2 # clients.conf - client configuration directives
4 #######################################################################
6 #######################################################################
8 # Definition of a RADIUS client (usually a NAS).
10 # The information given here over rides anything given in the
11 # 'clients' file, or in the 'naslist' file. The configuration here
12 # contains all of the information from those two files, and allows
13 # for more configuration items.
15 # The "shortname" is be used for logging. The "nastype", "login" and
16 # "password" fields are mainly used for checkrad and are optional.
20 # Defines a RADIUS client. The format is 'client [hostname|ip-address]'
22 # '127.0.0.1' is another name for 'localhost'. It is enabled by default,
23 # to allow testing of the server after an initial installation. If you
24 # are not going to be permitting RADIUS queries from localhost, we suggest
25 # that you delete, or comment out, this entry.
30 # IPv6 prefixes MUST end with :: or IPv6 Address or hostname
31 # IPv4 Prefixes MUST end with .0 or IPv4 Address or hostname
32 # A hostname is a valid DNS lookup name
38 # 10.0/8 = 10.0.0.0/16 = 10.0.0.1/8 != 10/8
39 # 192.168.1.1/32 = 192.168.1.1/0
40 # hostname/32 = hostname/0 = hostname
41 # (32 or 0 or NULL prefix lengths are treated same)
46 # fec0::1/128 = fec0::1/0 = fec0::1
47 # hostname/128 = hostname/0 = hostname
48 # (128 or 0 or NULL prefix lengths are treated same)
55 # (replace with 192.168.0/16 or 192.168.0.0/16 or 192.168.1.1/16)
57 # (No Prefix, so it is considered as hostname
58 # and also returns 192.0.0.168 instead of 192.168.0.0)
63 # (replace with fec0::/16 or fec0::1/16)
65 # (No prefix, so it is considered as hostname)
70 # The shared secret use to "encrypt" and "sign" packets between
71 # the NAS and FreeRADIUS. You MUST change this secret from the
72 # default, otherwise it's not a secret any more!
74 # The secret can be any string, up to 8k characters in length.
76 # Control codes can be entered vi octal encoding,
77 # e.g. "\101\102" == "AB"
78 # Quotation marks can be entered by escaping them,
84 # The short name is used as an alias for the fully qualified
85 # domain name, or the IP address.
90 # the following three fields are optional, but may be used by
91 # checkrad.pl for simultaneous use checks
95 # The nastype tells 'checkrad.pl' which NAS-specific method to
96 # use to query the NAS for simultaneous use.
98 # Permitted NAS types are:
111 # other # for all other types
114 nastype = other # localhost isn't usually a NAS...
117 # The following two configurations are for future use.
118 # The 'naspasswd' file is currently used to store the NAS
119 # login name and password, which is used by checkrad.pl
120 # when querying the NAS for simultaneous use.
123 # password = someadminpas
128 # secret = testing123
129 # shortname = localhost
132 # All IPv6 Site-local clients
134 # secret = testing123
135 # shortname = localhost
138 #client some.host.org {
139 # secret = testing123
140 # shortname = localhost
144 # You can now specify one secret for a network of clients.
145 # When a client request comes in, the BEST match is chosen.
146 # i.e. The entry from the smallest possible network.
148 #client 192.168.0.0/24 {
149 # secret = testing123-1
150 # shortname = private-network-1
153 #client 192.168.0.0/16 {
154 # secret = testing123-2
155 # shortname = private-network-2
159 #client 10.10.10.10 {
160 # # secret and password are mapped through the "secrets" file.
161 # secret = testing123
163 # # the following three fields are optional, but may be used by
164 # # checkrad.pl for simultaneous usage checks
165 # nastype = livingston
167 # password = someadminpas
170 #######################################################################
172 # Per-socket client lists. The configuration entries are exactly
173 # the same as above, but they are nested inside of a section.
175 # You can have as many per-socket client lists as you have "listen"
176 # sections, or you can re-use a list among multiple "listen" sections.
178 #per_socket_clients {
179 # client 192.168.3.4 {
180 # secret = testing123