1 #Master config file, must be in /etc/radsecproxy or proxy's current directory
2 # All possible config options are listed below
4 # You must specify at least one of TLSCACertificateFile or TLSCACertificatePath
5 # for TLS to work. We always verify peer certificate (both client and server)
6 #TLSCACertificateFile /etc/cacerts/CA.pem
7 TLSCACertificatePath /etc/cacerts
9 # You must specify the below for TLS, we will always present our certificate
10 TLSCertificateFile /etc/hostcertkey/host.example.com.pem
11 TLSCertificateKeyFile /etc/hostcertkey/host.example.com.key.pem
12 # Optionally specify password if key is encrypted (not very secure)
13 TLSCertificateKeyPassword follow the white rabbit
15 # You can optionally specify addresses and ports to listen on
16 # Max one of each, below are just multiple examples
19 #listenTCP 10.10.10.10:2084
20 #ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:2084
21 # Optional log level. 3 is default, 1 is less, 4 is more
23 #Optional LogDestinatinon, else stderr used for logging
25 #LogDestination file:///tmp/rp.log
26 # Or logging with Syslog. LOG_DAEMON used if facility not specified
27 # The supported facilities are LOG_DAEMON, LOG_MAIL, LOG_USER and
28 # LOG_LOCAL0, ..., LOG_LOCAL7
29 #LogDestination x-syslog://
30 #LogDestination x-syslog://log_local2
32 #Now we configure clients, servers and realms. Note that these and
33 #also the lines above may be in any order, except that a realm
34 #can only be configured to use a server that is previously configured.
36 #A realm can be a literal domain name, * which matches all, or a
37 #regexp. A regexp is specified by the character prefix /
38 #For regexp we do case insensitive matching of the entire username string.
39 #The matching of realms is done in the order they are specified, using the
40 #first match found. Some examples are
41 #"@example\.com$", "\.com$", ".*" and "^[a-z].*@example\.com$".
42 #To treat local users separately you might try first specifying "@"
53 client radius.example.com {
55 # secret is optional for TLS
69 # secret is optional for TLS
71 server radius.example.com {
75 # statusserver is optional, can be on or off. Off is default
78 # Equivalent to example.com
79 realm /@example\.com$ {
85 # The realm below is equivalent to /.*
87 server radius.example.com