From 36f1a92cea2b74a44ba521701d6cb31df8ce3cd1 Mon Sep 17 00:00:00 2001 From: venaas Date: Tue, 15 May 2007 09:18:46 +0000 Subject: [PATCH] updated config examples and README git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@86 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- README | 16 +++++++--------- clients.conf-example | 10 ---------- radsecproxy.c | 8 ++++---- radsecproxy.conf-example | 49 ++++++++++++++++++++++++++++++++++++++++++++++++ servers.conf-example | 14 -------------- 5 files changed, 60 insertions(+), 37 deletions(-) delete mode 100644 clients.conf-example delete mode 100644 servers.conf-example diff --git a/README b/README index 43be4c6..dce3195 100644 --- a/README +++ b/README @@ -2,14 +2,12 @@ This is a beta version of a generic RADIUS proxy that can support various RADIUS clients over UDP or TLS (RadSec). It should build on most Linux and BSD platforms by simply typing -"make". To use it you need to create three config files. These -are the main config file "radsecproxy.conf" and server and client -files "servers.conf" and "clients.conf". See the enclosed example -files for further instructions. - -The config files must be in either "/etc/radsecproxy" or the -proxy's current work directory. You may alter the path near -the top of radsecproxy.h if necessary. +"make". To use it you need to create a config file called +"radsecproxy.conf" which must be in /etc/radsecproxy (unless +you alter it in the header file), the current directory, or +you can specify the location with the "-c" command line +option (see below). See the enclosed example file for further +instructions. There are three options that may be specified on the command line. "-c configfile" to specify a non-default config file path; @@ -20,4 +18,4 @@ log to syslog. For more information, feedback etc. contact . -Stig Venaas, 2007.05.14 +Stig Venaas, 2007.05.15 diff --git a/clients.conf-example b/clients.conf-example deleted file mode 100644 index 3d76ed0..0000000 --- a/clients.conf-example +++ /dev/null @@ -1,10 +0,0 @@ -#Here we list RADIUS clients that we are willing to serve -# this file must be in /etc/radsecproxy or proxy's current directory -# -#First field is T or U for TLS or UDP -#Second is address or fqdn, and must match certificate cn for TLS -#Third field is the secret and is optional for TLS - -T 2001:db8::1 -U 127.0.0.1 secret -T radius.example.com verysecret diff --git a/radsecproxy.c b/radsecproxy.c index 570a11f..779a1fa 100644 --- a/radsecproxy.c +++ b/radsecproxy.c @@ -448,12 +448,12 @@ void tlsconnect(struct server *server, struct timeval *when, char *text) { sleep(10); } else if (elapsed < 5) sleep(10); - else if (elapsed < 600) { + else if (elapsed < 300) { debug(DBG_INFO, "tlsconnect: sleeping %lds", elapsed); sleep(elapsed); - } else if (elapsed < 1000) { - debug(DBG_INFO, "tlsconnect: sleeping %ds", 900); - sleep(900); + } else if (elapsed < 100000) { + debug(DBG_INFO, "tlsconnect: sleeping %ds", 600); + sleep(600); } else server->lastconnecttry.tv_sec = now.tv_sec; /* no sleep at startup */ debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->peer.host, server->peer.port); diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example index 0953709..62d5836 100644 --- a/radsecproxy.conf-example +++ b/radsecproxy.conf-example @@ -28,3 +28,52 @@ TLSCertificateKeyPassword follow the white rabbit # LOG_LOCAL0, ..., LOG_LOCAL7 #LogDestination x-syslog:// #LogDestination x-syslog://log_local2 + +#Now we configure clients, servers and realms. Note that these and +#also the lines above may be in any order, except that a realm +#can only be configured to use a server that is previously configured. + +client 2001:db8::1 { + type tls + secret verysecret +} +client 127.0.0.1 { + type udp + secret secret +} +client radius.example.com { + type TLS +# secret is optional for TLS +} + +server 127.0.0.1 { + type UDP + secret secret +} +realm eduroam.cc { + server 127.0.0.1 +} + +server 2001:db8::1 { + type TLS + port 2283 +# secret is optional for TLS +} +server radius.example.com { + type tls + secret verysecret +} + +realm example.com { + server 2001:db8::1 +} +realm com { + server 2001:db8::1 +} +# Matching of realms is done in the order specified. +# Except * which is a catch all that is used as a last resort +# The matching is going to be changed to be regexp of the +# entire username value +realm * { + server radius.example.com +} diff --git a/servers.conf-example b/servers.conf-example deleted file mode 100644 index 2657818..0000000 --- a/servers.conf-example +++ /dev/null @@ -1,14 +0,0 @@ -#Here we list RADIUS servers we will use for different realms -# this file must be in /etc/radsecproxy or proxy's current directory -# -#First field is T or U for TLS or UDP -#Second is address or fqdn and optional port, must match certificate cn for TLS -# port is specified using addr:port or domain:port -#Third field is ";" separated list of realms -# * can be used for matching anything (default route) -# realms will be matched in the order specified, using first match -#Fourth field is the secret and is optional for TLS - -T [2001:db8::1]:2283 example.com;com -U 127.0.0.1 eduroam.cc secret -T radius.example.com * verysecret -- 2.1.4