# FreeRadius config with MySQL backend. # 10 May 2005 By Marcin Jessa prefix = /usr exec_prefix = ${prefix} sysconfdir = /etc localstatedir = /var sbindir = ${exec_prefix}/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid user = radiusd group = radiusd max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 #listen { # IP address on which to listen. # Allowed values are: # dotted quad (1.2.3.4) # hostname (radius.example.com) # wildcard (*) # ipaddr = * # Port on which to listen. # Allowed values are: # integer port number (1812) # 0 means "use /etc/services for the proper port" # port = 0 # Type of packets to listen for. # Allowed values are: # auth listen for authentication packets # acct listen for accounting packets # # type = auth #} hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = yes log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = no } proxy_requests = no #$INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no #$INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { chap { authtype = CHAP } mschap { authtype = MS-CHAP use_mppe = no #require_encryption = yes #require_strong = yes #with_ntdomain_hack = no #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}" } realm IPASS { format = prefix delimiter = "/" ignore_default = no ignore_null = yes } # 'username@realm' # realm suffix { format = suffix delimiter = "@" ignore_default = no ignore_null = yes } # 'username%realm' # realm realmpercent { format = suffix delimiter = "%" ignore_default = no ignore_null = yes } # # 'domain\user' # realm ntdomain { format = prefix delimiter = "\\" ignore_default = no ignore_null = yes } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = no } acct_unique { key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" } $INCLUDE ${confdir}/sql.conf attr_filter { attrsfile = ${confdir}/attrs } $INCLUDE ${confdir}/sqlcounter.conf # The "always" module is here for debugging purposes. Each # instance simply returns the same result, always, without # doing anything. always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } } instantiate { expr noresetcounter dailycounter weeklycounter monthlycounter } authorize { preprocess chap mschap suffix sql noresetcounter dailycounter weeklycounter monthlycounter } authenticate { Auth-Type CHAP { chap } Auth-Type MS-CHAP { mschap } } preacct { preprocess acct_unique suffix } accounting { sql } session { sql } post-auth { sql }