Radiusclients
The Client-Configuration client.conf
The File client.conf is found where you have configured it in config.h in the define RADCLIENTCONF.
It can be overwritten at runtime by the Environmentvariable RADHOME
It has the syntax
attribute = value
A line beginning with # is a comment.
Following is possible:
- radhost
- RADIUS server to use for authentication and accounting requests. This
config item can appear more then one time. If multiple servers are
defined they are tried in a round robin fashion if one
Server is not answering.
Optionally you can specify a the port number on which is remote
RADIUS listens separated by a colon from the hostname. If
no port is specified /etc/services is consulted of the radius
service. If this fails also a compiled in default is used.
- login_tries
- maximum login tries a user has
- login_timeout
- timeout for all login tries
if this time is exceeded the user is kicked out
- nologin
- name of the nologin file which when it exists disables logins.
it may be extended by the ttyname which will result in
a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
logins on /dev/ttyS2)
nologin = /etc/nologin
- issue
- name of the issue file. it's only display when no username is passed
on the radlogin command line
- auth_order
-
specify which authentication comes first respectively which
authentication is used. possible values are: radius and local
if you specify radius,local then the RADIUS server is asked
first then the local one. if only one keyword is specified only
this server is asked.
Example:
auth_order = radius,local
- dictpath
- path of the attribut-Dictionary
- clientpath
- login_radius
- program to call for a RADIUS authenticated login
- seqfile
- file which holds sequence number for communication with the
RADIUS server
- mapfile
- file which specifies mapping between ttyname and NAS-Port attribute
- default_realm
- default authentication realm to append to all usernames if no
realm was explicitly specified by the user
The radiusd directly form Livingston doesn't use any realms, so leave
it blank.
- secret(realmname)
- sets the secret for realm realmname. If the braces with the name is omitted, it is the secret for the default- realm.
- radius_timeout
- time to wait for a reply from the RADIUS server
- radius_retries
- resend request this many times before trying the next server
- start_ppp
- Commandline to start the pppd
- login_local
- program to execute for local login
it must support the -f flag for preauthenticated login
- port_pool
File with the OUTBOUND settings
- file holding shared secrets used for the communication
between the RADIUS client and server
- tmpl
- the path for the default-Usertemplate for radadmin
For additional clients like my useradministration, one can have
additional Attributes in this file, i.e.
- ausdrucktmpl
- It is a template (Latex,SGML,ps,...) for the configurationdata like
username,password,protocolls,telefonenumbers
- ausdrucksc
- is the path of the script doing the printing (i.e. calling latex and prints
- dbhost
- the host for a additional database for the useradministration. The default-value is the first radiushost
Rudolf Weber
Informatik- und Netzwerkverein Ravensburg e.V