prefix = /usr/local
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = /var/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct

#  Location of config and logfiles.
confdir = ${raddbdir}
run_dir = /var/run/radiusd

#  The logging messages for the server are appended to the
#  tail of this file.
log_file = ${logdir}/radius.log

# Where to find the rlm_* modules.
libdir = ${exec_prefix}/lib

# Pid file
pidfile = ${run_dir}/radiusd.pid

# User/Group, if commented out, radiusd will run as the user/group
# it stated running as
#user = nobody
#group = nobody

# The maximum time (in seconds) to handle a request.
max_request_time = 2

# If the request takes MORE THAN 'max_request_time' to be handled, delete it
delete_blocked_requests = no

# Time after which a request is removed from the request cache
cleanup_delay = 5

# The maximum number of requests which the server keeps track of
max_requests = 1024

# Listen for auth requests only.
listen {
  ipaddr = *
  port = 1812
  type = auth
}

listen {
  ipaddr = *
  port = 1813
  type = acct
}

# Log the names of clients or just their IP addresses
hostname_lookups = no

# Should only be set to yes for debugging a test server
allow_core_dumps = yes

# Regular expressions
regular_expressions = yes
extended_expressions = yes

# Log the full User-Name attribute, as it was found in the request
log_stripped_names = yes

# Log authentication requests to the log file
log_auth = yes

# Log passwords with the authentication requests
log_auth_badpass = yes
log_auth_goodpass = yes

# Username collision, recommended not to be used, will only work
# with plain text passwords and even then may act strangely
usercollide = no

# Can be used to lower username/password before or after authentication
# or not at all
lower_user = no
lower_pass = no

# Remove spaces from username/password
nospace_user = no
nospace_pass = no

# The program to execute to do concurrency checks.
checkrad = ${sbindir}/checkrad

### Security configuration

# Max number of attributes per Radius packet
max_attributes = 200

# Wait before sending a REJECT, good for brute force password attacks
reject_delay = 0

# Whether or not the server will respond to Status-Server requests
# They're useless, but certain access servers may request them
status_server = no

### End security configuration

# Client conf file
$INCLUDE  ${confdir}/clients.conf

# Snmp
snmp    = no

# Threads
thread pool {

    # Servers to start initially 
    start_servers = 5

    # Max servers, if this is reached clients will be locked out
    max_servers = 32

    # Spare servers
    min_spare_servers = 3
    max_spare_servers = 10

    # Max requests per server, useful for leaks
    max_requests_per_server = 0
}

# Modules
modules {
    dbm {
      usersfile = "/usr/local/etc/raddb/users"
    }

    # Users file
    files {
    	acctusersfile ="/usr/local/etc/raddb/acct_users"
    }

    pap {
        encryption_scheme = crypt
    }

    chap {
        authtype = CHAP
    }


#DETAIL FILES FOR SPLIT LOGGING
    detail wholesale {
	detailfile = ${radacctdir}/wsale_detail-%Y%m%d 
	detailperm = 0644
    }
    detail retail {
	detailfile = ${radacctdir}/retail_detail-%Y%m%d
	detailperm = 0644
    }

}

authorize {
  group {

    group {
      dbm {
        ok = return
        reject = return
        notfound = 1
        fail = return
      }
      ok = return
      reject = return
      notfound = return
      fail = return
    }
  }
}


authenticate {
  Auth-Type PAP {
    pap
  }

  Auth-Type CHAP {
    chap
  }
}

accounting {
        #
        #  Create a 'detail'ed log of the packets.
        #  Note that accounting requests which are proxied
        #  are also logged in the detail file.
#        detail
#       daily
#DETAIL ACCOUNTING REFERENCE	
	Acct-Type WHOLESALE {
		  wholesale
    	}

	Acct-Type RETAIL {
		 retail 
	}
}

