2 # Main Configuration File
4 # it can be default or whatever language. Only greek are supported
5 # from non latin alphabet languages
6 # These attribute only apply for ldap not for sql
8 general_prefered_lang: en
9 general_prefered_lang_name: English
11 # The charset which will be added as a meta tag in all pages
13 general_charset: iso-8859-1
15 # Uncomment this if normal attributes (not the ;lang-xx ones) in ldap
18 #general_decode_normal_attributes: yes
20 # The directory where dialupadmin is installed
22 general_base_dir: /usr/local/dialup_admin
24 # The base directory of the freeradius radius installation
26 general_radiusd_base_dir: /usr/local/radiusd
27 general_domain: company.com
29 # Set it to yes to use sessions and cache the various mappings
30 # You can also set use_session = 1 in config.php3 to also cache
33 # ---- IMPORTANT -- IMPORTANT -- IMPORTANT ----
34 #Remember to use the 'Clear Cache' page if you use sessions and do any changes
35 #in any of the configuration files.
37 general_use_session: no
39 # This is used by the failed logins page. It states the default back time
42 general_most_recent_fl: 30
47 # Set general_strip_realms to yes in order to stip realms from usernames.
48 # By default realms are not striped
49 #general_strip_realms : yes
51 # The delimiter used in realms. Default is @
53 general_realm_delimiter: @
55 # The format of the realms. Can be either suffix (realm is after the username)
56 # or prefix (realm is before the username). Default is suffix
58 general_realm_format: suffix
62 # Determines if the administrator will be able to see and change the user password through
64 general_show_user_password: yes
66 general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb
67 general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap
68 # Need to fix admin.conf file parser
69 #general_clients_conf: %{general_raddb_dir}/clients.conf
70 general_clients_conf: /usr/local/etc/raddb/clients.conf
71 general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap
72 general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs
73 general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap
75 # it can be either ldap or sql
76 # This affects the user base not accounting. Accounting is always in sql
80 # Define which attributes will be visible in the user edit page
82 general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs
84 # Used by the Accounting Report Generator
86 general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs
88 # Set default values for various attributes
90 general_default_file: %{general_base_dir}/conf/default.vals
91 #general_ld_library_path: /usr/local/snmpd/lib
93 # can be 'snmp' (for snmpfinger) or empty to query the radacct table without first
95 # This is used by the online users page
97 general_finger_type: snmp
99 # Defines the nas type. This is only used by snmpfinger
100 # cisco and lucent are supported for now
102 general_nas_type: cisco
103 general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
104 general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
106 # this information is used from the server check page
108 general_test_account_login: test
109 general_test_account_password: testpass
111 # These are used as default values for the user test page
113 general_radius_server: localhost
114 general_radius_server_port: 1812
116 # can be either pap or chap
118 general_radius_server_auth_proto: pap
120 # sorry, single valued for now. Should become something like
121 # password[server-name]: xxxxx
123 general_radius_server_secret: XXXXXX
124 general_auth_request_file: %{general_base_dir}/conf/auth.request
126 # can be one of crypt,md5,clear
128 general_encryption_method: crypt
130 # can be either asc (older dates first) or desc (recent dates first)
131 # This is used in the user accounting and badusers pages
133 general_accounting_info_order: desc
135 # Use the totacct table in the user statistics page instead of the radacct
136 # table. That will make the page run quicker. totacct should have data for
139 general_stats_use_totacct: no
141 # If set to yes then we only allow each administrator to examine it's own entries
142 # in the badusers table
144 general_restrict_badusers_access: no
146 INCLUDE: %{general_base_dir}/conf/naslist.conf
148 INCLUDE: %{general_base_dir}/conf/captions.conf
151 # The ldap server to connect to.
152 # Both ldap_server and ldap_write_server can be a space-separated
153 # list of ldap hostnames. In that case the library will try to connect
154 # to the servers in the order that they appear. If the first host is down
155 # ldap_connect will ask for the second ldap host and so on.
157 ldap_server: ldap.%{general_domain}
159 # There are many cases where we have a small write master and
160 # a lot of fast read only replicas. If that is the case uncomment
161 # ldap_write_server and point it to the write master. It will be
162 # used only when writing to the directory, not when reading
164 #ldap_write_server: master.%{general_domain}
165 ldap_base: dc=company,dc=com
166 ldap_binddn: cn=Directory Manager
168 ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}
169 ldap_default_dn: uid=default-dialup,%{ldap_base}
170 ldap_regular_profile_attr: dialupregularprofile
172 # If set to yes then the HTTP credentials (http authentication)
173 # will be used to bind to the ldap server instead of ldap_binddn
174 # and ldap_bindpw. That way multiple admins with different rights
175 # on the ldap database can connect through one dialup_admin interface.
176 # The ldap_binddn and ldap_bindpw are still needed to find the DN
177 # to bind with (http authentication will only provide us with a
178 # username). As a result the ldap_binddn should be able to do a search
179 # with a filter of (uid=<username>). Normally, the anonymous (empty DN)
181 #ldap_use_http_credentials: yes
183 # If we are using http credentials we can map a specific username to the
184 # directory manager (which usually does not correspond to a specific username)
186 #ldap_directory_manager: cn=Directory Manager
187 #ldap_map_to_directory_manager: admin
189 # Uncomment to enable ldap debug
193 # Allow for defining the ldap filter used when searching for a user
194 # Variables supported:
196 # %U: username provided though http authentication
197 # %mu: mappings for userdb
198 # %ma: mappings for accounting
200 # One use of this would be to restrict access to only the user's belonging to
201 # a specific administrator like this:
202 # ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))
204 #ldap_filter: (uid=%u)
206 # If ldap_userdn is set then we use that for user dns, we don't perform an ldap
207 # search. This can be somewhat faster. The variables supported for ldap_filter
208 # are also supported here
210 #ldap_userdn: uid=%u,%{ldap_base}
214 # can be one of mysql,pg where:
215 # mysq: MySQL database (port 3306)
216 # pg: PostgreSQL database (port 5432)
219 sql_server: localhost
221 sql_username: dialup_admin
224 sql_accounting_table: radacct
225 sql_badusers_table: badusers
226 sql_check_table: radcheck
227 sql_reply_table: radreply
228 sql_user_info_table: userinfo
229 sql_groupcheck_table: radgroupcheck
230 sql_groupreply_table: radgroupreply
231 sql_usergroup_table: usergroup
232 sql_total_accounting_table: totacct
235 # This variable is used by the scripts in the bin folder
236 # It should contain the path to the sql binary used to run
237 # sql commands (mysql and psql are only supported for now)
238 sql_command: /usr/local/bin/mysql
240 # This variable is used by the scripts in the bin folder
241 # It should contain the snmp type and path to the binary
242 # used to run snmp commands.
243 # (ucd = UCD-Snmp and net = Net-Snmp are only supported for now)
244 general_snmp_type: net
245 general_snmpwalk_command: /usr/local/bin/snmpwalk
246 general_snmpget_command: /usr/local/bin/snmpget
248 # Uncomment to enable sql debug
252 # If set to yes then the HTTP credentials (http authentication)
253 # will be used to connect to the sql server instead of sql_username
254 # and sql_password. That way multiple admins with different rights
255 # on the sql database can connect through one dialup_admin interface.
256 #sql_use_http_credentials: yes
258 # If set the query will be added to all of the queries on the accounting
260 #sql_accounting_extra_query: %ma
266 sql_use_user_info_table: true
267 sql_use_operators: true
269 # Set this to the value of the default_user_profile in your
270 # sql.conf if that one is set. If it is not set leave blank
272 #sql_default_user_profile: DEFAULT
275 sql_password_attribute: User-Password
276 sql_date_format: Y-m-d
277 sql_full_date_format: Y-m-d H:i:s
279 # Used in the accounting report generator so that we
280 # don't return too many results
284 # These options are used by the log_badlogins script and by the
287 # Set the sql connect timeout (secs)
288 sql_connect_timeout: 3
289 # Give a space separated list of extra mysql servers to connect to when
290 # logging bad logins or adding users in the badusers table
291 #sql_extra_servers: sql2.company.com sql3.company.com
294 # Default values for the various user limits in case the counter module
295 # is used to impose such limits.
296 # The value should be the user limit in seconds or none for nothing
298 counter_default_daily: 14400
299 counter_default_weekly: 72000
300 counter_default_monthly: none
302 # Since calculating monthly usage can be quite expensive we make
304 # This is not needed if the monthly limit is not none
305 #counter_monthly_calculate_usage: true