2 # This file contains the configuration for experimental modules.
4 # By default, it is NOT included in the build.
9 # Configuration for the Python module.
11 # Where radiusd is a Python module, radiusd.py, and the
12 # function 'authorize' is called. Here is a dummy piece
15 # def authorize(params):
17 # return (5, ('Reply-Message', 'banned'))
19 # The RADIUS value-pairs are passed as a tuple of tuple
20 # pairs as the first argument, e.g. (('attribute1',
21 # 'value1'), ('attribute2', 'value2'))
23 # The function return is a tuple with the first element
24 # being the return value of the function.
25 # The 5 corresponds to RLM_MODULE_USERLOCK. I plan to
26 # write the return values as Python symbols to avoid
29 # The remaining tuple members are the string form of
30 # value-pairs which are passed on to pairmake().
33 mod_instantiate = radiusd_test
34 func_instantiate = instantiate
36 mod_authorize = radiusd_test
37 func_authorize = authorize
39 mod_accounting = radiusd_test
40 func_accounting = accounting
42 mod_preacct = radiusd_test
43 func_preacct = preacct
45 mod_detach = radiusd_test
50 # Configuration for the example module. Uncommenting it will cause it
51 # to get loaded and initialized, but should have no real effect as long
52 # it is not referencened in one of the autz/auth/preacct/acct sections
55 # allowed values: {no, yes}
58 # An integer, of any value.
62 string = "This is an example configuration string"
64 # An IP address, either in dotted quad (1.2.3.4) or hostname
73 string = "This is a different string"
79 # To create a dbm users file, do:
81 # cat test.users | rlm_dbm_parser -f /etc/raddb/users_db
83 # Then add 'dbm' in 'authorize' section.
85 # Note that even if the file has a ".db" or ".dbm" extension,
86 # you may have to specify it here without that extension. This
87 # is because the DBM libraries "helpfully" add a ".db" to the
88 # filename, but don't check if it's already there.
91 usersfile = ${raddbdir}/users_db
95 # Persistent, embedded Perl interpreter.
99 # The Perl script to execute on authorize, authenticate,
100 # accounting, xlat, etc. This is very similar to using
101 # Exec-Program-Wait = "/path/foo.pl", but it is persistent,
102 # and therefore faster.
104 module = /path/to/your/perl_program
107 # The following hashes are given to the module and
108 # filled with value-pairs (Attribute names and values)
110 # %RAD_REPLY Attributes to go into the reply
111 # %RAD_REQUEST Attributes from the request
112 # %RAD_CHECK Check items
114 # Only the %RAD_REPLY hash can be modified.
115 # All of the other hashes are read only.
117 # The return codes from functions in the perl_script
118 # are passed directly back to the server. These
119 # codes are defined in doc/configurable_failover,
120 # src/include/modules.h (RLM_MODULE_REJECT, etc),
121 # and are pre-defined in the 'example.pl' program
124 func_accounting = accounting
125 func_authenticate = authenticate
126 func_authorize = authorize
127 func_preacct = preacct
128 func_checksimul = checksimul
133 # Perform NT-Domain authentication. This only works
134 # with PAP authentication. That is, Authentication-Request
135 # packets containing a User-Password attribute.
137 # To use it, add 'smb' into the 'authenticate' section,
138 # and then in another module (usually the 'users' file),
139 # set 'Auth-Type := SMB'
141 # WARNING: this module is not only experimental, it's also
142 # a security threat. It's not recommended to use it until
146 server = ntdomain.server.example.com
147 backup = backup.server.example.com
151 # See doc/rlm_fastusers before using this
152 # module or changing these values.
155 usersfile = ${confdir}/users_fast
158 # Reload the hash every 600 seconds (10mins)