X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.conf-example;h=570e314e6c79813184cde4f9898067727017fc6e;hb=b5bdc1d887a519de1d96d6da4534fbbe1210ee2d;hp=c7d7270abb41f0bdb7a9f28fb20ce9ecacc7031b;hpb=8aa05d366de8af2543cb2533b14fe317fa11e7a0;p=libradsec.git diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index c7d7270..570e314 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -6,9 +6,9 @@ # You can optionally specify addresses and ports to listen on # Multiple statements can be used for multiple ports/addresses #ListenUDP *:1814 -#listenUDP localhost +#ListenUDP localhost #ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812 -#listenTLS 10.10.10.10:2084 +#ListenTLS 10.10.10.10:2084 #ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 #ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 @@ -17,9 +17,10 @@ #SourceTCP *:33000 #SourceTLS *:33001 #SourceDTLS *:33001 -# Optional log level. 3 is default, 1 is less, 4 is more + +# Optional log level. 3 is default, 1 is less, 5 is more #LogLevel 3 -# Optional LogDestinatinon, else stderr used for logging +# Optional LogDestination, else stderr used for logging # Logging to file #LogDestination file:///tmp/rp.log # Or logging with Syslog. LOG_DAEMON used if facility not specified @@ -28,10 +29,47 @@ #LogDestination x-syslog:/// #LogDestination x-syslog:///log_local2 -# There is an option for doing some simple loop prevention +# For generating log entries conforming to the F-Ticks system, specify +# FTicksReporting with one of the following values. +# None -- Do not log in F-Ticks format. This is the default. +# Basic -- Do log in F-Ticks format but do not log VISINST. +# Full -- Do log in F-Ticks format and do log VISINST. +# Please note that in order to get F-Ticks logging for a given client, +# its matching client configuration block has to contain the +# fticksVISCOUNTRY option. + +# You can optionally specify FTicksMAC in order to determine if and +# how Calling-Station-Id (users Ethernet MAC address) is being logged. +# Static -- Use a static string as a placeholder for +# Calling-Station-Id. +# Original -- Log Calling-Station-Id as-is. +# VendorHashed -- Keep first three segments as-is, hash the rest. +# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. This +# is the default. +# FullyHashed -- Hash the entire string. +# FullyKeyHashed -- Like FullyHashed but salt with F-Ticks-Key. + +# In order to use FTicksMAC with one of VendorKeyHashed or +# FullyKeyHashed, specify a key with FTicksKey. +# FTicksKey + +# Default F-Ticks configuration: +#FTicksReporting None +#FTicksMAC Static + +# You can optionally specify FTicksSyslogFacility to use a dedicated +# syslog facility for F-Ticks messages. This allows easy filtering +# of F-Ticks messages. +# Please note that FTicksSyslogFacility cannot specify a file (file:///...) +#FTicksSyslogFacility log_local1 +#FTicksSyslogFacility x-syslog:///log_local1 + +# There is an option for doing some simple loop prevention. Note that +# the LoopPrevention directive can be used in server blocks too, +# overriding what's set here in the basic settings. #LoopPrevention on # Add TTL attribute with value 20 if not present (prevents endless loops) -#addTTL 20 +#AddTTL 20 # If we have TLS clients or servers we must define at least one tls block. # You can name them whatever you like and then reference them by name when @@ -83,10 +121,15 @@ tls default { # Configure a rewrite block if you want to add/remove/modify attributes # rewrite example { +# # Remove NAS-Port. # removeAttribute 5 +# # Remove vendor attribute 100. # removeVendorAttribute 99:100 -# addAttribute 4:11 -# addVendorAttribute 99:100:200 +# # Called-Station-Id = "123456" +# addAttribute 30:123456 +# # Vendor-99-Attr-101 = 0x0f +# addVendorAttribute 99:101:%0f +# # Change users @local to @example.com. # modifyAttribute 1:/^(.*)@local$/\1@example.com/ # } @@ -127,6 +170,8 @@ server 127.0.0.1 { # rewriteIn example # Can also do rewriting of outgoing messages # rewriteOut example +# Might override loop prevention here too: +# LoopPrevention off } realm eduroam.cc { server 127.0.0.1