2 # Main Configuration File
4 # it can be default or whatever language. Only greek are supported
5 # from non latin alphabet languages
6 # These attribute only apply for ldap not for sql
8 general_prefered_lang: en
9 general_prefered_lang_name: English
11 # The charset which will be added as a meta tag in all pages
13 general_charset: iso-8859-1
15 # Uncomment this if normal attributes (not the ;lang-xx ones) in ldap
18 #general_decode_normal_attributes: yes
20 # The directory where dialupadmin is installed
22 general_base_dir: /usr/local/dialup_admin
24 # The base directory of the freeradius radius installation
26 general_radiusd_base_dir: /usr/local/radiusd
27 general_domain: company.com
29 # Set it to yes to use sessions and cache the various mappings
30 # You can also set use_session = 1 in config.php3 to also cache
33 # ---- IMPORTANT -- IMPORTANT -- IMPORTANT ----
34 #Remember to use the 'Clear Cache' page if you use sessions and do any changes
35 #in any of the configuration files.
37 general_use_session: no
39 # This is used by the failed logins page. It states the default back time
42 general_most_recent_fl: 30
47 # Set general_strip_realms to yes in order to stip realms from usernames.
48 # By default realms are not striped
49 #general_strip_realms: yes
51 # The delimiter used in realms. Default is @
53 general_realm_delimiter: @
55 # The format of the realms. Can be either suffix (realm is after the username)
56 # or prefix (realm is before the username). Default is suffix
58 general_realm_format: suffix
62 # Determines if the administrator will be able to see and change the user password through
64 general_show_user_password: yes
66 general_raddb_dir: %{general_radiusd_base_dir}/etc/raddb
67 general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap
68 # Need to fix admin.conf file parser
69 #general_clients_conf: %{general_raddb_dir}/clients.conf
70 general_clients_conf: /usr/local/etc/raddb/clients.conf
71 general_sql_attrmap: %{general_base_dir}/conf/sql.attrmap
72 general_accounting_attrs_file: %{general_base_dir}/conf/accounting.attrs
73 general_extra_ldap_attrmap: %{general_base_dir}/conf/extra.ldap-attrmap
74 general_username_mappings_file: %{general_base_dir}/conf/username.mappings
76 # it can be either ldap or sql
77 # This affects the user base not accounting. Accounting is always in sql
81 # Define which attributes will be visible in the user edit page
83 general_user_edit_attrs_file: %{general_base_dir}/conf/user_edit.attrs
85 # Used by the Accounting Report Generator
87 general_sql_attrs_file: %{general_base_dir}/conf/sql.attrs
89 # Set default values for various attributes
91 general_default_file: %{general_base_dir}/conf/default.vals
92 #general_ld_library_path: /usr/local/snmpd/lib
94 # can be 'snmp' (for snmpfinger) or empty to query the radacct table without first
96 # This is used by the online users page
98 general_finger_type: snmp
100 # Defines the nas type. This is only used by snmpfinger
101 # cisco and lucent are supported for now
103 general_nas_type: cisco
104 general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
106 # Used by the 'Disconnect User' button in the Clear Open Sessions page
107 # Uses the Cisco AAA Session MIB
109 general_sessionclear_bin: %{general_base_dir}/bin/snmp_clearsession
110 general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
112 # this information is used from the server check page
114 general_test_account_login: test
115 general_test_account_password: testpass
117 # These are used as default values for the user test page
119 general_radius_server: localhost
120 general_radius_server_port: 1812
122 # can be either pap or chap
124 general_radius_server_auth_proto: pap
126 # sorry, single valued for now. Should become something like
127 # password[server-name]: xxxxx
129 general_radius_server_secret: XXXXXX
130 general_auth_request_file: %{general_base_dir}/conf/auth.request
132 # can be one of crypt,md5,clear
134 general_encryption_method: crypt
136 # can be either asc (older dates first) or desc (recent dates first)
137 # This is used in the user accounting and badusers pages
139 general_accounting_info_order: desc
141 # Use the totacct table in the user statistics page instead of the radacct
142 # table. That will make the page run quicker. totacct should have data for
145 general_stats_use_totacct: no
147 # If set to yes then we only allow each administrator to examine it's own entries
148 # in the badusers table
150 general_restrict_badusers_access: no
152 # If set to yes then we restrict access to the nas administration page only to those
153 # users which are allowed by their username mapping (nasadmin is set to yes)
155 general_restrict_nasadmin_access: no
158 INCLUDE: %{general_base_dir}/conf/naslist.conf
160 INCLUDE: %{general_base_dir}/conf/captions.conf
163 # The ldap server to connect to.
164 # Both ldap_server and ldap_write_server can be a space-separated
165 # list of ldap hostnames. In that case the library will try to connect
166 # to the servers in the order that they appear. If the first host is down
167 # ldap_connect will ask for the second ldap host and so on.
169 ldap_server: ldap.%{general_domain}
171 # There are many cases where we have a small write master and
172 # a lot of fast read only replicas. If that is the case uncomment
173 # ldap_write_server and point it to the write master. It will be
174 # used only when writing to the directory, not when reading
176 #ldap_write_server: master.%{general_domain}
177 ldap_base: dc=company,dc=com
178 ldap_binddn: cn=Directory Manager
180 ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}
181 ldap_default_dn: uid=default-dialup,%{ldap_base}
182 ldap_regular_profile_attr: dialupregularprofile
184 # If set to yes then the HTTP credentials (http authentication)
185 # will be used to bind to the ldap server instead of ldap_binddn
186 # and ldap_bindpw. That way multiple admins with different rights
187 # on the ldap database can connect through one dialup_admin interface.
188 # The ldap_binddn and ldap_bindpw are still needed to find the DN
189 # to bind with (http authentication will only provide us with a
190 # username). As a result the ldap_binddn should be able to do a search
191 # with a filter of (uid=<username>). Normally, the anonymous (empty DN)
193 #ldap_use_http_credentials: yes
195 # If we are using http credentials we can map a specific username to the
196 # directory manager (which usually does not correspond to a specific username)
198 #ldap_directory_manager: cn=Directory Manager
199 #ldap_map_to_directory_manager: admin
201 # Uncomment to enable ldap debug
205 # Allow for defining the ldap filter used when searching for a user
206 # Variables supported:
208 # %U: username provided though http authentication
209 # %mu: mappings for userdb
210 # %ma: mappings for accounting
211 # %mn: mappings for nasdb
212 # %mN: mappings for nas administration
214 # One use of this would be to restrict access to only the user's belonging to
215 # a specific administrator like this:
216 # ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))
218 #ldap_filter: (uid=%u)
220 # If ldap_userdn is set then we use that for user dns, we don't perform an ldap
221 # search. This can be somewhat faster. The variables supported for ldap_filter
222 # are also supported here
224 #ldap_userdn: uid=%u,%{ldap_base}
228 # can be one of mysql,pg,sqlrelay where:
229 # mysq: MySQL database (port 3306)
230 # pg: PostgreSQL database (port 5432)
231 # sqlrelay: SQL Relay
234 sql_server: localhost
236 sql_username: dialup_admin
239 sql_accounting_table: radacct
240 sql_badusers_table: badusers
241 sql_check_table: radcheck
242 sql_reply_table: radreply
243 sql_user_info_table: userinfo
244 sql_groupcheck_table: radgroupcheck
245 sql_groupreply_table: radgroupreply
246 sql_usergroup_table: usergroup
247 sql_total_accounting_table: totacct
250 # If set to true then we show all the available groups with the groups
251 # that the user is a member of highlighted in the user edit page.
252 # Otherwise we only show the groups he is a member of.
253 sql_show_all_groups: true
255 # This variable is used by the scripts in the bin folder
256 # It should contain the path to the sql binary used to run
257 # sql commands (mysql, psql and sqlrelay are only supported for now)
258 sql_command: /usr/local/bin/mysql
260 # This variable is used by the scripts in the bin folder
261 # It should contain the snmp type and path to the binary
262 # used to run snmp commands.
263 # (ucd = UCD-Snmp and net = Net-Snmp are only supported for now)
264 general_snmp_type: net
265 general_snmpwalk_command: /usr/local/bin/snmpwalk
266 general_snmpget_command: /usr/local/bin/snmpget
268 # Uncomment to enable sql debug
272 # If set to yes then the HTTP credentials (http authentication)
273 # will be used to connect to the sql server instead of sql_username
274 # and sql_password. That way multiple admins with different rights
275 # on the sql database can connect through one dialup_admin interface.
276 #sql_use_http_credentials: yes
278 # If set the query will be added to all of the queries on the accounting
280 # Variables supported:
282 # %U: username provided though http authentication
283 # %mu: mappings for userdb
284 # %ma: mappings for accounting
285 # %mn: mappings for nasdb
286 # %mN: mappings for nas administration
287 #sql_accounting_extra_query: %ma
293 sql_use_user_info_table: true
294 sql_use_operators: true
296 # Set this to the value of the default_user_profile in your
297 # sql.conf if that one is set. If it is not set leave blank
299 #sql_default_user_profile: DEFAULT
302 sql_password_attribute: User-Password
303 sql_date_format: Y-m-d
304 sql_full_date_format: Y-m-d H:i:s
306 # Used in the accounting report generator so that we
307 # don't return too many results
311 # These options are used by the log_badlogins script and by the
314 # Set the sql connect timeout (secs)
315 sql_connect_timeout: 3
316 # Give a space separated list of extra mysql servers to connect to when
317 # logging bad logins or adding users in the badusers table
318 #sql_extra_servers: sql2.company.com sql3.company.com
321 # Default values for the various user limits in case the counter module
322 # is used to impose such limits.
323 # The value should be the user limit in seconds or none for nothing
325 counter_default_daily: 14400
326 counter_default_weekly: 72000
327 counter_default_monthly: none
329 # Since calculating monthly usage can be quite expensive we make
331 # This is not needed if the monthly limit is not none
332 #counter_monthly_calculate_usage: true