"
- < ignore_default = no
- < ignore_null = no
- < }
- <
- < checkval {
- < item-name = Calling-Station-Id
- < check-name = Calling-Station-Id
- < data-type = string
- < }
- <
- < preprocess {
- < huntgroups = ${confdir}/huntgroups
- < hints = ${confdir}/hints
- < with_ascend_hack = no
- < ascend_channels_per_line = 23
- < with_ntdomain_hack = no
- < with_specialix_jetstream_hack = no
- < with_cisco_vsa_hack = no
- < }
- <
- < files {
- < usersfile = ${confdir}/users
- < acctusersfile = ${confdir}/acct_users
- < preproxy_usersfile = ${confdir}/preproxy_users
- < compat = no
- < }
- <
- < detail {
- < detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
- < detailperm = 0600
- < }
- <
- < acct_unique {
- < key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
- < }
- <
- < $INCLUDE ${confdir}/sql.conf
- <
- < radutmp {
- < filename = ${logdir}/radutmp
- < username = %{User-Name}
- < case_sensitive = yes
- < check_with_nas = yes
- < perm = 0600
- < callerid = "yes"
- < }
- <
- < radutmp sradutmp {
- < filename = ${logdir}/sradutmp
- < perm = 0644
- < callerid = "no"
- < }
- <
- < attr_filter {
- < attrsfile = ${confdir}/attrs
- < }
- <
- < counter daily {
- < filename = ${raddbdir}/db.daily
- < key = User-Name
- < count-attribute = Acct-Session-Time
- < reset = daily
- < counter-name = Daily-Session-Time
- < check-name = Max-Daily-Session
- < allowed-servicetype = Framed-User
- < cache-size = 5000
- < }
- <
- < sqlcounter dailycounter {
- < counter-name = Daily-Session-Time
- < check-name = Max-Daily-Session
- < sqlmod-inst = sql
- < key = User-Name
- < reset = daily
- ---
- > mschap {
- >
- >
- >
- >
- >
- > }
- >
- > ldap {
- > server = "ldap.your.domain"
- > basedn = "o=My Org,c=UA"
- > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
- >
- > start_tls = no
- >
- >
- > access_attr = "dialupAccess"
- >
- > dictionary_mapping = ${raddbdir}/ldap.attrmap
- >
- > ldap_connections_number = 5
- >
- > timeout = 4
- > timelimit = 3
- > net_timeout = 1
- >
- > }
- >
- >
- >
- >
- >
- > realm IPASS {
- > format = prefix
- > delimiter = "/"
- > ignore_default = no
- > ignore_null = no
- > }
- >
- > realm suffix {
- > format = suffix
- > delimiter = "@"
- > ignore_default = no
- > ignore_null = no
- > }
- >
- > realm realmpercent {
- > format = suffix
- > delimiter = "%"
- > ignore_default = no
- > ignore_null = no
- > }
- >
- > realm ntdomain {
- > format = prefix
- > delimiter = "\\"
- > ignore_default = no
- > ignore_null = no
- > }
- >
- > checkval {
- > item-name = Calling-Station-Id
- >
- > check-name = Calling-Station-Id
- >
- > data-type = string
- >
- > }
- >
- >
- >
- > preprocess {
- > huntgroups = ${confdir}/huntgroups
- > hints = ${confdir}/hints
- >
- > with_ascend_hack = no
- > ascend_channels_per_line = 23
- >
- > with_ntdomain_hack = no
- >
- > with_specialix_jetstream_hack = no
- >
- > with_cisco_vsa_hack = no
- > }
- >
- > files {
- > usersfile = ${confdir}/users
- > acctusersfile = ${confdir}/acct_users
- > preproxy_usersfile = ${confdir}/preproxy_users
- >
- > compat = no
- > }
- >
- > detail {
- > detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
- >
- > detailperm = 0600
- >
- > }
- >
- >
- >
- >
- >
- >
- >
- >
- >
- > sql_log {
- > path = ${radacctdir}/sql-relay
- > acct_table = "radacct"
- > postauth_table = "radpostauth"
- >
- > Start = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
- > NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
- > AcctSessionTime, AcctTerminateCause) VALUES \
- > ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
- > '%{Framed-IP-Address}', '%S', '0', '0', '');"
- > Stop = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
- > NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
- > AcctSessionTime, AcctTerminateCause) VALUES \
- > ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
- > '%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \
- > '%{Acct-Terminate-Cause}');"
- > Alive = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
- > NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
- > AcctSessionTime, AcctTerminateCause) VALUES \
- > ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
- > '%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');"
- >
- > Post-Auth = "INSERT INTO ${postauth_table} \
- > (user, pass, reply, date) VALUES \
- > ('%{User-Name}', '%{User-Password:-Chap-Password}', \
- > '%{reply:Packet-Type}', '%S');"
- > }
- >
- > acct_unique {
- > key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
- > }
- >
- >
- > $INCLUDE ${confdir}/sql.conf
- >
- >
- >
- >
- > radutmp {
- > filename = ${logdir}/radutmp
- >
- > username = %{User-Name}
- >
- >
- > case_sensitive = yes
- >
- > check_with_nas = yes
- 220c287,320
- < query = "SELECT SUM(AcctSessionTime - \
- ---
- > perm = 0600
- >
- > callerid = "yes"
- > }
- >
- > radutmp sradutmp {
- > filename = ${logdir}/sradutmp
- > perm = 0644
- > callerid = "no"
- > }
- >
- > attr_filter {
- > attrsfile = ${confdir}/attrs
- > }
- >
- > counter daily {
- > filename = ${raddbdir}/db.daily
- > key = User-Name
- > count-attribute = Acct-Session-Time
- > reset = daily
- > counter-name = Daily-Session-Time
- > check-name = Max-Daily-Session
- > allowed-servicetype = Framed-User
- > cache-size = 5000
- > }
- >
- > sqlcounter dailycounter {
- > counter-name = Daily-Session-Time
- > check-name = Max-Daily-Session
- > sqlmod-inst = sql
- > key = User-Name
- > reset = daily
- >
- > query = "SELECT SUM(AcctSessionTime - \
- 224d323
- < }
- 226,231d324
- < sqlcounter monthlycounter {
- < counter-name = Monthly-Session-Time
- < check-name = Max-Monthly-Session
- < sqlmod-inst = sql
- < key = User-Name
- < reset = monthly
- 233c326,338
- < query = "SELECT SUM(AcctSessionTime - \
- ---
- >
- >
- >
- > }
- >
- > sqlcounter monthlycounter {
- > counter-name = Monthly-Session-Time
- > check-name = Max-Monthly-Session
- > sqlmod-inst = sql
- > key = User-Name
- > reset = monthly
- >
- > query = "SELECT SUM(AcctSessionTime - \
- 237d341
- < }
- 239,279c343,399
- < always fail {
- < rcode = fail
- < }
- < always reject {
- < rcode = reject
- < }
- < always ok {
- < rcode = ok
- < simulcount = 0
- < mpp = no
- < }
- <
- < expr {
- < }
- <
- < digest {
- < }
- <
- < exec {
- < wait = yes
- < input_pairs = request
- < }
- <
- < exec echo {
- < wait = yes
- < program = "/bin/echo %{User-Name}"
- < input_pairs = request
- < output_pairs = reply
- <
- < }
- <
- < ippool main_pool {
- < range-start = 192.168.1.1
- < range-stop = 192.168.3.254
- < netmask = 255.255.255.0
- < cache-size = 800
- < session-db = ${raddbdir}/db.ippool
- < ip-index = ${raddbdir}/db.ipindex
- < override = no
- < maximum-timeout = 0
- < }
- ---
- >
- > }
- >
- > always fail {
- > rcode = fail
- > }
- > always reject {
- > rcode = reject
- > }
- > always ok {
- > rcode = ok
- > simulcount = 0
- > mpp = no
- > }
- >
- > expr {
- > }
- >
- > digest {
- > }
- >
- > exec {
- > wait = yes
- > input_pairs = request
- > }
- >
- > exec echo {
- > wait = yes
- >
- > program = "/bin/echo %{User-Name}"
- >
- > input_pairs = request
- >
- > output_pairs = reply
- >
- > }
- >
- > ippool main_pool {
- >
- > range-start = 192.168.1.1
- > range-stop = 192.168.3.254
- >
- > netmask = 255.255.255.0
- >
- > cache-size = 800
- >
- > session-db = ${raddbdir}/db.ippool
- >
- > ip-index = ${raddbdir}/db.ipindex
- >
- > override = no
- >
- > maximum-timeout = 0
- > }
- >
- >
- >
- 283,284c403,405
- < exec
- < expr
- ---
- > exec
- >
- > expr
- 289,295c410,429
- < preprocess
- < chap
- < mschap
- < suffix
- < eap
- < sql
- < files
- ---
- > preprocess
- >
- >
- >
- > chap
- >
- > mschap
- >
- >
- >
- > suffix
- >
- > eap
- > sql
- >
- > files
- >
- >
- >
- >
- 297a432,433
- >
- >
- 299,309c435,452
- < Auth-Type PAP {
- < pap
- < }
- < Auth-Type CHAP {
- < chap
- < }
- < Auth-Type MS-CHAP {
- < mschap
- < }
- < unix
- < eap
- ---
- > Auth-Type PAP {
- > pap
- > }
- >
- > Auth-Type CHAP {
- > chap
- > }
- >
- > Auth-Type MS-CHAP {
- > mschap
- > }
- >
- >
- >
- > unix
- >
- >
- > eap
- 311a455
- >
- 313,316c457,463
- < preprocess
- < acct_unique
- < suffix
- < files
- ---
- > preprocess
- >
- > acct_unique
- >
- > suffix
- >
- > files
- 320,323c467,477
- < detail
- < unix
- < radutmp
- < sql
- ---
- > detail
- >
- > unix
- >
- > radutmp
- >
- >
- > sql
- >
- >
- >
- 325a480
- >
- 327,328c482,484
- < radutmp
- < sql
- ---
- > radutmp
- >
- > sql
- 330a487
- >
- 331a489,494
- >
- >
- > sql
- >
- >
- >
- 334a498,499
- >
- >
- 338,339c503,508
- < eap
- < }
- ---
- >
- >
- >
- >
- >
- > eap
- 340a510
- >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement