radsecproxy-1.6.5.

[libradsec.git] / radsecproxy.conf-example

diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example
index 0ad6b36..c97a772 100644 (file)
--- a/radsecproxy.conf-example
+++ b/radsecproxy.conf-example
@@ -6,9 +6,9 @@
 # You can optionally specify addresses and ports to listen on
 # Multiple statements can be used for multiple ports/addresses
 #ListenUDP             *:1814
-#listenUDP             localhost
+#ListenUDP             localhost
 #ListenTCP             [2001:700:1:7:215:f2ff:fe35:307d]:1812
-#listenTLS             10.10.10.10:2084
+#ListenTLS             10.10.10.10:2084
 #ListenTLS             [2001:700:1:7:215:f2ff:fe35:307d]:2084
 #ListenDTLS            [2001:700:1:7:215:f2ff:fe35:307d]:2084
 
@@ -39,12 +39,13 @@
 # fticksVISCOUNTRY option.
 
 # You can optionally specify FTicksMAC in order to determine if and
-# how Calling-Station-Id is logged.
+# how Calling-Station-Id (users Ethernet MAC address) is being logged.
 #   Static          -- Use a static string as a placeholder for
-#                      Calling-Station-Id.  This is the default.
+#                      Calling-Station-Id.
 #   Original        -- Log Calling-Station-Id as-is.
 #   VendorHashed    -- Keep first three segments as-is, hash the rest.
-#   VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key.
+#   VendorKeyHashed -- Like VendorHashed but salt with F-Ticks-Key.    This
+#                     is the default.
 #   FullyHashed     -- Hash the entire string.
 #   FullyKeyHashed  -- Like FullyHashed but salt with F-Ticks-Key.
 
@@ -54,14 +55,22 @@
 
 # Default F-Ticks configuration:
 #FTicksReporting None
-#FTicksMAC FullyKeyHashed
+#FTicksMAC Static
+
+# You can optionally specify FTicksSyslogFacility to use a dedicated 
+# syslog facility for F-Ticks messages. This allows for easier filtering
+# of F-Ticks messages.
+# F-Ticks messages are always logged using the log level LOG_DEBUG.
+# Note that specifying a file (using the file:/// prefix) is not supported.
+#FTicksSyslogFacility  log_local1
+#FTicksSyslogFacility  x-syslog:///log_local1 
 
 # There is an option for doing some simple loop prevention.  Note that
 # the LoopPrevention directive can be used in server blocks too,
 # overriding what's set here in the basic settings.
 #LoopPrevention                on
 # Add TTL attribute with value 20 if not present (prevents endless loops)
-#addTTL 20
+#AddTTL 20
 
 # If we have TLS clients or servers we must define at least one tls block.
 # You can name them whatever you like and then reference them by name when
@@ -125,7 +134,7 @@ tls default {
 #      modifyAttribute 1:/^(.*)@local$/\1@example.com/
 # }
 
-client 2001:db8::1 {
+client [2001:db8::1] {
        type    tls
        secret  verysecret
 # we could specify tls here, e.g.
@@ -171,7 +180,7 @@ realm       eduroam.cc {
 #      accountingServer 127.0.0.1
 }
 
-server 2001:db8::1 {
+server [2001:db8::1] {
        type    TLS
        port    2283
 # secret is optional for TLS