# RADIUS settings

# The name to be used to identify this NAS (server). If set it will
# be used in NAS-Identifier.
#nas-identifier my-server-name

# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
# For IPv6 addresses use the '[IPv6]:port' format, or
# simply '[IPv6]'.
authserver 	localhost:2083

# For DTLS with PSK authentication, the following format is valid:
#authserver 	localhost:2083:psk@username@hexkey

# In TLS/DTLS the acct server directive is ignored.
#
acctserver 	localhost:2083

# file holding PSKs used for the communication
# between the RADIUS client and server. They should
# be stored in "psk:username:hexkey" format.
#servers		/etc/radcli/servers-tls

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
#dictionary 	/etc/radcli/dictionary

# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm

# time to wait for a reply from the RADIUS server
radius_timeout	10

# resend request this many times before trying the next server
radius_retries	3

# The length of time in seconds that we skip a nonresponsive RADIUS
# server for transaction requests.  Server(s) being in the "dead" state
# are tried only after all other non-dead servers have been tried and
# failed or timeouted.  The deadtime interval starts when the server
# does not respond to an authentication/accounting request transmissions. 
# When the interval expires, the "dead" server would be re-tried again,
# and if it's still down then it will be considered "dead" for another
# such interval and so on. This option is no-op if there is only one
# server in the list. Set to 0 in order to disable the feature.
radius_deadtime	0

# local address from which radius packets have to be sent
bindaddr *

# TLS/DTLS settings

# The type of authentication to use for the radius server.
# The available options are 'tls' and 'dtls', or should be commented
# out to use plain UDP. TLS and DTLS authentication can be used
# with PSK keys or X.509 certificate authentication (see below).
#serv-auth-type	tls

# The CA certificate to be used to verify the server's certificate.
# Does not need to be set if we are using PSK (pre-shared keys).
#tls-ca-file /etc/radcli/ca.pem

# Our certificate and key files. These identify this NAS to the
# radius servers. They don't need to be set if using PSK.
#tls-cert-file /etc/radcli/cert.pem
#tls-key-file /etc/radcli/key.pem

# Used for debugging purposed. It will disable hostname verification
# on the connected host. Not recommended to be enabled.
#tls-verify-hostname false