diff options
author | John Dennis <jdennis@redhat.com> | 2007-11-03 12:22:20 -0400 |
---|---|---|
committer | John Dennis <jdennis@redhat.com> | 2007-11-03 12:22:20 -0400 |
commit | 8cfd270f3441094390d16df9c0d59b0c7ce42284 (patch) | |
tree | 1fbd3e64fe4ae3526b893025b147c250357d6c35 /ipa-server/ipa-install | |
parent | 8f4362f2f2ace9ed017dc5307c54290eb103842e (diff) | |
download | freeipa-8cfd270f3441094390d16df9c0d59b0c7ce42284.tar.gz freeipa-8cfd270f3441094390d16df9c0d59b0c7ce42284.tar.xz freeipa-8cfd270f3441094390d16df9c0d59b0c7ce42284.zip |
merge initial radius work
Diffstat (limited to 'ipa-server/ipa-install')
-rw-r--r-- | ipa-server/ipa-install/ipa-server-install | 6 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/60radius.ldif | 523 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/Makefile.am | 42 | ||||
-rw-r--r-- | ipa-server/ipa-install/share/radius.radiusd.conf.template | 280 |
4 files changed, 831 insertions, 20 deletions
diff --git a/ipa-server/ipa-install/ipa-server-install b/ipa-server/ipa-install/ipa-server-install index 06297d492..107c0d368 100644 --- a/ipa-server/ipa-install/ipa-server-install +++ b/ipa-server/ipa-install/ipa-server-install @@ -47,6 +47,7 @@ import ipaserver.krbinstance import ipaserver.bindinstance import ipaserver.httpinstance import ipaserver.ntpinstance +import ipaserver.radiusinstance from ipa.ipautil import run @@ -526,6 +527,11 @@ def main(): http = ipaserver.httpinstance.HTTPInstance() http.create_instance() + # Create a radius instance + radius = ipaserver.radiusinstance.RadiusInstance() + # FIXME: ldap_server should be derived, not hardcoded to localhost, also should it be a URL? + radius.create_instance(realm_name, host_name, 'localhost') + bind.setup(host_name, ip_address, realm_name) if options.setup_bind: skipbind = False diff --git a/ipa-server/ipa-install/share/60radius.ldif b/ipa-server/ipa-install/share/60radius.ldif new file mode 100644 index 000000000..1802029ea --- /dev/null +++ b/ipa-server/ipa-install/share/60radius.ldif @@ -0,0 +1,523 @@ +# This is a LDAPv3 schema for RADIUS attributes. +# Tested on OpenLDAP 2.0.7 +# Posted by Javier Fernandez-Sanguino Pena <jfernandez@sgi.es> +# LDAP v3 version by Jochen Friedrich <jochen@scram.de> +# Updates by Adrian Pavlykevych <pam@polynet.lviv.ua> +# Modified by John Dennis <jdennis@redhat.com> for use with Directory Sever/IPA +############## +dn: cn=schema +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.1 + NAME 'radiusArapFeatures' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.2 + NAME 'radiusArapSecurity' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.3 + NAME 'radiusArapZoneAccess' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.44 + NAME 'radiusAuthType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.4 + NAME 'radiusCallbackId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.5 + NAME 'radiusCallbackNumber' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.6 + NAME 'radiusCalledStationId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.7 + NAME 'radiusCallingStationId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.8 + NAME 'radiusClass' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.45 + NAME 'radiusClientIPAddress' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.9 + NAME 'radiusFilterId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.10 + NAME 'radiusFramedAppleTalkLink' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.11 + NAME 'radiusFramedAppleTalkNetwork' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.12 + NAME 'radiusFramedAppleTalkZone' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.13 + NAME 'radiusFramedCompression' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.14 + NAME 'radiusFramedIPAddress' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.15 + NAME 'radiusFramedIPNetmask' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.16 + NAME 'radiusFramedIPXNetwork' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.17 + NAME 'radiusFramedMTU' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.18 + NAME 'radiusFramedProtocol' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.19 + NAME 'radiusFramedRoute' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.20 + NAME 'radiusFramedRouting' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.46 + NAME 'radiusGroupName' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.47 + NAME 'radiusHint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.48 + NAME 'radiusHuntgroupName' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.21 + NAME 'radiusIdleTimeout' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.22 + NAME 'radiusLoginIPHost' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.23 + NAME 'radiusLoginLATGroup' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.24 + NAME 'radiusLoginLATNode' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.25 + NAME 'radiusLoginLATPort' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.26 + NAME 'radiusLoginLATService' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.27 + NAME 'radiusLoginService' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.28 + NAME 'radiusLoginTCPPort' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.29 + NAME 'radiusPasswordRetry' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.30 + NAME 'radiusPortLimit' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.49 + NAME 'radiusProfileDn' + DESC '' + EQUALITY distinguishedNameMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.31 + NAME 'radiusPrompt' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.50 + NAME 'radiusProxyToRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.51 + NAME 'radiusReplicateToRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.52 + NAME 'radiusRealm' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.32 + NAME 'radiusServiceType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.33 + NAME 'radiusSessionTimeout' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.34 + NAME 'radiusTerminationAction' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.35 + NAME 'radiusTunnelAssignmentId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.36 + NAME 'radiusTunnelMediumType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.37 + NAME 'radiusTunnelPassword' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.38 + NAME 'radiusTunnelPreference' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.39 + NAME 'radiusTunnelPrivateGroupId' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.40 + NAME 'radiusTunnelServerEndpoint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.41 + NAME 'radiusTunnelType' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.42 + NAME 'radiusVSA' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.43 + NAME 'radiusTunnelClientEndpoint' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +#need to change asn1.id +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.53 + NAME 'radiusSimultaneousUse' + DESC '' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.54 + NAME 'radiusLoginTime' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.55 + NAME 'radiusUserCategory' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.56 + NAME 'radiusStripUserName' + DESC '' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.57 + NAME 'dialupAccess' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.58 + NAME 'radiusExpiration' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.59 + NAME 'radiusCheckItem' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.60 + NAME 'radiusReplyItem' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.61 + NAME 'radiusNASIpAddress' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE + ) +attributeTypes: + ( 1.3.6.1.4.1.3317.4.3.1.62 + NAME 'radiusReplyMessage' + DESC '' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + ) +objectClasses: + ( 1.3.6.1.4.1.3317.4.3.2.1 + NAME 'radiusprofile' + SUP top AUXILIARY + DESC '' + MUST cn + MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ + radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ + radiusCalledStationId $ radiusCallingStationId $ radiusClass $ + radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ + radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ + radiusFramedCompression $ radiusFramedIPAddress $ + radiusFramedIPNetmask $ radiusFramedIPXNetwork $ + radiusFramedMTU $ radiusFramedProtocol $ + radiusCheckItem $ radiusReplyItem $ + radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ + radiusGroupName $ radiusHint $ radiusHuntgroupName $ + radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ + radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ + radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ + radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ + radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ + radiusSessionTimeout $ radiusStripUserName $ + radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ + radiusSimultaneousUse $ radiusTunnelAssignmentId $ + radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ + radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ + radiusTunnelType $ radiusUserCategory $ radiusVSA $ + radiusExpiration $ dialupAccess $ radiusNASIpAddress $ + radiusReplyMessage ) + ) +objectClasses: + ( 1.3.6.1.4.1.3317.4.3.2.2 + NAME 'radiusObjectProfile' + SUP top STRUCTURAL + DESC 'A Container Objectclass to be used for creating radius profile object' + MUST cn + MAY ( uid $ userPassword $ description ) + ) diff --git a/ipa-server/ipa-install/share/Makefile.am b/ipa-server/ipa-install/share/Makefile.am index 50d81c3ad..cdccb5893 100644 --- a/ipa-server/ipa-install/share/Makefile.am +++ b/ipa-server/ipa-install/share/Makefile.am @@ -1,28 +1,30 @@ NULL = appdir = $(IPA_DATA_DIR) -app_DATA = \ - 60kerberos.ldif \ - 60samba.ldif \ - bootstrap-template.ldif \ - default-aci.ldif \ - kerberos.ldif \ - indeces.ldif \ - bind.named.conf.template\ - bind.zone.db.template \ - certmap.conf.template \ - kdc.conf.template \ - krb5.conf.template \ - krb5.ini.template \ - krb.con.template \ - krbrealm.con.template \ - ntp.conf.server.template \ +app_DATA = \ + 60kerberos.ldif \ + 60samba.ldif \ + 60radius.ldif \ + bootstrap-template.ldif \ + default-aci.ldif \ + kerberos.ldif \ + indeces.ldif \ + bind.named.conf.template \ + bind.zone.db.template \ + certmap.conf.template \ + kdc.conf.template \ + krb5.conf.template \ + krb5.ini.template \ + krb.con.template \ + krbrealm.con.template \ + ntp.conf.server.template \ + radius.radiusd.conf.template \ $(NULL) -EXTRA_DIST = \ - $(app_DATA) \ +EXTRA_DIST = \ + $(app_DATA) \ $(NULL) -MAINTAINERCLEANFILES = \ - *~ \ +MAINTAINERCLEANFILES = \ + *~ \ Makefile.in diff --git a/ipa-server/ipa-install/share/radius.radiusd.conf.template b/ipa-server/ipa-install/share/radius.radiusd.conf.template new file mode 100644 index 000000000..d03105485 --- /dev/null +++ b/ipa-server/ipa-install/share/radius.radiusd.conf.template @@ -0,0 +1,280 @@ +# +# WARNING: This file is automatically generated, do not edit +# +# $CONFIG_FILE_VERSION_INFO +# +prefix = /usr +exec_prefix = /usr +sysconfdir = /etc +localstatedir = /var +sbindir = /usr/sbin +logdir = $${localstatedir}/log/radius +raddbdir = $${sysconfdir}/raddb +radacctdir = $${logdir}/radacct +confdir = $${raddbdir} +run_dir = $${localstatedir}/run/radiusd +db_dir = $${localstatedir}/lib/radiusd +log_file = $${logdir}/radius.log +libdir = /usr/lib +pidfile = $${run_dir}/radiusd.pid +user = radiusd +group = radiusd +max_request_time = 30 +delete_blocked_requests = no +cleanup_delay = 5 +max_requests = 1024 +bind_address = * +port = 0 +hostname_lookups = no +allow_core_dumps = no +regular_expressions = yes +extended_expressions = yes +log_stripped_names = no +log_auth = no +log_auth_badpass = no +log_auth_goodpass = no +usercollide = no +lower_user = no +lower_pass = no +nospace_user = no +nospace_pass = no +checkrad = $${sbindir}/checkrad +security { + max_attributes = 200 + reject_delay = 1 + status_server = no +} +proxy_requests = yes +$$INCLUDE $${confdir}/proxy.conf +$$INCLUDE $${confdir}/clients.conf +snmp = no +$$INCLUDE $${confdir}/snmp.conf +thread pool { + start_servers = 5 + max_servers = 32 + min_spare_servers = 3 + max_spare_servers = 10 + max_requests_per_server = 0 +} +modules { + pap { + auto_header = yes + } + chap { + authtype = CHAP + } + pam { + pam_auth = radiusd + } + unix { + cache = no + cache_reload = 600 + shadow = /etc/shadow + radwtmp = $${logdir}/radwtmp + } +$$INCLUDE $${confdir}/eap.conf + mschap { + } + ldap { + server = "$LDAP_SERVER" + use_sasl = yes + sasl_mech = "GSSAPI" + krb_keytab = "$RADIUS_KEYTAB" + krb_principal = "$RADIUS_PRINCIPAL" + basedn = "$RADIUS_USER_BASE_DN" + filter = "(uid=%{Stripped-User-Name:-%{User-Name}})" + base_filter = "(objectclass=radiusprofile)" + start_tls = no + access_attr = "$ACCESS_ATTRIBUTE" + dictionary_mapping = $${raddbdir}/ldap.attrmap + ldap_connections_number = 5 + edir_account_policy_check=no + timeout = 4 + timelimit = 3 + net_timeout = 1 + } + realm IPASS { + format = prefix + delimiter = "/" + ignore_default = no + ignore_null = no + } + realm suffix { + format = suffix + delimiter = "@" + ignore_default = no + ignore_null = no + } + realm realmpercent { + format = suffix + delimiter = "%" + ignore_default = no + ignore_null = no + } + realm ntdomain { + format = prefix + delimiter = "\\" + ignore_default = no + ignore_null = no + } + checkval { + item-name = Calling-Station-Id + check-name = Calling-Station-Id + data-type = string + } + preprocess { + huntgroups = $${confdir}/huntgroups + hints = $${confdir}/hints + with_ascend_hack = no + ascend_channels_per_line = 23 + with_ntdomain_hack = no + with_specialix_jetstream_hack = no + with_cisco_vsa_hack = no + } + files { + usersfile = $${confdir}/users + acctusersfile = $${confdir}/acct_users + preproxy_usersfile = $${confdir}/preproxy_users + compat = no + } + detail { + detailfile = $${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d + detailperm = 0600 + } + acct_unique { + key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" + } + radutmp { + filename = $${logdir}/radutmp + username = %{User-Name} + case_sensitive = yes + check_with_nas = yes + perm = 0600 + callerid = "yes" + } + radutmp sradutmp { + filename = $${logdir}/sradutmp + perm = 0644 + callerid = "no" + } + attr_filter { + attrsfile = $${confdir}/attrs + } + counter daily { + filename = $${db_dir}/db.daily + key = User-Name + count-attribute = Acct-Session-Time + reset = daily + counter-name = Daily-Session-Time + check-name = Max-Daily-Session + allowed-servicetype = Framed-User + cache-size = 5000 + } + sqlcounter dailycounter { + counter-name = Daily-Session-Time + check-name = Max-Daily-Session + reply-name = Session-Timeout + sqlmod-inst = sql + key = User-Name + reset = daily + query = "SELECT SUM(AcctSessionTime - \ + GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ + FROM radacct WHERE UserName='%{%k}' AND \ + UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" + } + sqlcounter monthlycounter { + counter-name = Monthly-Session-Time + check-name = Max-Monthly-Session + reply-name = Session-Timeout + sqlmod-inst = sql + key = User-Name + reset = monthly + query = "SELECT SUM(AcctSessionTime - \ + GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \ + FROM radacct WHERE UserName='%{%k}' AND \ + UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'" + } + always fail { + rcode = fail + } + always reject { + rcode = reject + } + always ok { + rcode = ok + simulcount = 0 + mpp = no + } + expr { + } + digest { + } + exec { + wait = yes + input_pairs = request + } + exec echo { + wait = yes + program = "/bin/echo %{User-Name}" + input_pairs = request + output_pairs = reply + } + ippool main_pool { + range-start = 192.168.1.1 + range-stop = 192.168.3.254 + netmask = 255.255.255.0 + cache-size = 800 + session-db = $${db_dir}/db.ippool + ip-index = $${db_dir}/db.ipindex + override = no + maximum-timeout = 0 + } +} +instantiate { + exec + expr +} +authorize { + preprocess + chap + mschap + suffix + eap + #files + ldap + pap +} +authenticate { + Auth-Type PAP { + pap + } + Auth-Type CHAP { + chap + } + Auth-Type MS-CHAP { + mschap + } + unix + eap +} +preacct { + preprocess + acct_unique + suffix + files +} +accounting { + detail + unix + radutmp +} +session { + radutmp +} +post-auth { +} +pre-proxy { +} +post-proxy { + eap +} |