prefix = /usr
exec_prefix = /usr
sysconfdir = /etc
localstatedir = /var
sbindir = /usr/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
libdir = /usr/lib
pidfile = ${run_dir}/radiusd.pid
user = radiusd
group = radiusd
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = no
extended_expressions = no
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
lower_user = no
lower_pass = no
nospace_user = no
nospace_pass = no
checkrad = ${sbindir}/checkrad
proxy_requests = no
snmp = no

security {
  max_attributes = 200
  reject_delay = 0
  status_server = no
}

thread pool {
  start_servers = 5
  max_servers = 32
  min_spare_servers = 3
  max_spare_servers = 10
  max_requests_per_server = 1000
}

modules {
  eap {
    default_eap_type = peap
    timer_expire = 60
    ignore_unknown_eap_types = no
    cisco_accounting_username_bug = no

    tls {
      certificate_file = ${raddbdir}/certs/radiusd.crt
      private_key_file = ${raddbdir}/certs/radiusd.key
      CA_file = ${raddbdir}/certs/radiusd.crt
      dh_file = ${raddbdir}/certs/dh
      random_file = /dev/urandom
    }

    peap {
      default_eap_type = mschapv2
    }

    mschapv2 {
    }
  }

  ldap {
    server = "ldap"
    basedn = "dc=whatever"
    filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
    start_tls = no
    access_attr = "uid"
    dictionary_mapping = ${raddbdir}/ldap.attrmap
    ldap_connections_number = 5
    timeout = 4
    timelimit = 3
    net_timeout = 1
  }
}

instantiate {
  eap
}

authorize {
  eap
}

authenticate {
  eap
}

preacct {
}

accounting {
}

session {
}

post-auth {
}

pre-proxy {
}

post-proxy {
}

client 127.0.0.1 {
  secret = test
  shortname = localhost
  nastype = other
}