2 # This file contains the configuration for experimental modules.
4 # By default, it is NOT included in the build.
10 # Configuration for the Python module.
12 # Where radiusd is a Python module, radiusd.py, and the
13 # function 'authorize' is called. Here is a dummy piece
16 # def authorize(params):
18 # return (5, ('Reply-Message', 'banned'))
20 # The RADIUS value-pairs are passed as a tuple of tuple
21 # pairs as the first argument, e.g. (('attribute1',
22 # 'value1'), ('attribute2', 'value2'))
24 # The function return is a tuple with the first element
25 # being the return value of the function.
26 # The 5 corresponds to RLM_MODULE_USERLOCK. I plan to
27 # write the return values as Python symbols to avoid
30 # The remaining tuple members are the string form of
31 # value-pairs which are passed on to pairmake().
34 mod_instantiate = radiusd_test
35 func_instantiate = instantiate
37 mod_authorize = radiusd_test
38 func_authorize = authorize
40 mod_accounting = radiusd_test
41 func_accounting = accounting
43 mod_preacct = radiusd_test
44 func_preacct = preacct
46 mod_detach = radiusd_test
51 # Configuration for the example module. Uncommenting it will cause it
52 # to get loaded and initialized, but should have no real effect as long
53 # it is not referencened in one of the autz/auth/preacct/acct sections
56 # allowed values: {no, yes}
59 # An integer, of any value.
63 string = "This is an example configuration string"
65 # An IP address, either in dotted quad (1.2.3.4) or hostname
74 string = "This is a different string"
80 # This module is an SQL enabled version of the counter module.
82 # Rather than maintaining seperate (GDBM) databases of accounting info
83 # for each counter, this module uses the data stored in the raddacct
84 # table by the sql modules. This module NEVER does any database
85 # INSERTs or UPDATEs. It is totally dependent on the SQL module
86 # to process Accounting packets.
88 # The 'sqlmod_inst' parameter holds the instance of the sql module to use
89 # when querying the SQL database. Normally it is just "sql".
90 # If you define more and one SQL module instance
91 # (usually for failover situations), you can specify which module
92 # has access to the Accounting Data (radacct table).
94 # The 'reset' parameter defines when the counters are all reset to
95 # zero. It can be hourly, daily, weekly, monthly or never.
96 # It can also be user defined. It should be of the form:
98 # h: hours, d: days, w: weeks, m: months
99 # If the letter is ommited days will be assumed. In example:
100 # reset = 10h (reset every 10 hours)
101 # reset = 12 (reset every 12 days)
103 # The 'key' parameter specifies the unique identifier for the counters
104 # records (usually 'User-Name').
106 # The 'query' parameter specifies the SQL query used to get the
107 # current Counter value from the database. There are 3 parameters
108 # that can be used in the query:
110 # %b unix time value of beginning of reset period
111 # %e unix time value of end of reset period
113 # The 'check-name' parameter is the name of the 'check' attribute to use to access
114 # the counter in the 'users' file or SQL radcheck or radcheckgroup
117 # DEFAULT Max-Daily-Session > 3600, Auth-Type = Reject
118 # Reply-Message = "You've used up more than one hour today"
121 sqlcounter dailycounter {
122 counter-name = Daily-Session-Time
123 check-name = Max-Daily-Session
124 sqlmod-inst = sqlcca3
128 # This query properly handles calls that span from the previous reset period
129 # into the current period but involves more work for the SQL server than those below
130 query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
132 # This query ignores calls that started in a previous reset period and
133 # continue into into this one. But it is a little easier on the SQL server
134 # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')"
136 # This query is the same as above, but demonstrates an additional
137 # counter parameter '%e' which is the timestamp for the end of the period
138 # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"
141 sqlcounter monthlycounter {
142 counter-name = Monthly-Session-Time
143 check-name = Max-Monthly-Session
144 sqlmod-inst = sqlcca3
148 # This query properly handles calls that span from the previous reset period
149 # into the current period but involves more work for the SQL server than those below
150 query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
152 # This query ignores calls that started in a previous reset period and
153 # continue into into this one. But it is a little easier on the SQL server
154 # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')"
156 # This query is the same as above, but demonstrates an additional
157 # counter parameter '%e' which is the timestamp for the end of the period
158 # query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"
161 # Do server side ip pool management. Should be added in authorize and
162 # accounting sections
163 # FIXME: This is highly experimental at the moment. Please give feedback
167 # range-start,range-stop: The start and end ip addresses for the ip pool
168 # netmask: The network mask used for the ip's
169 # cache-size: The gdbm cache size for the db files. Should be equal to
170 # the number of ip's available in the ip pool
171 # session-db: The main db file used to allocate ip's to clients
172 # ip-index: Helper db index file used in multilink
174 # The module will also check for the existance of the Pool-Name attribute.
175 # That way the administrator can add the Pool-Name attribute in the user profiles
176 # and use different pools for different users
178 # radiusd.conf: ippool students { [...] }
179 # users file : DEFAULT Group == students, Pool-Name := "students"
182 range-start = 192.168.1.1
183 range-stop = 192.168.3.254
184 netmask = 255.255.255.0
186 session-db = ${raddbdir}/db.ippool
187 ip-index = ${raddbdir}/db.ipindex
190 # To create a dbm users file, do:
192 # cat test.users | rlm_dbm_parser -f /etc/raddb/users_db
194 # Then add 'dbm' in 'authorize' section.
197 usersfile = ${raddbdir}/users_db
201 # Persistent, embedded Perl interpreter.
205 # The Perl script to execute on authorize, authenticate,
206 # accounting, etc. This is very similar to using
207 # Exec-Program-Wait = "/path/foo.pl", but it is persistent,
208 # and therefore faster.
210 # For now, the attributes are passed in environment
211 # variables (%ENV array). See doc/variables.txt,
212 # under 'Exec-Program-Wait' for more details.
214 # Any attributes to be added to the request are
215 # returned in the %main::result hash, and exit status
218 cmd = ${raddbdir}/test.pl
221 # The script which provides 'package Embed::Persistent'
222 # without this file, the 'cmd' Perl script will NOT be
223 # persistent, and will not run.
225 persistent = ${raddbdir}/persistent.pl
229 # The digest module. It doesn't take any configuration
230 # parameters, but it does require a configuration section,
231 # otherwise the parser complains.