1 ######################################################################
3 # An example virtual server configuration.
7 ######################################################################
11 # This client will be available to any "listen" section that
12 # are defined outside of a virtual server section. However,
13 # when the server receives a packet from this client, the
14 # request will be processed through the "example" virtual
15 # server, as the "client" section contains a configuration item
18 # Note that this client will be able to send requests to any
19 # port defined in a global "listen" section. It will NOT,
20 # however, be able to send requests to a port defined in a
21 # "listen" section that is contained in a "server" section.
23 # With careful matching of configurations, you should be able
26 # - Define one authentication port, but process each client
27 # through a separate virtual server.
29 # - define multiple authentication ports, each with a private
32 # - define multiple authentication ports, each of which may
33 # have the same client listed, but with different shared
36 # FYI: We use an address in the 192.0.2.* space for this example,
37 # as RFC 3330 says that that /24 range is used for documenation
38 # and examples, and should not appear on the net. You shouldn't
39 # use it for anything, either.
42 shortname = example-client
44 virtual_server = example
47 ######################################################################
49 # An example virtual server. It starts off with "server name {"
50 # The "name" is used to reference this server from a "listen"
51 # or "client" section.
53 ######################################################################
56 # Listen on 192.0.2.1:1812 for Access-Requests
58 # When the server receives a packet, it is processed
59 # through the "authorize", etc. sections listed here,
60 # NOT the global ones the "default" site.
69 # This client is listed within the "server" section,
70 # and is therefore known ONLY to the socket defined
71 # in the "listen" section above. If the client IP
72 # sends a request to a different socket, the server
73 # will treat it as an unknown client, and will not
76 # In contrast, the client listed at the top of this file
77 # is outside of any "server" section, and is therefore
78 # global in scope. It can send packets to any port
79 # defined in a global "listen" section. It CANNOT send
80 # packets to the listen section defined above, though.
82 # Note that you don't have to have a "virtual_server = example"
83 # line here, as the client is encapsulated within
84 # the "server" section.
87 shortname = example-client
93 # Some example policies. See "man unlang" for more.
95 if ("%{User-Name}" == "bob") {
97 Cleartext-Password := "bob"
102 # And then reject the user. The next line requires
103 # that the "always reject {}" section is defined in
104 # the "modules" section of radiusd.conf.
115 Post-Auth-Type Reject {
117 Reply-Message = "This is only an example."