2 # This file contains the configuration for experimental modules.
4 # By default, it is NOT included in the build.
9 # Configuration for the Python module.
11 # Where radiusd is a Python module, radiusd.py, and the
12 # function 'authorize' is called. Here is a dummy piece
15 # def authorize(params):
17 # return (5, ('Reply-Message', 'banned'))
19 # The RADIUS value-pairs are passed as a tuple of tuple
20 # pairs as the first argument, e.g. (('attribute1',
21 # 'value1'), ('attribute2', 'value2'))
23 # The function return is a tuple with the first element
24 # being the return value of the function.
25 # The 5 corresponds to RLM_MODULE_USERLOCK. I plan to
26 # write the return values as Python symbols to avoid
29 # The remaining tuple members are the string form of
30 # value-pairs which are passed on to pairmake().
33 mod_instantiate = radiusd_test
34 func_instantiate = instantiate
36 mod_authorize = radiusd_test
37 func_authorize = authorize
39 mod_accounting = radiusd_test
40 func_accounting = accounting
42 mod_preacct = radiusd_test
43 func_preacct = preacct
45 mod_detach = radiusd_test
50 # Configuration for the example module. Uncommenting it will cause it
51 # to get loaded and initialized, but should have no real effect as long
52 # it is not referencened in one of the autz/auth/preacct/acct sections
55 # allowed values: {no, yes}
58 # An integer, of any value.
62 string = "This is an example configuration string"
64 # An IP address, either in dotted quad (1.2.3.4) or hostname
73 string = "This is a different string"
79 # To create a dbm users file, do:
81 # cat test.users | rlm_dbm_parser -f /etc/raddb/users_db
83 # Then add 'dbm' in 'authorize' section.
85 # Note that even if the file has a ".db" or ".dbm" extension,
86 # you may have to specify it here without that extension. This
87 # is because the DBM libraries "helpfully" add a ".db" to the
88 # filename, but don't check if it's already there.
91 usersfile = ${raddbdir}/users_db
95 # Persistent, embedded Perl interpreter.
99 # The Perl script to execute on authorize, authenticate,
100 # accounting, xlat, etc. This is very similar to using
101 # 'rlm_exec' module, but it is persistent, and therefore
104 module = /path/to/your/perl_module.pm
107 # The following hashes are given to the module and
108 # filled with value-pairs (Attribute names and values)
110 # %RAD_CHECK Read-only Check items
111 # %RAD_REQUEST Read-only Attributes from the request
112 # %RAD_REPLY Read-write Attributes for the reply
114 # The return codes from functions in the perl_script
115 # are passed directly back to the server. These
116 # codes are defined in doc/configurable_failover,
117 # src/include/modules.h (RLM_MODULE_REJECT, etc),
118 # and are pre-defined in the 'example.pl' program
123 # List of functions in the module to call.
124 # Uncomment and change if you want to use function
125 # names other than the defaults.
127 #func_authenticate = authenticate
128 #func_authorize = authorize
129 #func_preacct = preacct
130 #func_accounting = accounting
131 #func_checksimul = checksimul
132 #func_pre_proxy = pre_proxy
133 #func_post_proxy = post_proxy
134 #func_post_auth = post_auth
136 #func_detach = detach
139 # Uncomment the following lines if you wish
140 # to use separate functions for Start and Stop
141 # accounting packets. In that case, the
142 # func_accounting function is not called.
144 #func_start_accounting = accounting_start
145 #func_stop_accounting = accounting_stop
147 # Uncomment the following lines if your perl is
148 # compiled with threads support.
149 # The settings below are the defaults.
153 #min_spare_clones = 0
154 #max_spare_clones = 32
156 #max_request_per_clone = 0
161 # Perform NT-Domain authentication. This only works
162 # with PAP authentication. That is, Authentication-Request
163 # packets containing a User-Password attribute.
165 # To use it, add 'smb' into the 'authenticate' section,
166 # and then in another module (usually the 'users' file),
167 # set 'Auth-Type := SMB'
169 # WARNING: this module is not only experimental, it's also
170 # a security threat. It's not recommended to use it until
174 server = ntdomain.server.example.com
175 backup = backup.server.example.com
179 # See doc/rlm_fastusers before using this
180 # module or changing these values.
183 usersfile = ${confdir}/users_fast
186 # Reload the hash every 600 seconds (10mins)
191 # See also protocol_filter.conf
195 # Location of the protocol filter configuration file.
197 filename = ${raddbdir}/protocol_filter.conf
200 # The key to look up the section with filtering rules.
202 key = %{Realm:-DEFAULT}
207 # Should be added in the post-auth section (after all other modules)
208 # and in the authorize section (before any other modules)
214 # [... other modules ...]
217 # [... other modules ...]
221 # The caching module will cache the Auth-Type and reply items
222 # and send them back on any subsequent requests for the same key
226 # filename: The gdbm file to use for the cache database
227 # (can be memory mapped for more speed)
229 # key: A string to xlat and use as a key. For instance,
230 # "%{Acct-Unique-Session-Id}"
232 # post-auth: If we find a cached entry, set the post-auth to that value
234 # cache-ttl: The time to cache the entry. The same time format
235 # as the counter module apply here.
237 # h: hours, d: days, w: weeks, m: months
238 # If the letter is ommited days will be assumed.
241 # cache-size: The gdbm cache size to request (default 1000)
243 # hit-ratio: If set to non-zero we print out statistical
244 # information after so many cache requests
246 # cache-rejects: Do we also cache rejects, or not? (default 'yes')
249 filename = ${raddbdir}/db.cache
252 key = "%{Acct-Unique-Session-Id}"
255 # cache-rejects = yes
259 # Simple module for logging of Account packets to radiusd.log
260 # You need to declare it in the accounting section for it to work
263 acctlog_start = "Connect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address})"
264 acctlog_stop = "Disconnect: [%{User-Name}] (did %{Called-Station-Id} cli %{Calling-Station-Id} port %{NAS-Port} ip %{Framed-IP-Address}) %{Acct-Session-Time} seconds"
265 acctlog_on = "NAS %C (%{NAS-IP-Address}) just came online"
266 acctlog_off = "NAS %C (%{NAS-IP-Address}) just went offline"