How to configure freeRadius with couchbase
Sagar Shinde
sagar.it01 at gmail.com
Thu Oct 8 14:58:48 CEST 2020
Hi Alan,
We configured freeRadius server with mySql database which worked for us
previously,
Now we want to use couchbase, we build couchbase server and we created
bucket to store data.
we followed documentation in mods-available/couchbase and tried to
configure couchbase but it is not working for us.
do we need more configurations to get this working.
couchbase {
#
# List of Couchbase hosts (hosts may be space, tab, comma or
semi-colon separated).
# Ports are optional if servers are listening on the standard
port.
# Complete pool urls are preferred.
#
server = "http://127.0.0.1:8091/pools"
# Couchbase bucket name
bucket = "radiusBucket"
# Couchbase bucket password (optional)
#password = "password"
# Couchbase accounting document key (unlang supported)
acct_key =
"radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}"
# Value for the 'docType' element in the json body for
accounting documents
doctype = "radacct"
## Accounting document expire time in seconds (0 = never)
expire = 2592000
#
# Map attribute names to json element names for accounting.
#
# Configuration items are in the format:
# <radius attribute> = '<element name>'
#
# Element names should be single quoted.
#
# Note: Attributes not in this map will not be recorded.
#
update {
Acct-Session-Id = 'sessionId'
Acct-Unique-Session-Id = 'uniqueId'
Acct-Status-Type = 'lastStatus'
Acct-Authentic = 'authentic'
User-Name = 'userName'
Stripped-User-Name = 'strippedUserName'
Stripped-User-Domain = 'strippedUserDomain'
Realm = 'realm'
NAS-IP-Address = 'nasIpAddress'
NAS-Identifier =
'nasIdentifier'
NAS-Port = 'nasPort'
Called-Station-Id =
'calledStationId'
Called-Station-SSID =
'calledStationSSID'
Calling-Station-Id =
'callingStationId'
Framed-Protocol =
'framedProtocol'
Framed-IP-Address = 'framedIpAddress'
NAS-Port-Type = 'nasPortType'
Connect-Info = 'connectInfo'
Acct-Session-Time = 'sessionTime'
Acct-Input-Packets = 'inputPackets'
Acct-Output-Packets = 'outputPackets'
Acct-Input-Octets = 'inputOctets'
Acct-Output-Octets = 'outputOctets'
Acct-Input-Gigawords = 'inputGigawords'
Acct-Output-Gigawords = 'outputGigawords'
Event-Timestamp =
'lastUpdated'
}
# Couchbase document key for user documents (unlang supported)
user_key =
"raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}"
# Set to 'yes' to read radius clients from the Couchbase view
specified below.
# NOTE: Clients will ONLY be read on server startup.
#read_clients = no
#
# Map attribute names to json element names when loading
clients.
#
# Configuration follows the same rules as the accounting map
above.
#
client {
# Couchbase view that should return all
available client documents.
view = "_design/client/_view/by_id"
#
# Sets default values (not obtained from
couchbase) for new client entries
#
template {
# login
= 'test'
# password
= 'test'
# proto
= tcp
# require_message_authenticator
= yes
# Uncomment to add a home_server
with the same
# attributes as the client.
# coa_server {
# response_window =
2.0
# }
}
#
# Client mappings are in the format:
# <client attribute> = '<element name>'
#
# Element names should be single quoted.
#
# The following attributes are required:
# * ipaddr | ipv4addr | ipv6addr - Client IP
Address.
# * secret - RADIUS shared secret.
#
# All attributes usually supported in a client
# definition are also supported here.
#
attribute {
ipaddr
= 'clientIdentifier'
secret
= 'clientSecret'
shortname
= 'clientShortname'
nas_type
= 'nasType'
virtual_server
= 'virtualServer'
require_message_authenticator
= 'requireMessageAuthenticator'
limit {
max_connections
= 'maxConnections'
lifetime
= 'clientLifetime'
idle_timeout
= 'idleTimeout'
}
}
}
# Set to 'yes' to enable simultaneous use checking (multiple
logins).
# NOTE: This will cause the execution of a view request on
every check
# and may be a performance penalty.
# check_simul = no
# Couchbase view that should return all account documents
keyed by username.
# simul_view = "_design/acct/_view/by_user"
# The key to the above view.
# NOTE: This will need to match EXACTLY what you emit from
your view.
# simul_vkey =
"%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}"
# Set to 'yes' to enable verification of the results returned
from the above view.
# NOTE: This may be an additional performance penalty to the
actual check and
# should be avoided unless absolutely neccessary.
# verify_simul = no
# Remove stale session if checkrad does not see a double
login.
# NOTE: This will only be executed if both check_simul and
verify_simul
# are set to 'yes' above.
# delete_stale_sessions = yes
#
# The connection pool is new for 3.0, and will be used in
many
# modules, for all kinds of connection-related activity.
#
pool {
# Connections to create during module
instantiation.
# If the server cannot create specified
number of
# connections during instantiation it will
exit.
# Set to 0 to allow the server to start
without the
# couchbase being available.
start = ${thread[pool].start_servers}
# Minimum number of connections to keep open
min = ${thread[pool].min_spare_servers}
# Maximum number of connections
#
# If these connections are all in use and a
new one
# is requested, the request will NOT get a
connection.
#
# Setting 'max' to LESS than the number of
threads means
# that some threads may starve, and you will
see errors
# like 'No connections available and at max
connection limit'
#
# Setting 'max' to MORE than the number of
threads means
# that there are more connections than
necessary.
max = ${thread[pool].max_servers}
# Spare connections to be left idle
#
# NOTE: Idle connections WILL be closed if
"idle_timeout"
# is set. This should be less than or equal
to "max" above.
spare = ${thread[pool].max_spare_servers}
# Number of uses before the connection is
closed
#
# 0 means "infinite"
uses = 0
# The lifetime (in seconds) of the connection
#
# NOTE: A setting of 0 means infinite (no
limit).
lifetime = 0
# The idle timeout (in seconds). A
connection which is
# unused for this length of time will be
closed.
#
# NOTE: A setting of 0 means infinite (no
timeout).
idle_timeout = 1200
# NOTE: All configuration settings are
enforced. If a
# connection is closed because of
"idle_timeout",
# "uses", or "lifetime", then the total
number of
# connections MAY fall below "min". When that
# happens, it will open a new connection. It
will
# also log a WARNING message.
#
# The solution is to either lower the "min"
connections,
# or increase lifetime/idle_timeout.
}
}
More information about the Freeradius-Users
mailing list