#1232420100000015 Auth-Type := EAP, Autz-Type:=EAP, EAP-Type := SIM # EAP-Sim-Rand1 = 0x30000000000000000000000000000000, # EAP-Sim-SRES1 = 0x30112233, # EAP-Sim-KC1 = 0x445566778899AABB, # EAP-Sim-Rand2 = 0x31000000000000000000000000000000, # EAP-Sim-SRES2 = 0x31112233, # EAP-Sim-KC2 = 0x445566778899AABB, # EAP-Sim-Rand3 = 0x32000000000000000000000000000000, # EAP-Sim-SRES3 = 0x32112233, # EAP-Sim-KC3 = 0x445566778899AABB, #2244070100000001@japsim.foo Auth-Type := EAP, Autz-Type:= EAP, EAP-Type := SIM # EAP-Sim-Rand1 = 0x101112131415161718191a1b1c1d1e1f, # EAP-Sim-SRES1 = 0xd1d2d3d4, # EAP-Sim-Rand2 = 0x202122232425262728292a2b2c2d2e2f, # EAP-Sim-SRES2 = 0xe1e2e3e4, # EAP-Sim-Rand3 = 0x303132333435363738393a3b3c3d3e3f, # EAP-Sim-SRES3 = 0xf1f2f3f4, # EAP-Sim-KC1 = 0xa0a1a2a3a4a5a6a7, # EAP-Sim-KC2 = 0xb0b1b2b3b4b5b6b7, # EAP-Sim-KC3 = 0xc0c1c2c3c4c5c6c7, # # Please read the documentation file ../doc/processing_users_file, # or 'man 5 users' (after installing the server) for more information. # # This file contains authentication security and configuration # information for each user. Accounting requests are NOT processed # through this file. Instead, see 'acct_users', in this directory. # # The first field is the user's name and can be up to # 253 characters in length. This is followed (on the same line) with # the list of authentication requirements for that user. This can # include password, comm server name, comm server port number, protocol # type (perhaps set by the "hints" file), and huntgroup name (set by # the "huntgroups" file). # # If you are not sure why a particular reply is being sent by the # server, then run the server in debugging mode (radiusd -X), and # you will see which entries in this file are matched. # # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # # If you use the database support to turn this file into a .db or .dbm # file, the DEFAULT entries _have_ to be at the end of this file and # you can't have multiple entries for one username. # # You don't need to specify a password if you set Auth-Type += System # on the list of authentication requirements. The RADIUS server # will then check the system password file. # # Indented (with the tab character) lines following the first # line indicate the configuration values to be passed back to # the comm server to allow the initiation of a user session. # This can include things like the PPP configuration values # or the host to log the user onto. # # You can include another `users' file with `$INCLUDE users.other' # # # For a list of RADIUS attributes, and links to their definitions, # see: # # http://www.freeradius.org/rfc/attributes.html # @asb.com User-Password == "mypass@wd" Framed-MTU = 3795, 3GPP2-Service-Option-Profile = 0x000000100104a501, Fall-Through = Yes myuser User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, 3GPP2-Service-Option-Profile = 0x000000100104a501, Service-Flow-Descriptor = 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x8001038304030206060001f4000c0302, QoS-Descriptor += 0x000103840403020606000fa0000c0302, Fall-Through = Yes #VSA SF #myuser Auth-Type := Local, User-Password == "mypass@wd" # Session-Timeout = 3600, # Termination-Action = 1, # Class = 0x1234567890, # User-Name = "accounting", # Service-Flow-Descriptor += 0x800104111102041112040303050304060301070311080312, # Service-Flow-Descriptor += 0x000104002302040003040303050301060301070304, # QoS-Descriptor += 0x8001031104030206060007d0000c0302, # QoS-Descriptor += 0x800103120403020606001f40000c0302, # QoS-Descriptor += 0x0001030404030606060001d4c0070600015f900906000000140a06000000190c03010d040014 BE2048 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x000103840403020606001F40000c0302 UGS1024 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041111040303050304060301070311, QoS-Descriptor += 0x000103110403060706000fa0000906000000140a06000000140c03010d040014 UGS3073 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041111040303050304060301070312, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 BE_UGS User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x800104008302040083040303050304060301070383080384, Service-Flow-Descriptor += 0x0001041111040303050304060301070312, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x800103840403020606001F40000c0302, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 ERTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x000103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380 ERTVR_BE User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x800103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x000103840403020606001F40000c0302 ERTVR_UGS User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070312, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x800103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 UGS_ERTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041111040303050304060301070312, Service-Flow-Descriptor += 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x800103120403060706000fa0000906000000140a06000000140c03010d040014, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x000103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380 ERTVR_UGS2 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070312, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x800103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 ERTVR_UGS1 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070311, QoS-Descriptor += 0x800103130403050503030606000fa00007060007d00009060000000a0a06000000140c03800d040014, QoS-Descriptor += 0x800103140403050503030606002ee3e80706000fa00009060000000a0a06000000140c0380, QoS-Descriptor += 0x000103110403060706000fa0000906000000140a06000000140c03010d040014 NRTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x8001031304030305030107060003e8000c0382, QoS-Descriptor += 0x0001031404030305030107060007d0000c0382 NRTVR1 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x8001031304030305030106060007d00007060007d0000c0382, QoS-Descriptor += 0x000103140403030503010606000fa0000706000fa0000c0382 NRTVR_UGS User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070312, QoS-Descriptor += 0x8001031304030305030106060007d00007060007d0000c0382, QoS-Descriptor += 0x800103140403030503010606000fa0000706000fa0000c0382, QoS-Descriptor += 0x000103120403060706002ee3e80906000000140a06000000140c03010d040014 NRTVR_BE User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x8001031304030305030106060007d00007060007d0000c0382, QoS-Descriptor += 0x800103140403030503010606000fa0000706000fa0000c0382, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x000103840403020606001F40000c0302 NRTVR_UGS1 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070311, QoS-Descriptor += 0x8001031304030305030106060007d00007060007d0000c0382, QoS-Descriptor += 0x800103140403030503010606000fa0000706000fa0000c0382, QoS-Descriptor += 0x000103110403060706000fa0000906000000140a06000000140c03010d040014 RTVR User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor = 0x0001041112040303050304060301070313080314, QoS-Descriptor += 0x800103130403040503020606000FA00007060007d0000a06000000640c03810f040032, QoS-Descriptor += 0x000103140403040503020606001f40000706000fa0000a06000000640c0381 RTVR_BE User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x000104008302040083040303050304060301070383080384, QoS-Descriptor += 0x800103130403040503020606000FA00007060007d0000a06000000640c03810f040032, QoS-Descriptor += 0x800103140403040503020606001f40000706000fa0000a06000000640c0381, QoS-Descriptor += 0x800103830403020606000F40000c0302, QoS-Descriptor += 0x000103840403020606001F40000c0302 RTVR_UGS1 User-Password == "mypass@wd" Session-Timeout = 3600, Termination-Action = 1, Service-Flow-Descriptor += 0x8001041112040303050304060301070313080314, Service-Flow-Descriptor += 0x0001041111040303050304060301070311, QoS-Descriptor += 0x800103130403040503020606000FA00007060007d0000a06000000640c03810f040032, QoS-Descriptor += 0x800103140403040503020606001f40000706000fa0000a06000000640c0381, QoS-Descriptor += 0x800103140403030503010606000fa0000706000fa0000c0382, QoS-Descriptor += 0x000103110403060706000fa0000906000000140a06000000140c03010d040014 # # Deny access for a specific user. Note that this entry MUST # be before any other 'Auth-Type' attribute which results in the user # being authenticated. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #lameuser Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # Deny access for a group of users. # # Note that there is NO 'Fall-Through' attribute, so the user will not # be given any additional resources. # #DEFAULT Group == "disabled", Auth-Type := Reject # Reply-Message = "Your account has been disabled." # # # This is a complete entry for "steve". Note that there is no Fall-Through # entry so that no DEFAULT entry will be used, and the user will NOT # get any attributes in addition to the ones listed here. # #steve Auth-Type := Local, User-Password == "testing" # Service-Type = Framed-User, # Framed-Protocol = PPP, # Framed-IP-Address = 172.16.3.33, # Framed-IP-Netmask = 255.255.255.0, # Framed-Routing = Broadcast-Listen, # Framed-Filter-Id = "std.ppp", # Framed-MTU = 1500, # Framed-Compression = Van-Jacobsen-TCP-IP # # This is an entry for a user with a space in their name. # Note the double quotes surrounding the name. # #"John Doe" Auth-Type := Local, User-Password == "hello" # Reply-Message = "Hello, %u" # # Dial user back and telnet to the default host for that port # #Deg Auth-Type := Local, User-Password == "ge55ged" # Service-Type = Callback-Login-User, # Login-IP-Host = 0.0.0.0, # Callback-Number = "9,5551212", # Login-Service = Telnet, # Login-TCP-Port = Telnet # # Another complete entry. After the user "dialbk" has logged in, the # connection will be broken and the user will be dialed back after which # he will get a connection to the host "timeshare1". # #dialbk Auth-Type := Local, User-Password == "callme" # Service-Type = Callback-Login-User, # Login-IP-Host = timeshare1, # Login-Service = PortMaster, # Callback-Number = "9,1-800-555-1212" # # user "swilson" will only get a static IP number if he logs in with # a framed protocol on a terminal server in Alphen (see the huntgroups file). # # Note that by setting "Fall-Through", other attributes will be added from # the following DEFAULT entries # #swilson Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.65, # Fall-Through = Yes # # If the user logs in as 'username.shell', then authenticate them # against the system database, give them shell access, and stop processing # the rest of the file. # #DEFAULT Suffix == ".shell", Auth-Type := System # Service-Type = Login-User, # Login-Service = Telnet, # Login-IP-Host = your.shell.machine # # The rest of this file contains the several DEFAULT entries. # DEFAULT entries match with all login names. # Note that DEFAULT entries can also Fall-Through (see first entry). # A name-value pair from a DEFAULT entry will _NEVER_ override # an already existing name-value pair. # # # First setup all accounts to be checked against the UNIX /etc/passwd. # (Unless a password was already given earlier in this file). # DEFAULT Auth-Type = Local # 3GPP2-Service-Option-Profile = 0x000000020104800101048101, # 3GPP2-Service-Option-Profile = 0x000000100104800101048801010490010104A0010104A8010104B0010104C0010104800101048801010490010104A0010104A8010104B0010104C0010104800101048801, # Session-Timeout = 3600, # Termination-Action = 1 # Fall-Through = 1 # # Set up different IP address pools for the terminal servers. # Note that the "+" behind the IP address means that this is the "base" # IP address. The Port-Id (S0, S1 etc) will be added to it. # #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "alphen" # Framed-IP-Address = 192.168.1.32+, # Fall-Through = Yes #DEFAULT Service-Type == Framed-User, Huntgroup-Name == "delft" # Framed-IP-Address = 192.168.2.32+, # Fall-Through = Yes # # Defaults for all framed connections. # #DEFAULT Service-Type == Framed-User # Framed-IP-Address = 255.255.255.254, # Framed-MTU = 576, # Service-Type = Framed-User, # Fall-Through = Yes # # Default for PPP: dynamic IP address, PPP mode, VJ-compression. # NOTE: we do not use Hint = "PPP", since PPP might also be auto-detected # by the terminal server in which case there may not be a "P" suffix. # The terminal server sends "Framed-Protocol = PPP" for auto PPP. # #DEFAULT Framed-Protocol == PPP # Framed-Protocol = PPP, # Framed-Compression = Van-Jacobson-TCP-IP # # Default for CSLIP: dynamic IP address, SLIP mode, VJ-compression. # #DEFAULT Hint == "CSLIP" # Framed-Protocol = SLIP, # Framed-Compression = Van-Jacobson-TCP-IP # # Default for SLIP: dynamic IP address, SLIP mode. # #DEFAULT Hint == "SLIP" # Framed-Protocol = SLIP # # Last default: rlogin to our main server. # #DEFAULT # Service-Type = Login-User, # Login-Service = Rlogin, # Login-IP-Host = shellbox.ispdomain.com # # # # Last default: shell on the local terminal server. # # # DEFAULT # Service-Type = Shell-User # On no match, the user is denied access.