# RADIUS settings # The name to be used to identify this NAS (server). If set it will # be used in NAS-Identifier. #nas-identifier my-server-name # RADIUS server to use for authentication requests. this config # item can appear more then one time. if multiple servers are # defined they are tried in a round robin fashion if one # server is not answering. # optionally you can specify a the port number on which is remote # RADIUS listens separated by a colon from the hostname. if # no port is specified /etc/services is consulted of the radius # service. if this fails also a compiled in default is used. # For IPv6 addresses use the '[IPv6]:port' format, or # simply '[IPv6]'. authserver localhost:2083 # For DTLS with PSK authentication, the following format is valid: #authserver localhost:2083:psk@username@hexkey # In TLS/DTLS the acct server directive is ignored. # acctserver localhost:2083 # file holding PSKs used for the communication # between the RADIUS client and server. They should # be stored in "psk:username:hexkey" format. #servers /etc/radcli/servers-tls # dictionary of allowed attributes and values # just like in the normal RADIUS distributions #dictionary /etc/radcli/dictionary # default authentication realm to append to all usernames if no # realm was explicitly specified by the user # the radiusd directly form Livingston doesnt use any realms, so leave # it blank then default_realm # time to wait for a reply from the RADIUS server radius_timeout 10 # resend request this many times before trying the next server radius_retries 3 # The length of time in seconds that we skip a nonresponsive RADIUS # server for transaction requests. Server(s) being in the "dead" state # are tried only after all other non-dead servers have been tried and # failed or timeouted. The deadtime interval starts when the server # does not respond to an authentication/accounting request transmissions. # When the interval expires, the "dead" server would be re-tried again, # and if it's still down then it will be considered "dead" for another # such interval and so on. This option is no-op if there is only one # server in the list. Set to 0 in order to disable the feature. radius_deadtime 0 # local address from which radius packets have to be sent bindaddr * # TLS/DTLS settings # The type of authentication to use for the radius server. # The available options are 'tls' and 'dtls', or should be commented # out to use plain UDP. TLS and DTLS authentication can be used # with PSK keys or X.509 certificate authentication (see below). #serv-auth-type tls # The CA certificate to be used to verify the server's certificate. # Does not need to be set if we are using PSK (pre-shared keys). #tls-ca-file /etc/radcli/ca.pem # Our certificate and key files. These identify this NAS to the # radius servers. They don't need to be set if using PSK. #tls-cert-file /etc/radcli/cert.pem #tls-key-file /etc/radcli/key.pem # Used for debugging purposed. It will disable hostname verification # on the connected host. Not recommended to be enabled. #tls-verify-hostname false