API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 19th, 2017
111
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.65 KB | None | 0 0
raw download clone embed print report
  1. # diff radiusd.conf radiusd.conf.test
  2. 2d1
  3. < exec_prefix = /usr
  4. 18a18
  5. >
  6. 30a31,32
  7. >
  8. >
  9. 43a46,53
  10. >
  11. >
  12. >
  13. >
  14. >
  15. >
  16. >
  17. >
  18. 48,49c58,59
  19. < regular_expressions = yes
  20. < extended_expressions = yes
  21. ---
  22. > regular_expressions = yes
  23. > extended_expressions = yes
  24. 66c76
  25. < max_attributes = 200
  26. ---
  27. > max_attributes = 200
  28. 68c78
  29. < reject_delay = 1
  30. ---
  31. > reject_delay = 1
  32. 70c80
  33. < status_server = no
  34. ---
  35. > status_server = no
  36. 75a86,87
  37. >
  38. >
  39. 78c90,92
  40. < snmp = no
  41. ---
  42. >
  43. > snmp = no
  44. >
  45. 81,85c95,102
  46. < start_servers = 5
  47. < max_servers = 32
  48. < min_spare_servers = 3
  49. < max_spare_servers = 10
  50. < max_requests_per_server = 0
  51. ---
  52. > start_servers = 5
  53. >
  54. > max_servers = 32
  55. >
  56. > min_spare_servers = 3
  57. > max_spare_servers = 10
  58. >
  59. > max_requests_per_server = 0
  60. 89,103c106,127
  61. < pap {
  62. < encryption_scheme = crypt
  63. < }
  64. < chap {
  65. < authtype = CHAP
  66. < }
  67. < pam {
  68. < pam_auth = radiusd
  69. < }
  70. < unix {
  71. < cache = no
  72. < cache_reload = 600
  73. < shadow = /etc/shadow
  74. < radwtmp = ${logdir}/radwtmp
  75. < }
  76. ---
  77. >
  78. > pap {
  79. > encryption_scheme = crypt
  80. > }
  81. >
  82. > chap {
  83. > authtype = CHAP
  84. > }
  85. >
  86. > pam {
  87. > pam_auth = radiusd
  88. > }
  89. >
  90. > unix {
  91. > cache = no
  92. >
  93. > cache_reload = 600
  94. >
  95. > shadow = /etc/shadow
  96. >
  97. > radwtmp = ${logdir}/radwtmp
  98. > }
  99. 107,218c131,285
  100. < mschap {}
  101. < ldap {
  102. < server = "ldap.your.domain"
  103. < basedn = "o=My Org,c=UA"
  104. < filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  105. < start_tls = no
  106. < access_attr = "dialupAccess"
  107. < dictionary_mapping = ${raddbdir}/ldap.attrmap
  108. < ldap_connections_number = 5
  109. < timeout = 4
  110. < timelimit = 3
  111. < net_timeout = 1
  112. < }
  113. <
  114. < realm IPASS {
  115. < format = prefix
  116. < delimiter = "/"
  117. < ignore_default = no
  118. < ignore_null = no
  119. < }
  120. <
  121. < realm suffix {
  122. < format = suffix
  123. < delimiter = "@"
  124. < ignore_default = no
  125. < ignore_null = no
  126. < }
  127. <
  128. < realm realmpercent {
  129. < format = suffix
  130. < delimiter = "%"
  131. < ignore_default = no
  132. < ignore_null = no
  133. < }
  134. <
  135. < realm ntdomain {
  136. < format = prefix
  137. < delimiter = "\\"
  138. < ignore_default = no
  139. < ignore_null = no
  140. < }
  141. <
  142. < checkval {
  143. < item-name = Calling-Station-Id
  144. < check-name = Calling-Station-Id
  145. < data-type = string
  146. < }
  147. <
  148. < preprocess {
  149. < huntgroups = ${confdir}/huntgroups
  150. < hints = ${confdir}/hints
  151. < with_ascend_hack = no
  152. < ascend_channels_per_line = 23
  153. < with_ntdomain_hack = no
  154. < with_specialix_jetstream_hack = no
  155. < with_cisco_vsa_hack = no
  156. < }
  157. <
  158. < files {
  159. < usersfile = ${confdir}/users
  160. < acctusersfile = ${confdir}/acct_users
  161. < preproxy_usersfile = ${confdir}/preproxy_users
  162. < compat = no
  163. < }
  164. <
  165. < detail {
  166. < detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
  167. < detailperm = 0600
  168. < }
  169. <
  170. < acct_unique {
  171. < key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  172. < }
  173. <
  174. < $INCLUDE ${confdir}/sql.conf
  175. <
  176. < radutmp {
  177. < filename = ${logdir}/radutmp
  178. < username = %{User-Name}
  179. < case_sensitive = yes
  180. < check_with_nas = yes
  181. < perm = 0600
  182. < callerid = "yes"
  183. < }
  184. <
  185. < radutmp sradutmp {
  186. < filename = ${logdir}/sradutmp
  187. < perm = 0644
  188. < callerid = "no"
  189. < }
  190. <
  191. < attr_filter {
  192. < attrsfile = ${confdir}/attrs
  193. < }
  194. <
  195. < counter daily {
  196. < filename = ${raddbdir}/db.daily
  197. < key = User-Name
  198. < count-attribute = Acct-Session-Time
  199. < reset = daily
  200. < counter-name = Daily-Session-Time
  201. < check-name = Max-Daily-Session
  202. < allowed-servicetype = Framed-User
  203. < cache-size = 5000
  204. < }
  205. <
  206. < sqlcounter dailycounter {
  207. < counter-name = Daily-Session-Time
  208. < check-name = Max-Daily-Session
  209. < sqlmod-inst = sql
  210. < key = User-Name
  211. < reset = daily
  212. ---
  213. > mschap {
  214. >
  215. >
  216. >
  217. >
  218. >
  219. > }
  220. >
  221. > ldap {
  222. > server = "ldap.your.domain"
  223. > basedn = "o=My Org,c=UA"
  224. > filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
  225. >
  226. > start_tls = no
  227. >
  228. >
  229. > access_attr = "dialupAccess"
  230. >
  231. > dictionary_mapping = ${raddbdir}/ldap.attrmap
  232. >
  233. > ldap_connections_number = 5
  234. >
  235. > timeout = 4
  236. > timelimit = 3
  237. > net_timeout = 1
  238. >
  239. > }
  240. >
  241. >
  242. >
  243. >
  244. >
  245. > realm IPASS {
  246. > format = prefix
  247. > delimiter = "/"
  248. > ignore_default = no
  249. > ignore_null = no
  250. > }
  251. >
  252. > realm suffix {
  253. > format = suffix
  254. > delimiter = "@"
  255. > ignore_default = no
  256. > ignore_null = no
  257. > }
  258. >
  259. > realm realmpercent {
  260. > format = suffix
  261. > delimiter = "%"
  262. > ignore_default = no
  263. > ignore_null = no
  264. > }
  265. >
  266. > realm ntdomain {
  267. > format = prefix
  268. > delimiter = "\\"
  269. > ignore_default = no
  270. > ignore_null = no
  271. > }
  272. >
  273. > checkval {
  274. > item-name = Calling-Station-Id
  275. >
  276. > check-name = Calling-Station-Id
  277. >
  278. > data-type = string
  279. >
  280. > }
  281. >
  282. >
  283. >
  284. > preprocess {
  285. > huntgroups = ${confdir}/huntgroups
  286. > hints = ${confdir}/hints
  287. >
  288. > with_ascend_hack = no
  289. > ascend_channels_per_line = 23
  290. >
  291. > with_ntdomain_hack = no
  292. >
  293. > with_specialix_jetstream_hack = no
  294. >
  295. > with_cisco_vsa_hack = no
  296. > }
  297. >
  298. > files {
  299. > usersfile = ${confdir}/users
  300. > acctusersfile = ${confdir}/acct_users
  301. > preproxy_usersfile = ${confdir}/preproxy_users
  302. >
  303. > compat = no
  304. > }
  305. >
  306. > detail {
  307. > detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
  308. >
  309. > detailperm = 0600
  310. >
  311. > }
  312. >
  313. >
  314. >
  315. >
  316. >
  317. >
  318. >
  319. >
  320. >
  321. > sql_log {
  322. > path = ${radacctdir}/sql-relay
  323. > acct_table = "radacct"
  324. > postauth_table = "radpostauth"
  325. >
  326. > Start = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
  327. > NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
  328. > AcctSessionTime, AcctTerminateCause) VALUES \
  329. > ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
  330. > '%{Framed-IP-Address}', '%S', '0', '0', '');"
  331. > Stop = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
  332. > NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
  333. > AcctSessionTime, AcctTerminateCause) VALUES \
  334. > ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
  335. > '%{Framed-IP-Address}', '0', '%S', '%{Acct-Session-Time}', \
  336. > '%{Acct-Terminate-Cause}');"
  337. > Alive = "INSERT INTO ${acct_table} (AcctSessionId, UserName, \
  338. > NASIPAddress, FramedIPAddress, AcctStartTime, AcctStopTime, \
  339. > AcctSessionTime, AcctTerminateCause) VALUES \
  340. > ('%{Acct-Session-Id}', '%{User-Name}', '%{NAS-IP-Address}', \
  341. > '%{Framed-IP-Address}', '0', '0', '%{Acct-Session-Time}','');"
  342. >
  343. > Post-Auth = "INSERT INTO ${postauth_table} \
  344. > (user, pass, reply, date) VALUES \
  345. > ('%{User-Name}', '%{User-Password:-Chap-Password}', \
  346. > '%{reply:Packet-Type}', '%S');"
  347. > }
  348. >
  349. > acct_unique {
  350. > key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
  351. > }
  352. >
  353. >
  354. > $INCLUDE ${confdir}/sql.conf
  355. >
  356. >
  357. >
  358. >
  359. > radutmp {
  360. > filename = ${logdir}/radutmp
  361. >
  362. > username = %{User-Name}
  363. >
  364. >
  365. > case_sensitive = yes
  366. >
  367. > check_with_nas = yes
  368. 220c287,320
  369. < query = "SELECT SUM(AcctSessionTime - \
  370. ---
  371. > perm = 0600
  372. >
  373. > callerid = "yes"
  374. > }
  375. >
  376. > radutmp sradutmp {
  377. > filename = ${logdir}/sradutmp
  378. > perm = 0644
  379. > callerid = "no"
  380. > }
  381. >
  382. > attr_filter {
  383. > attrsfile = ${confdir}/attrs
  384. > }
  385. >
  386. > counter daily {
  387. > filename = ${raddbdir}/db.daily
  388. > key = User-Name
  389. > count-attribute = Acct-Session-Time
  390. > reset = daily
  391. > counter-name = Daily-Session-Time
  392. > check-name = Max-Daily-Session
  393. > allowed-servicetype = Framed-User
  394. > cache-size = 5000
  395. > }
  396. >
  397. > sqlcounter dailycounter {
  398. > counter-name = Daily-Session-Time
  399. > check-name = Max-Daily-Session
  400. > sqlmod-inst = sql
  401. > key = User-Name
  402. > reset = daily
  403. >
  404. > query = "SELECT SUM(AcctSessionTime - \
  405. 224d323
  406. < }
  407. 226,231d324
  408. < sqlcounter monthlycounter {
  409. < counter-name = Monthly-Session-Time
  410. < check-name = Max-Monthly-Session
  411. < sqlmod-inst = sql
  412. < key = User-Name
  413. < reset = monthly
  414. 233c326,338
  415. < query = "SELECT SUM(AcctSessionTime - \
  416. ---
  417. >
  418. >
  419. >
  420. > }
  421. >
  422. > sqlcounter monthlycounter {
  423. > counter-name = Monthly-Session-Time
  424. > check-name = Max-Monthly-Session
  425. > sqlmod-inst = sql
  426. > key = User-Name
  427. > reset = monthly
  428. >
  429. > query = "SELECT SUM(AcctSessionTime - \
  430. 237d341
  431. < }
  432. 239,279c343,399
  433. < always fail {
  434. < rcode = fail
  435. < }
  436. < always reject {
  437. < rcode = reject
  438. < }
  439. < always ok {
  440. < rcode = ok
  441. < simulcount = 0
  442. < mpp = no
  443. < }
  444. <
  445. < expr {
  446. < }
  447. <
  448. < digest {
  449. < }
  450. <
  451. < exec {
  452. < wait = yes
  453. < input_pairs = request
  454. < }
  455. <
  456. < exec echo {
  457. < wait = yes
  458. < program = "/bin/echo %{User-Name}"
  459. < input_pairs = request
  460. < output_pairs = reply
  461. <
  462. < }
  463. <
  464. < ippool main_pool {
  465. < range-start = 192.168.1.1
  466. < range-stop = 192.168.3.254
  467. < netmask = 255.255.255.0
  468. < cache-size = 800
  469. < session-db = ${raddbdir}/db.ippool
  470. < ip-index = ${raddbdir}/db.ipindex
  471. < override = no
  472. < maximum-timeout = 0
  473. < }
  474. ---
  475. >
  476. > }
  477. >
  478. > always fail {
  479. > rcode = fail
  480. > }
  481. > always reject {
  482. > rcode = reject
  483. > }
  484. > always ok {
  485. > rcode = ok
  486. > simulcount = 0
  487. > mpp = no
  488. > }
  489. >
  490. > expr {
  491. > }
  492. >
  493. > digest {
  494. > }
  495. >
  496. > exec {
  497. > wait = yes
  498. > input_pairs = request
  499. > }
  500. >
  501. > exec echo {
  502. > wait = yes
  503. >
  504. > program = "/bin/echo %{User-Name}"
  505. >
  506. > input_pairs = request
  507. >
  508. > output_pairs = reply
  509. >
  510. > }
  511. >
  512. > ippool main_pool {
  513. >
  514. > range-start = 192.168.1.1
  515. > range-stop = 192.168.3.254
  516. >
  517. > netmask = 255.255.255.0
  518. >
  519. > cache-size = 800
  520. >
  521. > session-db = ${raddbdir}/db.ippool
  522. >
  523. > ip-index = ${raddbdir}/db.ipindex
  524. >
  525. > override = no
  526. >
  527. > maximum-timeout = 0
  528. > }
  529. >
  530. >
  531. >
  532. 283,284c403,405
  533. < exec
  534. < expr
  535. ---
  536. > exec
  537. >
  538. > expr
  539. 289,295c410,429
  540. < preprocess
  541. < chap
  542. < mschap
  543. < suffix
  544. < eap
  545. < sql
  546. < files
  547. ---
  548. > preprocess
  549. >
  550. >
  551. >
  552. > chap
  553. >
  554. > mschap
  555. >
  556. >
  557. >
  558. > suffix
  559. >
  560. > eap
  561. > sql
  562. >
  563. > files
  564. >
  565. >
  566. >
  567. >
  568. 297a432,433
  569. >
  570. >
  571. 299,309c435,452
  572. < Auth-Type PAP {
  573. < pap
  574. < }
  575. < Auth-Type CHAP {
  576. < chap
  577. < }
  578. < Auth-Type MS-CHAP {
  579. < mschap
  580. < }
  581. < unix
  582. < eap
  583. ---
  584. > Auth-Type PAP {
  585. > pap
  586. > }
  587. >
  588. > Auth-Type CHAP {
  589. > chap
  590. > }
  591. >
  592. > Auth-Type MS-CHAP {
  593. > mschap
  594. > }
  595. >
  596. >
  597. >
  598. > unix
  599. >
  600. >
  601. > eap
  602. 311a455
  603. >
  604. 313,316c457,463
  605. < preprocess
  606. < acct_unique
  607. < suffix
  608. < files
  609. ---
  610. > preprocess
  611. >
  612. > acct_unique
  613. >
  614. > suffix
  615. >
  616. > files
  617. 320,323c467,477
  618. < detail
  619. < unix
  620. < radutmp
  621. < sql
  622. ---
  623. > detail
  624. >
  625. > unix
  626. >
  627. > radutmp
  628. >
  629. >
  630. > sql
  631. >
  632. >
  633. >
  634. 325a480
  635. >
  636. 327,328c482,484
  637. < radutmp
  638. < sql
  639. ---
  640. > radutmp
  641. >
  642. > sql
  643. 330a487
  644. >
  645. 331a489,494
  646. >
  647. >
  648. > sql
  649. >
  650. >
  651. >
  652. 334a498,499
  653. >
  654. >
  655. 338,339c503,508
  656. < eap
  657. < }
  658. ---
  659. >
  660. >
  661. >
  662. >
  663. >
  664. > eap
  665. 340a510
  666. >
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!