X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.conf-example;h=c97a7726abe1a635132fb391fcf0dce6a307dc26;hb=refs%2Fheads%2Fproxy-state;hp=8f966262d9ef629612ebc64b818011f28c352c80;hpb=d53d9023955bfcba7c632eac9ccbe05dbc235839;p=libradsec.git diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index 8f96626..c97a772 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -6,9 +6,9 @@ # You can optionally specify addresses and ports to listen on # Multiple statements can be used for multiple ports/addresses #ListenUDP *:1814 -#listenUDP localhost +#ListenUDP localhost #ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812 -#listenTLS 10.10.10.10:2084 +#ListenTLS 10.10.10.10:2084 #ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 #ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 @@ -39,12 +39,13 @@ # fticksVISCOUNTRY option. # You can optionally specify FTicksMAC in order to determine if and -# how Calling-Station-Id is logged. +# how Calling-Station-Id (users Ethernet MAC address) is being logged. # Static -- Use a static string as a placeholder for -# Calling-Station-Id. This is the default. +# Calling-Station-Id. # Original -- Log Calling-Station-Id as-is. # VendorHashed -- Keep first three segments as-is, hash the rest. -# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. +# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. This +# is the default. # FullyHashed -- Hash the entire string. # FullyKeyHashed -- Like FullyHashed but salt with F-Ticks-Key. @@ -54,14 +55,22 @@ # Default F-Ticks configuration: #FTicksReporting None -#FTicksMac FullyKeyHashed +#FTicksMAC Static + +# You can optionally specify FTicksSyslogFacility to use a dedicated +# syslog facility for F-Ticks messages. This allows for easier filtering +# of F-Ticks messages. +# F-Ticks messages are always logged using the log level LOG_DEBUG. +# Note that specifying a file (using the file:/// prefix) is not supported. +#FTicksSyslogFacility log_local1 +#FTicksSyslogFacility x-syslog:///log_local1 # There is an option for doing some simple loop prevention. Note that # the LoopPrevention directive can be used in server blocks too, # overriding what's set here in the basic settings. #LoopPrevention on # Add TTL attribute with value 20 if not present (prevents endless loops) -#addTTL 20 +#AddTTL 20 # If we have TLS clients or servers we must define at least one tls block. # You can name them whatever you like and then reference them by name when @@ -125,7 +134,7 @@ tls default { # modifyAttribute 1:/^(.*)@local$/\1@example.com/ # } -client 2001:db8::1 { +client [2001:db8::1] { type tls secret verysecret # we could specify tls here, e.g. @@ -171,7 +180,7 @@ realm eduroam.cc { # accountingServer 127.0.0.1 } -server 2001:db8::1 { +server [2001:db8::1] { type TLS port 2283 # secret is optional for TLS