wish to read through them all before making and changes.
-edit radiusd.conf::
-
- ----Begin radiusd.conf----
- ##
- ## radiusd.conf -- FreeRADIUS server configuration file.
- ##
-
- prefix = /usr/local
- exec_prefix = ${prefix}
- sysconfdir = /usr/local/etc/raddb
- localstatedir = ${prefix}/var
- sbindir = ${exec_prefix}/sbin
- logdir = /var/log
- raddbdir = /usr/local/etc/raddb
- radacctdir = /var/log/radacct
-
- # Location of config and logfiles.
- confdir = ${raddbdir}
- run_dir = ${localstatedir}/run/radiusd
- log_file = ${logdir}/radius.log
- libdir = ${exec_prefix}/lib
- pidfile = ${run_dir}/radiusd.pid
-
- #user = nobody
- #group = nobody
-
- max_request_time = 30
- delete_blocked_requests = no
- cleanup_delay = 5
- max_requests = 0
- bind_address = *
- port = 0
- hostname_lookups = no
- allow_core_dumps = no
- log_stripped_names = no
- log_auth = no
- log_auth_badpass = no
- log_auth_goodpass = no
-
- # The program to execute to do concurrency checks.
- #checkrad = ${sbindir}/checkrad
-
- security {
- max_attributes = 200
- reject_delay = 0
- status_server = no
- }
-
- proxy_requests = yes
- $INCLUDE ${confdir}/proxy.conf
-
- $INCLUDE ${confdir}/clients.conf
-
- thread pool {
- start_servers = 5
- max_servers = 32
- min_spare_servers = 3
- max_spare_servers = 10
- max_requests_per_server = 0
- }
-
- modules {
-
- ldap {
- server = "localhost"
- identity = "uid=freeradius,ou=admins,ou=radius,dc=mydomain,dc=com"
- password = example
- basedn = "ou=users,ou=radius,dc=mydomain,dc=com"
- filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}})
- (objectclass=radiusprofile)"
- start_tls = no
- tls_mode = no
- #default_profile = "uid=dial,ou=profiles,ou=radius,dc=mydomain,dc=com"
- #profile_attribute = "radiusProfileDn"
- dictionary_mapping = ${raddbdir}/ldap.attrmap
- ldap_cache_timeout = 120
- ldap_cache_size = 0
- ldap_connections_number = 10
- #password_header = "{clear}"
- password_attribute = userPassword
- groupname_attribute = radiusGroupName
- groupmembership_filter = "(&(uid=%{%{Stripped-User-Name}:-%{User-Name}}))
- (objectclass=radiusProfile)"
- groupmembership_attribute = radiusGroupName
- timeout = 3
- timelimit = 5
- net_timeout = 1
- compare_check_items = no
- #access_attr_used_for_allow = yes
- }
-
- realm suffix {
- format = suffix
- delimiter = "@"
- }
-
- preprocess {
- huntgroups = ${confdir}/huntgroups
- #hints = ${confdir}/hints
- with_ascend_hack = no
- ascend_channels_per_line = 23
- with_ntdomain_hack = no
- with_specialix_jetstream_hack = no
- with_cisco_vsa_hack = no
- }
-
- files {
- usersfile = ${confdir}/users
- #acctusersfile = ${confdir}/acct_users
- compat = no
- #use old style users
- }
- # regular detail files
- detail detail1 {
- filename = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
- permissions = 0600
- dir_permissions = 0755
- }
- # temp detail file to replicate to accountrad
- detail detail2 {
- filename = ${radacctdir}/detail-combined
- permissions = 0600
- dir_permissions = 0755
- locking = yes
- }
-
- #radutmp {
- # filename = ${logdir}/radutmp
- # permissions = 0600
- # caller_id = "yes"
- #}
-
- #radutmp sradutmp {
- # filename = ${logdir}/sradutmp
- # permissions = 0644
- # caller_id = "no"
- #}
-
- #attr_filter {
- # attrsfile = ${confdir}/attrs
- #}
-
-
- # The "always" module is here for debugging purposes. Each
- # instance simply returns the same result, always, without
- # doing anything.
- always fail {
- rcode = fail
- }
- always reject {
- rcode = reject
- }
- always ok {
- rcode = ok
- simulcount = 0
- mpp = no
- }
-
- #
- # The 'expression' module current has no configuration.
- expr {
- }
-
- }
-
- instantiate {
- expr
- }
-
- authorize {
- preprocess
- suffix
- files
- ldap
- }
-
- authenticate {
- authtype LDAP {
- ldap
- }
- }
-
- preacct {
- preprocess
- suffix
- files
- }
-
- accounting {
- acct_unique
- detail1
- detail2
- #radutmp
- #sradutmp
- }
-
-
- #session {
- #radutmp
- #}
-
- #post-auth {
- # Get an address from the IP Pool.
- #main_pool
- #}
- ----End radiusd.conf----
-
-
edit huntgroups to specify a NAS to a huntgroup::
----Begin huntgroups----
projects / thirdparty / freeradius-server.git / commitdiff
