X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.conf-example;h=c97a7726abe1a635132fb391fcf0dce6a307dc26;hb=refs%2Fheads%2Fmaint-1.6;hp=04a27efc82363d9cc3e60c046a2c89f0245e5cca;hpb=f06d902b3138b983743c517dd7d6fd7d6362b1f9;p=libradsec.git diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index 04a27ef..c97a772 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -6,9 +6,9 @@ # You can optionally specify addresses and ports to listen on # Multiple statements can be used for multiple ports/addresses #ListenUDP *:1814 -#listenUDP localhost +#ListenUDP localhost #ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812 -#listenTLS 10.10.10.10:2084 +#ListenTLS 10.10.10.10:2084 #ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 #ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 @@ -30,7 +30,7 @@ #LogDestination x-syslog:///log_local2 # For generating log entries conforming to the F-Ticks system, specify -# F-Ticks-Reporting with one of the following values. +# FTicksReporting with one of the following values. # None -- Do not log in F-Ticks format. This is the default. # Basic -- Do log in F-Ticks format but do not log VISINST. # Full -- Do log in F-Ticks format and do log VISINST. @@ -38,30 +38,39 @@ # its matching client configuration block has to contain the # fticksVISCOUNTRY option. -# You can optionally specify F-Ticks-MAC in order to determine if and -# how Calling-Station-Id is logged. +# You can optionally specify FTicksMAC in order to determine if and +# how Calling-Station-Id (users Ethernet MAC address) is being logged. # Static -- Use a static string as a placeholder for -# Calling-Station-Id. This is the default. +# Calling-Station-Id. # Original -- Log Calling-Station-Id as-is. # VendorHashed -- Keep first three segments as-is, hash the rest. -# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. +# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. This +# is the default. # FullyHashed -- Hash the entire string. # FullyKeyHashed -- Like FullyHashed but salt with F-Ticks-Key. -# In order to use F-Ticks-MAC with one of VendorKeyHashed or -# FullyKeyHashed, specify a key with F-Ticks-Key. -# F-Ticks-Key +# In order to use FTicksMAC with one of VendorKeyHashed or +# FullyKeyHashed, specify a key with FTicksKey. +# FTicksKey # Default F-Ticks configuration: -#F-Ticks-Reporting None -#F-Ticks-Mac FullyKeyHashed +#FTicksReporting None +#FTicksMAC Static + +# You can optionally specify FTicksSyslogFacility to use a dedicated +# syslog facility for F-Ticks messages. This allows for easier filtering +# of F-Ticks messages. +# F-Ticks messages are always logged using the log level LOG_DEBUG. +# Note that specifying a file (using the file:/// prefix) is not supported. +#FTicksSyslogFacility log_local1 +#FTicksSyslogFacility x-syslog:///log_local1 # There is an option for doing some simple loop prevention. Note that # the LoopPrevention directive can be used in server blocks too, # overriding what's set here in the basic settings. #LoopPrevention on # Add TTL attribute with value 20 if not present (prevents endless loops) -#addTTL 20 +#AddTTL 20 # If we have TLS clients or servers we must define at least one tls block. # You can name them whatever you like and then reference them by name when @@ -125,7 +134,7 @@ tls default { # modifyAttribute 1:/^(.*)@local$/\1@example.com/ # } -client 2001:db8::1 { +client [2001:db8::1] { type tls secret verysecret # we could specify tls here, e.g. @@ -171,7 +180,7 @@ realm eduroam.cc { # accountingServer 127.0.0.1 } -server 2001:db8::1 { +server [2001:db8::1] { type TLS port 2283 # secret is optional for TLS