diff --git a/SOURCES/radiusclient.conf b/SOURCES/radiusclient.conf new file mode 100644 index 0000000..a28aa37 --- /dev/null +++ b/SOURCES/radiusclient.conf @@ -0,0 +1,81 @@ +# RADIUS settings + +# The name to be used to identify this NAS (server). If set it will +# be used in NAS-Identifier. +#nas-identifier my-server-name + +# RADIUS server to use for authentication requests. this config +# item can appear more then one time. if multiple servers are +# defined they are tried in a round robin fashion if one +# server is not answering. +# optionally you can specify a the port number on which is remote +# RADIUS listens separated by a colon from the hostname. if +# no port is specified /etc/services is consulted of the radius +# service. if this fails also a compiled in default is used. +# For IPv6 addresses use the '[IPv6]:port' format, or +# simply '[IPv6]'. +authserver localhost:2083 + +# For DTLS with PSK authentication, the following format is valid: +#authserver localhost:2083:psk@username@hexkey + +# In TLS/DTLS the acct server directive is ignored. +# +acctserver localhost:2083 + +# file holding PSKs used for the communication +# between the RADIUS client and server. They should +# be stored in "psk:username:hexkey" format. +#servers /etc/radcli/servers-tls + +# dictionary of allowed attributes and values +# just like in the normal RADIUS distributions +#dictionary /etc/radcli/dictionary + +# default authentication realm to append to all usernames if no +# realm was explicitly specified by the user +# the radiusd directly form Livingston doesnt use any realms, so leave +# it blank then +default_realm + +# time to wait for a reply from the RADIUS server +radius_timeout 10 + +# resend request this many times before trying the next server +radius_retries 3 + +# The length of time in seconds that we skip a nonresponsive RADIUS +# server for transaction requests. Server(s) being in the "dead" state +# are tried only after all other non-dead servers have been tried and +# failed or timeouted. The deadtime interval starts when the server +# does not respond to an authentication/accounting request transmissions. +# When the interval expires, the "dead" server would be re-tried again, +# and if it's still down then it will be considered "dead" for another +# such interval and so on. This option is no-op if there is only one +# server in the list. Set to 0 in order to disable the feature. +radius_deadtime 0 + +# local address from which radius packets have to be sent +bindaddr * + +# TLS/DTLS settings + +# The type of authentication to use for the radius server. +# The available options are 'tls' and 'dtls', or should be commented +# out to use plain UDP. TLS and DTLS authentication can be used +# with PSK keys or X.509 certificate authentication (see below). +#serv-auth-type tls + +# The CA certificate to be used to verify the server's certificate. +# Does not need to be set if we are using PSK (pre-shared keys). +#tls-ca-file /etc/radcli/ca.pem + +# Our certificate and key files. These identify this NAS to the +# radius servers. They don't need to be set if using PSK. +#tls-cert-file /etc/radcli/cert.pem +#tls-key-file /etc/radcli/key.pem + +# Used for debugging purposed. It will disable hostname verification +# on the connected host. Not recommended to be enabled. +#tls-verify-hostname false +