## ## radiusd.conf -- FreeRADIUS server configuration file. ## prefix = /usr/local/freeradius/ exec_prefix = ${prefix} sysconfdir = ${prefix}/etc localstatedir = ${prefix}/var sbindir = ${exec_prefix}/sbin logdir = /usr/local/freeradius/logs raddbdir = /usr/local/freeradius/raddb radacctdir = /usr/local/freeradius/logs confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid user = freerad group = freerad max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = yes allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = yes log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = before nospace_pass = no checkrad = ${sbindir}/checkrad # SECURITY CONFIGURATION # security { max_attributes = 200 reject_delay = 1 status_server = yes } # PROXY CONFIGURATION # proxy_requests = no # CLIENTS CONFIGURATION # $INCLUDE ${confdir}/clients.conf # SNMP CONFIGURATION # snmp = no # THREAD POOL CONFIGURATION # thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } # MODULE CONFIGURATION # modules { pap { encryption_scheme = md5 } chap { authtype = CHAP } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users preproxy_usersfile = ${confdir}/preproxy_users # don't want to use the old Cistron 'users' file compat = no } detail { detailfile = ${radacctdir}/acct-%Y%m%d.log detailperm = 0600 } detail auth_log { detailfile = ${radacctdir}/cert-%Y%m%d.log detailperm = 0600 } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } $INCLUDE ${confdir}/sql.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = yes perm = 0600 callerid = "yes" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } } authorize { preprocess auth_log chap sql files } authenticate { Auth-Type PAP { pap } Auth-Type CHAP { chap } } preacct { preprocess acct_unique } accounting { detail radutmp } session { radutmp } # Post-Authentication # Once we KNOW that the user has been authenticated, there are # additional steps we can take. post-auth { } pre-proxy { files } post-proxy { }