-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathradiator-radius_proxy_auth.conf
168 lines (119 loc) · 4.48 KB
/
radiator-radius_proxy_auth.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# radiator-radius_proxy_auth.conf
# RADIUS authentication proxy
#
# Copyright by Radiator Software 2020-2025
# Created: 2020-10-15 [email protected]
# Modified: 2025-01-23 [email protected]
DbDir /etc/radiator
LogDir /var/log/radiator
# Log to numbered instance log file
LogFile %L/radiator-%{GlobalVar:instance}-%O.log
# Needed only for Radiator <= v4.28, an example how to use custom dictionaries
#DictionaryFile /opt/radiator/radiator/dictionary,/etc/radiator/dictionary.wba
# Dictionary file
DictionaryFile /opt/radiator/radiator/dictionary
# RADIUS proxy performance can be scaled with
# multiple processes and FarmSize setting
# Note: if you proxy to authenticating RADIUS instances,
# you need to ensure with HASHBALANCE etc that
# EAP authentication messages end up to the same
# Radiator instance
FarmSize 2
StatusServer minimal
# Put additional information to Radiator log file
LogMicroseconds
LogTraceId
LogFarmInstance
# No pidfile needed when started as systemd service
PidFile
# Trace levels: 4) debug, 3) informational, 2) warnings/errors
Trace 2
# Make IPv6 and IPv4 listen sockets completely separate
# Bind only to IPv4 wildcard address
BindV6Only
BindAddress 0.0.0.0
AuthPort 1812
AcctPort
# Enable shared memory based duplicate cache. All farm instances share
# the same duplicate cache. Possible values are: local, shared and global.
# The default is local. DupCacheFile sets the shared memory based cache
# file name. %0 is replaced by -pid-timestamp-random.
# Note: DupCacheFile should be readable only by Radiator process.
# Note: Using shared DupCache needs Cache::FastMmap Perl module
DupCache shared
#DupCacheFile /tmp/radiator-auth-dupcache%0
# proxy also unknown attributes
ProxyUnknownAttributes
###########################################################
# RADIUS request logging
###########################################################
<AuthLog FILE>
Identifier AUTHLOG-FILE
# log to numbered instance log file
Filename %L/authentication-%{GlobalVar:instance}-%O.log
LogSuccess
LogFailure
LogIgnore
# SuccessFormat, FailureFormat and IgnoreFormat are stored in
# separate file for clarity
Include %D/conf.d/authlog-formats.conf
</AuthLog>
# This acct logger logs accounting requests
<AcctLog FILE>
Identifier ACCTLOG-FILE
# log to numbered instance log file
Filename %L/accounting-%{GlobalVar:instance}-%O.log
# LogFormat is stored in separate file for clarity
Include %D/conf.d/acctlog-formats.conf
</AcctLog>
###########################################################
# Clients
###########################################################
# Loopback RADIUS clients
Include %D/conf.d/clients-radius-loopback.conf
# Local RADIUS clients
Include %D/conf.d/clients-radius-local.conf
# Default RADIUS clients
Include %D/conf.d/clients-radius-default.conf
# An example of instance specific RADIUS client file
#Include %D/conf.d/%{GlobalVar:instance}-clients-radius-local.conf
###########################################################
# AuthBys
###########################################################
# include AuthBys for exceptions in realm routing
#Include %D/conf.d/authbys-radius-exceptions.conf
# include AuthBys for local realms
Include %D/conf.d/authbys-radius-local.conf
# include AuthBys for forwarding RADIUS requests
Include %D/conf.d/authbys-radius-forward.conf
###########################################################
# Handlers
###########################################################
# include Handlers for exceptions in realm routing
#Include %D/conf.d/handlers-radius-exceptions.conf
# include Handlers for local realms
Include %D/conf.d/handlers-radius-local.conf
# include Handlers for cleaning up realms before routing
Include %D/conf.d/handlers-radius-clean.conf
# include Handlers for forwarding RADIUS requests
Include %D/conf.d/handlers-radius-forward.conf
# Reject all authentication since none should be arriving to
# this handler. Log all accounting.
<Handler>
Identifier HANDLER-DEFAULT
<AuthBy INTERNAL>
Identifier HANDLER-DEFAULT-AUTHBY-INTERNAL
AuthResult REJECT
AcctResult ACCEPT
# This sets reject reason for AuthLog
RejectReason HANDLER-DEFAULT: No suitable route or destination found.
</AuthBy>
# Log authentication result
AuthLog AUTHLOG-FILE
# log accounting result
AcctLog ACCTLOG-FILE
</Handler>
# there is no need for session database
<SessionDatabase NULL>
Identifier SESSION-DATABASE-NULL
</SessionDatabase>