2 # proxy.conf - proxy radius and realm configuration directives
4 # This file is included by default. To disable it, you will need
5 # to modify the PROXY CONFIGURATION section of "radiusd.conf".
7 #######################################################################
9 # Proxy server configuration
11 # This entry controls the servers behaviour towards ALL other servers
12 # to which it sends proxy requests.
17 # If the NAS re-sends the request to us, we can immediately re-send
18 # the proxy request to the end server. To do so, use 'yes' here.
20 # If this is set to 'no', then we send the retries on our own schedule,
21 # and ignore any duplicate NAS requests.
23 # If you want to have the server send proxy retries ONLY when the NAS
24 # sends it's retries to the server, then set this to 'yes', and
25 # set the other proxy configuration parameters to 0 (zero).
30 # The time (in seconds) to wait for a response from the proxy, before
31 # re-sending the proxied request.
33 # If this time is set too high, then the NAS may re-send the request,
34 # or it may give up entirely, and reject the user.
36 # If it is set too low, then the RADIUS server which receives the proxy
37 # request will get kicked unnecessarily.
42 # The number of retries to send before giving up, and sending a reject
48 # If the home server does not respond to any of the multiple retries,
49 # then FreeRADIUS will stop sending it proxy requests, and mark it 'dead'.
51 # If there are multiple entries configured for this realm, then the
52 # server will fail-over to the next one listed. If no more are listed,
53 # then no requests will be proxied to that realm.
56 # After a configurable 'dead_time', in seconds, FreeRADIUS will
57 # speculatively mark the home server active, and start sending requests
60 # If this dead time is set too low, then you will lose requests,
61 # as FreeRADIUS will quickly switch back to the home server, even if
64 # If this dead time is set too high, then FreeRADIUS may take too long
65 # to switch back to the primary home server.
67 # Realistic values for this number are in the range of minutes to hours.
73 #######################################################################
75 # Configuration for the proxy realms.
77 # The information given here is used in conjunction with the 'realms'
78 # file. This format is preferred, as it is more flexible. The realms
79 # listed here take priority over those listed in the 'realms' file.
83 # authhost = radius.isp2.com:1645
84 # accthost = radius.isp2.com:1646
90 # a fail-over realm for isp2.com
94 # authhost = radius2.isp2.com:1645
95 # accthost = radius2.isp2.com:1646
102 # authhost = radius.company.com:1600
103 # accthost = radius.company.com:1601
104 # secret = testing123
108 # This is a local realm. The requests are NOT proxied,
109 # but instead are authenticated by the RADIUS server itself.
115 # secret = testing123
119 # This realm is for requests which don't have an explicit realm
120 # prefix or suffix. User names like "bob" will match this one.
124 # authhost = radius.company.com:1600
125 # accthost = radius.company.com:1601
126 # secret = testing123
130 # This realm is for ALL OTHER requests.
134 # authhost = radius.company.com:1600
135 # accthost = radius.company.com:1601
136 # secret = testing123
141 # authhost = radius.company.com:1600
142 # accthost = radius.company.com:1601
143 # secret = testing123