##
## radiusd.conf	-- FreeRADIUS server configuration file.
##

prefix = /usr
exec_prefix = ${prefix}
sysconfdir = /etc
localstatedir = /var
sbindir = ${exec_prefix}/sbin
logdir = /var/log
raddbdir = /srv/radiusd
radacctdir = /srv/radiusd/acct

confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd

log_file = ${logdir}/radius.log
libdir = ${exec_prefix}/lib

pidfile = ${run_dir}/radiusd.pid


max_request_time = 30

delete_blocked_requests = no

cleanup_delay = 5

max_requests = 1024

bind_address = *

port = 0

hostname_lookups = no

allow_core_dumps = no

regular_expressions	= yes
extended_expressions	= yes

log_stripped_names = no

log_auth = no

log_auth_badpass = no
log_auth_goodpass = no

usercollide = no

lower_user = no
lower_pass = no

nospace_user = no
nospace_pass = no

checkrad = ${sbindir}/checkrad

security {
	max_attributes = 200
	reject_delay = 1
	status_server = no
}

proxy_requests  = yes
$INCLUDE  ${confdir}/proxy.conf
$INCLUDE  ${confdir}/clients.conf

thread pool {
	start_servers = 5
	max_servers = 32
	min_spare_servers = 3
	max_spare_servers = 10
	max_requests_per_server = 0
}

modules {
	pap {
		encryption_scheme = crypt
	}

	chap {
		authtype = CHAP
	}

	pam {
		pam_auth = radiusd
	}

	unix {
		cache = no
		cache_reload = 600
		radwtmp = ${logdir}/radwtmp
	}

$INCLUDE ${confdir}/eap.conf

	mschap {
		authtype = MS-CHAP
	}

	ldap {
		server = "ldap.your.domain"
		basedn = "o=My Org,c=UA"
		filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
		start_tls = no
		access_attr = "dialupAccess"
		dictionary_mapping = ${raddbdir}/ldap.attrmap
		ldap_connections_number = 5

		timeout = 4
		timelimit = 3
		net_timeout = 1
	}


	realm IPASS {
		format = prefix
		delimiter = "/"
		ignore_default = no
		ignore_null = no
	}

	realm suffix {
		format = suffix
		delimiter = "@"
		ignore_default = no
		ignore_null = no
	}

	realm realmpercent {
		format = suffix
		delimiter = "%"
		ignore_default = no
		ignore_null = no
	}

	realm ntdomain {
		format = prefix
		delimiter = "\\"
		ignore_default = no
		ignore_null = no
	}	

	checkval {
		item-name = Calling-Station-Id
		check-name = Calling-Station-Id
		data-type = string
	}
	
	preprocess {
		huntgroups = ${confdir}/huntgroups
		hints = ${confdir}/hints
		with_ascend_hack = no
		ascend_channels_per_line = 23
		with_ntdomain_hack = no
		with_specialix_jetstream_hack = no
		with_cisco_vsa_hack = no
	}

	files {
		usersfile = ${confdir}/users
		acctusersfile = ${confdir}/acct_users
		preproxy_usersfile = ${confdir}/preproxy_users
		compat = no
	}

	detail {
		detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
		detailperm = 0600
	}

	acct_unique {
		key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
	}


	$INCLUDE  ${confdir}/sql.conf

	radutmp {
		filename = ${logdir}/radutmp
		username = %{User-Name}
		case_sensitive = yes
		check_with_nas = yes		
		perm = 0600
		callerid = "yes"
	}

	radutmp sradutmp {
		filename = ${logdir}/sradutmp
		perm = 0644
		callerid = "no"
	}

	attr_filter {
		attrsfile = ${confdir}/attrs
	}

	counter daily {
		filename = ${raddbdir}/db.daily
		key = User-Name
		count-attribute = Acct-Session-Time
		reset = daily
		counter-name = Daily-Session-Time
		check-name = Max-Daily-Session
		allowed-servicetype = Framed-User
		cache-size = 5000
	}

	always fail {
		rcode = fail
	}
	always reject {
		rcode = reject
	}
	always ok {
		rcode = ok
		simulcount = 0
		mpp = no
	}

	expr {
	}

	digest {
	}

	exec {
		wait = yes
		input_pairs = request
	}

	exec echo {
		wait = yes
		program = "/bin/echo %{User-Name}"
		input_pairs = request
		output_pairs = reply
	}

	ippool main_pool {
		range-start = 192.168.1.1
		range-stop = 192.168.3.254
		netmask = 255.255.255.0
		cache-size = 800
		session-db = ${raddbdir}/db.ippool
		ip-index = ${raddbdir}/db.ipindex
		override = no
		maximum-timeout = 0
	}

}

instantiate {
	exec
	expr
}

authorize {
	preprocess
	chap
	mschap
	suffix
#	eap
	files
######################################################################################################################################
#			ACA ESTA LA PUTA CONF PARA CUANDO DICE Q NO ENCUENTRA UNA METODO DE AUTHENTICACION :P			     #
######################################################################################################################################
	Autz-Type SQL {
		sql
	}

}

authenticate {

	
	Auth-Type PAP {
		pap
	}

	Auth-Type CHAP {
		chap
	}

	Auth-Type MS-CHAP {
		mschap
	}

	unix
#	Auth-Type LDAP {
#		ldap
#	}

	eap
}


preacct {
#	preprocess
#	acct_unique
	suffix
	files
}

accounting {
#	detail
#	unix
#	radutmp

Acct-Type wireless {
	sql
    }

Acct-Type dhcp {
	sql
    }

}

session {
#	radutmp
}


post-auth {

}

pre-proxy {
}

post-proxy {
}
