2 ######################################################################
4 # Sample configuration file for dynamically updating the list
5 # of RADIUS clients at run time.
7 # Everything is keyed off of a client "network". (e.g. 192.168/16)
8 # This configuration lets the server know that clients within
9 # that network are defined dynamically.
11 # When the server receives a packet from an unknown IP address
12 # within that network, it tries to find a dynamic definition
13 # for that client. If the definition is found, the IP address
14 # (and other configuration) is added to the server's internal
15 # cache of "known clients", with a configurable lifetime.
17 # Further packets from that IP address result in the client
18 # definition being found in the cache. Once the lifetime is
19 # reached, the client definition is deleted, and any new requests
20 # from that client are looked up as above.
22 # If the dynamic definition is not found, then the request is
23 # treated as if it came from an unknown client. i.e. It is
26 # As part of protection from Denial of Service (DoS) attacks,
27 # the server will add only one new client per second. This CANNOT
28 # be changed, and is NOT configurable.
32 ######################################################################
35 # Define a network where clients may be dynamically defined.
40 # You MUST specify a netmask!
41 # IPv4 /32 or IPv6 /128 are NOT allowed!
45 # Any other configuration normally found in a "client"
46 # entry can be used here.
49 # A shared secret does NOT have to be defined. It can
53 # Define the virtual server used to discover dynamic clients.
54 dynamic_clients = dynamic_client_server
57 # The directory where client definitions are stored. This
58 # needs to be used ONLY if the client definitions are stored
59 # in flat-text files. Each file in that directory should be
60 # ONE and only one client definition. The name of the file
61 # should be the IP address of the client.
63 # If you are storing clients in SQL, this entry should not
65 # directory = ${confdir}/dynamic-clients/
68 # Define the lifetime (in seconds) for dynamic clients.
69 # They will be cached for this lifetime, and deleted afterwards.
71 # If the lifetime is "0", then the dynamic client is never
72 # deleted. The only way to delete the client is to re-start
78 # This is the virtual server referenced above by "dynamic_clients".
79 server dynamic_client_server {
82 # The only contents of the virtual server is the "authorize" section.
86 # Put any modules you want here. SQL, LDAP, "exec",
87 # Perl, etc. The only requirements is that the
88 # attributes MUST go into the control item list.
90 # The request that is processed through this section
91 # is EMPTY. There are NO attributes. The request is fake,
92 # and is NOT the packet that triggered the lookup of
95 # The ONLY piece of useful information is either
97 # Packet-Src-IP-Address (IPv4 clients)
98 # Packet-Src-IPv6-Address (IPv6 clients)
100 # The attributes used to define a dynamic client mirror
101 # the configuration items in the "client" structure.
106 # Echo the IP address of the client.
107 FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
109 # require_message_authenticator
110 FreeRADIUS-Client-Require-MA = no
113 FreeRADIUS-Client-Secret = "testing123"
116 FreeRADIUS-Client-Shortname = "%{Packet-Src-IP-Address}"
119 FreeRADIUS-Client-NAS-Type = "other"
123 # This can ONLY be used if the network client
124 # definition (e.g. "client dynamic" above) has
125 # NO virtual_server defined.
127 # If the network client definition does have a
128 # virtual_server defined, then that is used,
129 # and there is no need to define this attribute.
131 FreeRADIUS-Client-Virtual-Server = "something"
136 # Or, look the client up in SQL.
138 # This requires the SQL module to be configured, of course.
139 if ("%{sql: SELECT nasname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}") {
143 FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
146 # Do multiple SELECT statements to grab
147 # the various definitions.
148 FreeRADIUS-Client-Shortname = "%{sql: SELECT shortname FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
150 FreeRADIUS-Client-Secret = "%{sql: SELECT secret FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
152 FreeRADIUS-Client-NAS-Type = "%{sql: SELECT type FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
154 FreeRADIUS-Client-Virtual-Server = "%{sql: SELECT server FROM nas WHERE nasname = '%{Packet-Src-IP-Address}'}"
160 # Tell the caller that the client was defined properly.
162 # If the authorize section does NOT return "ok", then
163 # the new client is ignored.