#######################################################################
#
-# Definition of a NAS or a client.
+# Definition of a RADIUS client (usually a NAS).
#
-# The information given here is in ADDITION to the 'clients' file.
-#
-# If this is defined as "client foo" then the hostname/ipaddr "foo"
-# will be looked up according to the source IP address of the radius
-# rqeuest packet, and the secret here will be used to check the
-# integrety of the request.
-#
-# If this is defined as "nas foo" then foo will be looked up first
-# as the NAS-IP-Address in the radius request, then as the NAS-Ident
-# in the radius request.
-#
-# Normally you'd use "client" unless the request came in through a
-# proxy server and you want to define a short name for the NAS
-# for logging purposes, or you want to do a "checkrad" back to the
-# original NAS and not to the proxy radius server!
+# The information given here over rides anything given in the 'clients'
+# file, or in the 'naslist' file. The configuration here contains
+# all of the information from those two files, and also allows for more
+# configuration items.
#
# The "shortname" can be used for logging, and the "nastype",
# "login" and "password" fields are mainly used for checkrad and are
# optional.
#
+#
+# Defines a RADIUS client. The format is 'client [hostname|ip-address]'
+#
+# '127.0.0.1' is another name for 'localhost'. It is enabled by default,
+# to allow testing of the server after an initial installation. If you
+# are not going to be permitting RADIUS queries from localhost, we suggest
+# that you delete, or comment out, this entry.
+#
client 127.0.0.1 {
+ #
+ # The shared secret use to "encrypt" and "sign" packets between
+ # the NAS and FreeRADIUS. You MUST change this secret from the
+ # default, otherwise it's not a secret any more!
+ #
+ # The secret can be any string, up to 32 characters in length.
+ #
secret = testing123
+
+ #
+ # The short name is used as an alias for the fully qualified
+ # domain name, or the IP address.
+ #
shortname = localhost
+
+ #
+ # the following three fields are optional, but may be used by
+ # checkrad.pl for simultaneous use checks
+ #
+
+ #
+ # The nastype tells 'checkrad.pl' which NAS-specific method to
+ # use to query the NAS for simultaneous use.
+ #
+ # Permitted NAS types are:
+ #
+ # cisco
+ # computone
+ # livingston
+ # max40xx
+ # multitech
+ # netserver
+ # pathras
+ # patton
+ # portslave
+ # tc
+ # usrhiper
+ # other # for all other types
+
+ #
+ nastype = other # localhost isn't usually a NAS...
+
+ #
+ # The following two configurations are for future use.
+ # The 'naspasswd' file is currently used to store the NAS
+ # login name and password, which is used by checkrad.pl
+ # when querying the NAS for simultaneous use.
+ #
+# login = !root
+# password = someadminpas
}
#client some.host.org {
#
# You can now specify one secret for a network of clients.
# When a client request comes in, the BEST match is chosen.
+# i.e. The entry from the smallest possible network.
#
#client 192.168.0.0/24 {
# secret = testing123-1