You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
82 lines
3.0 KiB
82 lines
3.0 KiB
10 years ago
|
# RADIUS settings
|
||
|
|
|
||
|
|
# The name to be used to identify this NAS (server). If set it will
|
||
|
|
# be used in NAS-Identifier.
|
||
|
|
#nas-identifier my-server-name
|
||
|
|
|
||
|
|
# RADIUS server to use for authentication requests. this config
|
||
|
|
# item can appear more then one time. if multiple servers are
|
||
|
|
# defined they are tried in a round robin fashion if one
|
||
|
|
# server is not answering.
|
||
|
|
# optionally you can specify a the port number on which is remote
|
||
|
|
# RADIUS listens separated by a colon from the hostname. if
|
||
|
|
# no port is specified /etc/services is consulted of the radius
|
||
|
|
# service. if this fails also a compiled in default is used.
|
||
|
|
# For IPv6 addresses use the '[IPv6]:port' format, or
|
||
|
|
# simply '[IPv6]'.
|
||
|
|
authserver localhost:2083
|
||
|
|
|
||
|
|
# For DTLS with PSK authentication, the following format is valid:
|
||
|
|
#authserver localhost:2083:psk@username@hexkey
|
||
|
|
|
||
|
|
# In TLS/DTLS the acct server directive is ignored.
|
||
|
|
#
|
||
|
|
acctserver localhost:2083
|
||
|
|
|
||
|
|
# file holding PSKs used for the communication
|
||
|
|
# between the RADIUS client and server. They should
|
||
|
|
# be stored in "psk:username:hexkey" format.
|
||
|
|
#servers /etc/radcli/servers-tls
|
||
|
|
|
||
|
|
# dictionary of allowed attributes and values
|
||
|
|
# just like in the normal RADIUS distributions
|
||
|
|
#dictionary /etc/radcli/dictionary
|
||
|
|
|
||
|
|
# default authentication realm to append to all usernames if no
|
||
|
|
# realm was explicitly specified by the user
|
||
|
|
# the radiusd directly form Livingston doesnt use any realms, so leave
|
||
|
|
# it blank then
|
||
|
|
default_realm
|
||
|
|
|
||
|
|
# time to wait for a reply from the RADIUS server
|
||
|
|
radius_timeout 10
|
||
|
|
|
||
|
|
# resend request this many times before trying the next server
|
||
|
|
radius_retries 3
|
||
|
|
|
||
|
|
# The length of time in seconds that we skip a nonresponsive RADIUS
|
||
|
|
# server for transaction requests. Server(s) being in the "dead" state
|
||
|
|
# are tried only after all other non-dead servers have been tried and
|
||
|
|
# failed or timeouted. The deadtime interval starts when the server
|
||
|
|
# does not respond to an authentication/accounting request transmissions.
|
||
|
|
# When the interval expires, the "dead" server would be re-tried again,
|
||
|
|
# and if it's still down then it will be considered "dead" for another
|
||
|
|
# such interval and so on. This option is no-op if there is only one
|
||
|
|
# server in the list. Set to 0 in order to disable the feature.
|
||
|
|
radius_deadtime 0
|
||
|
|
|
||
|
|
# local address from which radius packets have to be sent
|
||
|
|
bindaddr *
|
||
|
|
|
||
|
|
# TLS/DTLS settings
|
||
|
|
|
||
|
|
# The type of authentication to use for the radius server.
|
||
|
|
# The available options are 'tls' and 'dtls', or should be commented
|
||
|
|
# out to use plain UDP. TLS and DTLS authentication can be used
|
||
|
|
# with PSK keys or X.509 certificate authentication (see below).
|
||
|
|
#serv-auth-type tls
|
||
|
|
|
||
|
|
# The CA certificate to be used to verify the server's certificate.
|
||
|
|
# Does not need to be set if we are using PSK (pre-shared keys).
|
||
|
|
#tls-ca-file /etc/radcli/ca.pem
|
||
|
|
|
||
|
|
# Our certificate and key files. These identify this NAS to the
|
||
|
|
# radius servers. They don't need to be set if using PSK.
|
||
|
|
#tls-cert-file /etc/radcli/cert.pem
|
||
|
|
#tls-key-file /etc/radcli/key.pem
|
||
|
|
|
||
|
|
# Used for debugging purposed. It will disable hostname verification
|
||
|
|
# on the connected host. Not recommended to be enabled.
|
||
|
|
#tls-verify-hostname false
|
||
|
|
|