updated config examples and README

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@86 e88ac4ed-0b26-0410-9574-a7f39faa03bf

diff --git a/README b/README
index 43be4c6..dce3195 100644 (file)
--- a/README
+++ b/README
@@ -2,14 +2,12 @@ This is a beta version of a generic RADIUS proxy that can support
 various RADIUS clients over UDP or TLS (RadSec).
 
 It should build on most Linux and BSD platforms by simply typing
 various RADIUS clients over UDP or TLS (RadSec).
 
 It should build on most Linux and BSD platforms by simply typing

-"make". To use it you need to create three config files. These
-are the main config file "radsecproxy.conf" and server and client
-files "servers.conf" and "clients.conf". See the enclosed example
-files for further instructions.
-
-The config files must be in either "/etc/radsecproxy" or the
-proxy's current work directory. You may alter the path near
-the top of radsecproxy.h if necessary.
+"make". To use it you need to create a config file called
+"radsecproxy.conf" which must be in /etc/radsecproxy (unless
+you alter it in the header file), the current directory, or
+you can specify the location with the "-c" command line
+option (see below). See the enclosed example file for further
+instructions.

 
 There are three options that may be specified on the command line.
 "-c configfile" to specify a non-default config file path;
 
 There are three options that may be specified on the command line.
 "-c configfile" to specify a non-default config file path;


@@ -20,4 +18,4 @@ log to syslog.
 
 For more information, feedback etc. contact <venaas@uninett.no>.
 
 
 For more information, feedback etc. contact <venaas@uninett.no>.
 

-Stig Venaas, 2007.05.14
+Stig Venaas, 2007.05.15

diff --git a/clients.conf-example b/clients.conf-example
deleted file mode 100644 (file)
index 3d76ed0..0000000
--- a/clients.conf-example
+++ /dev/null
@@ -1,10 +0,0 @@
-#Here we list RADIUS clients that we are willing to serve
-#       this file must be in /etc/radsecproxy or proxy's current directory
-#
-#First field is T or U for TLS or UDP
-#Second is address or fqdn, and must match certificate cn for TLS
-#Third field is the secret and is optional for TLS
-
-T 2001:db8::1
-U 127.0.0.1 secret
-T radius.example.com verysecret

diff --git a/radsecproxy.c b/radsecproxy.c
index 570a11f..779a1fa 100644 (file)
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -448,12 +448,12 @@ void tlsconnect(struct server *server, struct timeval *when, char *text) {
            sleep(10);
        } else if (elapsed < 5)
            sleep(10);
            sleep(10);
        } else if (elapsed < 5)
            sleep(10);

-       else if (elapsed < 600) {
+       else if (elapsed < 300) {

            debug(DBG_INFO, "tlsconnect: sleeping %lds", elapsed);
            sleep(elapsed);
            debug(DBG_INFO, "tlsconnect: sleeping %lds", elapsed);
            sleep(elapsed);

-       } else if (elapsed < 1000) {
-           debug(DBG_INFO, "tlsconnect: sleeping %ds", 900);
-           sleep(900);
+       } else if (elapsed < 100000) {
+           debug(DBG_INFO, "tlsconnect: sleeping %ds", 600);
+           sleep(600);

        } else
            server->lastconnecttry.tv_sec = now.tv_sec;  /* no sleep at startup */
        debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->peer.host, server->peer.port);
        } else
            server->lastconnecttry.tv_sec = now.tv_sec;  /* no sleep at startup */
        debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->peer.host, server->peer.port);

diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example
index 0953709..62d5836 100644 (file)
--- a/radsecproxy.conf-example
+++ b/radsecproxy.conf-example
@@ -28,3 +28,52 @@ TLSCertificateKeyPassword    follow the white rabbit
 # LOG_LOCAL0, ..., LOG_LOCAL7
 #LogDestination         x-syslog://
 #LogDestination         x-syslog://log_local2
 # LOG_LOCAL0, ..., LOG_LOCAL7
 #LogDestination         x-syslog://
 #LogDestination         x-syslog://log_local2

+
+#Now we configure clients, servers and realms. Note that these and
+#also the lines above may be in any order, except that a realm
+#can only be configured to use a server that is previously configured.
+
+client 2001:db8::1 {
+       type    tls
+       secret  verysecret
+}
+client 127.0.0.1 {
+       type    udp
+       secret  secret
+}
+client radius.example.com {
+       type TLS
+# secret is optional for TLS
+}
+
+server 127.0.0.1 {
+       type    UDP
+       secret  secret
+}
+realm  eduroam.cc {
+       server  127.0.0.1
+}
+
+server 2001:db8::1 {
+       type    TLS
+       port    2283
+# secret is optional for TLS
+}
+server radius.example.com {
+       type    tls
+       secret  verysecret
+}
+
+realm example.com {
+       server 2001:db8::1
+}
+realm com {
+       server 2001:db8::1
+}
+# Matching of realms is done in the order specified.
+# Except * which is a catch all that is used as a last resort
+# The matching is going to be changed to be regexp of the
+# entire username value
+realm * {
+       server radius.example.com
+}

diff --git a/servers.conf-example b/servers.conf-example
deleted file mode 100644 (file)
index 2657818..0000000
--- a/servers.conf-example
+++ /dev/null
@@ -1,14 +0,0 @@
-#Here we list RADIUS servers we will use for different realms
-#      this file must be in /etc/radsecproxy or proxy's current directory
-#
-#First field is T or U for TLS or UDP
-#Second is address or fqdn and optional port, must match certificate cn for TLS
-#       port is specified using addr:port or domain:port
-#Third field is ";" separated list of realms
-#      * can be used for matching anything (default route)
-#       realms will be matched in the order specified, using first match
-#Fourth field is the secret and is optional for TLS
-
-T [2001:db8::1]:2283 example.com;com
-U 127.0.0.1 eduroam.cc secret
-T radius.example.com * verysecret