X-Git-Url: http://www.project-moonshot.org/gitweb/?a=blobdiff_plain;f=radsecproxy.conf-example;h=c97a7726abe1a635132fb391fcf0dce6a307dc26;hb=refs%2Fheads%2Fproxy-state;hp=ad99ec36e1c0211f6912ef518529840af5d4f65d;hpb=06d37645aa8e96be131ddfdf623623e71df2442f;p=radsecproxy.git diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index ad99ec3..c97a772 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -6,9 +6,9 @@ # You can optionally specify addresses and ports to listen on # Multiple statements can be used for multiple ports/addresses #ListenUDP *:1814 -#listenUDP localhost +#ListenUDP localhost #ListenTCP [2001:700:1:7:215:f2ff:fe35:307d]:1812 -#listenTLS 10.10.10.10:2084 +#ListenTLS 10.10.10.10:2084 #ListenTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 #ListenDTLS [2001:700:1:7:215:f2ff:fe35:307d]:2084 @@ -17,9 +17,10 @@ #SourceTCP *:33000 #SourceTLS *:33001 #SourceDTLS *:33001 -# Optional log level. 3 is default, 1 is less, 4 is more + +# Optional log level. 3 is default, 1 is less, 5 is more #LogLevel 3 -# Optional LogDestinatinon, else stderr used for logging +# Optional LogDestination, else stderr used for logging # Logging to file #LogDestination file:///tmp/rp.log # Or logging with Syslog. LOG_DAEMON used if facility not specified @@ -28,12 +29,48 @@ #LogDestination x-syslog:/// #LogDestination x-syslog:///log_local2 +# For generating log entries conforming to the F-Ticks system, specify +# FTicksReporting with one of the following values. +# None -- Do not log in F-Ticks format. This is the default. +# Basic -- Do log in F-Ticks format but do not log VISINST. +# Full -- Do log in F-Ticks format and do log VISINST. +# Please note that in order to get F-Ticks logging for a given client, +# its matching client configuration block has to contain the +# fticksVISCOUNTRY option. + +# You can optionally specify FTicksMAC in order to determine if and +# how Calling-Station-Id (users Ethernet MAC address) is being logged. +# Static -- Use a static string as a placeholder for +# Calling-Station-Id. +# Original -- Log Calling-Station-Id as-is. +# VendorHashed -- Keep first three segments as-is, hash the rest. +# VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key. This +# is the default. +# FullyHashed -- Hash the entire string. +# FullyKeyHashed -- Like FullyHashed but salt with F-Ticks-Key. + +# In order to use FTicksMAC with one of VendorKeyHashed or +# FullyKeyHashed, specify a key with FTicksKey. +# FTicksKey + +# Default F-Ticks configuration: +#FTicksReporting None +#FTicksMAC Static + +# You can optionally specify FTicksSyslogFacility to use a dedicated +# syslog facility for F-Ticks messages. This allows for easier filtering +# of F-Ticks messages. +# F-Ticks messages are always logged using the log level LOG_DEBUG. +# Note that specifying a file (using the file:/// prefix) is not supported. +#FTicksSyslogFacility log_local1 +#FTicksSyslogFacility x-syslog:///log_local1 + # There is an option for doing some simple loop prevention. Note that # the LoopPrevention directive can be used in server blocks too, # overriding what's set here in the basic settings. #LoopPrevention on # Add TTL attribute with value 20 if not present (prevents endless loops) -#addTTL 20 +#AddTTL 20 # If we have TLS clients or servers we must define at least one tls block. # You can name them whatever you like and then reference them by name when @@ -97,7 +134,7 @@ tls default { # modifyAttribute 1:/^(.*)@local$/\1@example.com/ # } -client 2001:db8::1 { +client [2001:db8::1] { type tls secret verysecret # we could specify tls here, e.g. @@ -143,7 +180,7 @@ realm eduroam.cc { # accountingServer 127.0.0.1 } -server 2001:db8::1 { +server [2001:db8::1] { type TLS port 2283 # secret is optional for TLS