various RADIUS clients over UDP or TLS (RadSec).
It should build on most Linux and BSD platforms by simply typing
-"make". To use it you need to create three config files. These
-are the main config file "radsecproxy.conf" and server and client
-files "servers.conf" and "clients.conf". See the enclosed example
-files for further instructions.
-
-The config files must be in either "/etc/radsecproxy" or the
-proxy's current work directory. You may alter the path near
-the top of radsecproxy.h if necessary.
+"make". To use it you need to create a config file called
+"radsecproxy.conf" which must be in /etc/radsecproxy (unless
+you alter it in the header file), the current directory, or
+you can specify the location with the "-c" command line
+option (see below). See the enclosed example file for further
+instructions.
There are three options that may be specified on the command line.
"-c configfile" to specify a non-default config file path;
For more information, feedback etc. contact <venaas@uninett.no>.
-Stig Venaas, 2007.05.14
+Stig Venaas, 2007.05.15
+++ /dev/null
-#Here we list RADIUS clients that we are willing to serve
-# this file must be in /etc/radsecproxy or proxy's current directory
-#
-#First field is T or U for TLS or UDP
-#Second is address or fqdn, and must match certificate cn for TLS
-#Third field is the secret and is optional for TLS
-
-T 2001:db8::1
-U 127.0.0.1 secret
-T radius.example.com verysecret
sleep(10);
} else if (elapsed < 5)
sleep(10);
- else if (elapsed < 600) {
+ else if (elapsed < 300) {
debug(DBG_INFO, "tlsconnect: sleeping %lds", elapsed);
sleep(elapsed);
- } else if (elapsed < 1000) {
- debug(DBG_INFO, "tlsconnect: sleeping %ds", 900);
- sleep(900);
+ } else if (elapsed < 100000) {
+ debug(DBG_INFO, "tlsconnect: sleeping %ds", 600);
+ sleep(600);
} else
server->lastconnecttry.tv_sec = now.tv_sec; /* no sleep at startup */
debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->peer.host, server->peer.port);
# LOG_LOCAL0, ..., LOG_LOCAL7
#LogDestination x-syslog://
#LogDestination x-syslog://log_local2
+
+#Now we configure clients, servers and realms. Note that these and
+#also the lines above may be in any order, except that a realm
+#can only be configured to use a server that is previously configured.
+
+client 2001:db8::1 {
+ type tls
+ secret verysecret
+}
+client 127.0.0.1 {
+ type udp
+ secret secret
+}
+client radius.example.com {
+ type TLS
+# secret is optional for TLS
+}
+
+server 127.0.0.1 {
+ type UDP
+ secret secret
+}
+realm eduroam.cc {
+ server 127.0.0.1
+}
+
+server 2001:db8::1 {
+ type TLS
+ port 2283
+# secret is optional for TLS
+}
+server radius.example.com {
+ type tls
+ secret verysecret
+}
+
+realm example.com {
+ server 2001:db8::1
+}
+realm com {
+ server 2001:db8::1
+}
+# Matching of realms is done in the order specified.
+# Except * which is a catch all that is used as a last resort
+# The matching is going to be changed to be regexp of the
+# entire username value
+realm * {
+ server radius.example.com
+}
+++ /dev/null
-#Here we list RADIUS servers we will use for different realms
-# this file must be in /etc/radsecproxy or proxy's current directory
-#
-#First field is T or U for TLS or UDP
-#Second is address or fqdn and optional port, must match certificate cn for TLS
-# port is specified using addr:port or domain:port
-#Third field is ";" separated list of realms
-# * can be used for matching anything (default route)
-# realms will be matched in the order specified, using first match
-#Fourth field is the secret and is optional for TLS
-
-T [2001:db8::1]:2283 example.com;com
-U 127.0.0.1 eduroam.cc secret
-T radius.example.com * verysecret