Página 6 de 6 PrimeiroPrimeiro ... 23456
+ Responder ao Tópico



  1. prefix = /usr/local
    exec_prefix = ${prefix}
    sysconfdir = ${prefix}/etc
    localstatedir = ${prefix}/var
    sbindir = ${exec_prefix}/sbin
    logdir = ${localstatedir}/log/radius
    raddbdir = ${sysconfdir}/raddb
    radacctdir = ${logdir}/radacct

    confdir = ${raddbdir}
    run_dir = ${localstatedir}/run/radiusd.
    log_file = ${logdir}/radius.log
    libdir = ${exec_prefix}/lib
    pidfile = ${run_dir}/radiusd.pid
    user = root
    group = nobody
    max_request_time = 30
    delete_blocked_requests = no
    cleanup_delay = 5
    max_requests = 1024
    bind_address = *
    port = 0
    #listen {
    #
    # ipaddr = *
    #
    # port = 0
    #
    # type = auth
    }
    hostname_lookups = no
    allow_core_dumps = yes
    regular_expressions = no
    extended_expressions = no
    log_stripped_names = yes
    log_auth = yes
    log_auth_badpass = yes
    log_auth_goodpass = yes
    usercollide = no
    lower_user = no
    lower_pass = no
    nospace_user = no
    nospace_pass = no
    security {
    max_attributes = 200
    reject_delay = 1
    status_server = yes
    proxy_requests = yes
    $INCLUDE ${confdir}/proxy.conf
    $INCLUDE ${confdir}/clients.conf
    snmp = yes
    $INCLUDE ${confdir}/snmp.conf
    thread pool {
    start_servers = 5
    max_servers = 32
    min_spare_servers = 3
    max_spare_servers = 10
    max_requests_per_server = 250
    }
    modules {
    # name [ instance ] {
    # config_item = value
    # ...
    # }
    #
    # The replacement is "auto_header = yes".
    pap {
    auto_header = no
    }

    # CHAP module
    chap {
    authtype = PAP
    }
    pam {
    pam_auth = radiusd
    }
    unix {
    # Cache /etc/passwd, /etc/shadow, and /etc/grou
    # cache = yes
    # Reload the cache every 600 seconds (10mins). 0 to disable.
    # cache_reload = 600
    # Define the locations of the normal passwd, shadow, and
    # passwd = /etc/passwd
    # shadow = /etc/shadow
    # radwtmp = ${logdir}/radwtmp
    }
    $INCLUDE ${confdir}/eap.conf
    mschap {
    #use_mppe = no
    #require_encryption = yes
    #require_strong = yes
    #with_ntdomain_hack = no
    #ntlm_auth = "/path/to/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{User-Name:-None}} --challenge=%{mschap:Challenge:-00} --$
    }
    ldap {
    server = "ldap.your.domain"
    basedn = "o=My Org,c=UA"
    filter = "(uid=%{Stripped-User-Name:-%{User-Name}})"
    start_tls = no
    access_attr = "dialupAccess"
    dictionary_mapping = ${raddbdir}/ldap.attrmap
    ldap_connections_number = 5
    edir_account_policy_check=no
    #
    # groupname_attribute = cn
    # groupmembership_filter = "(|(&(objectClass=GroupOfNames)(member=%{Ldap-UserDn}))(&(objectClass=GroupOfUniqueNames)(uniquemember=%{Ldap-User$
    # groupmembership_attribute = radiusGroupName
    timeout = 4
    timelimit = 3
    net_timeout = 1
    # compare_check_items = yes
    # do_xlat = yes
    # access_attr_used_for_allow = yes
    # allowed values: {no, yes}
    # set_auth_type = yes
    }
    #passwd etc_smbpasswd {
    # filename = /etc/smbpasswd
    # format = "*User-Name::LM-Password:NT-Password:SMB-Account-CTRL-TEXT::"
    # authtype = MS-CHAP
    # hashsize = 100
    # ignorenislike = no
    # allowmultiplekeys = no
    #}

    # Similar configuration, for the /etc/group file. Adds a Group-Name
    #
    #passwd etc_group {
    # filename = /etc/group
    # format = "=Group-Name:::*,User-Name"
    # hashsize = 50
    # ignorenislike = yes
    # allowmultiplekeys = yes
    # delimiter = ":"
    realm IPASS {
    format = prefix
    delimiter = "/"
    ignore_default = no
    ignore_null = no
    }
    realm suffix {
    format = suffix
    delimiter = "@"
    ignore_default = no
    ignore_null = no
    }
    realm realmpercent {
    format = suffix
    delimiter = "%"
    ignore_default = no
    ignore_null = no
    }

    realm ntdomain {
    format = prefix
    delimiter = "\\"
    ignore_default = no
    ignore_null = no
    }
    checkval {
    # The attribute to look for in the request
    item-name = Calling-Station-Id
    check-name = Calling-Station-Id
    # string,integer,ipaddr,date,abinary,octets
    data-type = string
    }
    preprocess {
    huntgroups = ${confdir}/huntgroups
    hints = ${confdir}/hints
    with_ascend_hack = no
    ascend_channels_per_line = 23
    with_ntdomain_hack = no
    with_specialix_jetstream_hack = no
    with_cisco_vsa_hack = no
    }

    files {
    usersfile = ${confdir}/users
    acctusersfile = ${confdir}/acct_users
    preproxy_usersfile = ${confdir}/preproxy_users
    compat = no
    }
    detail {
    detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
    detailperm = 0600
    }
    # sql_log {
    # }
    acct_unique {
    key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
    }
    $INCLUDE ${confdir}/sql.conf
    radutmp {
    # Where the file is stored. It's not a log file,
    # so it doesn't need rotating.
    #
    filename = ${logdir}/radutmp
    username = %{User-Name}
    case_sensitive = yes
    check_with_nas = yes
    callerid = "yes"
    }
    radutmp sradutmp {
    filename = ${logdir}/sradutmp
    perm = 0644
    callerid = "no"
    }

    attr_filter {
    attrsfile = ${confdir}/attrs
    }

    counter daily {
    filename = ${raddbdir}/db.daily
    key = User-Name
    count-attribute = Acct-Session-Time
    reset = daily
    counter-name = Daily-Session-Time
    check-name = Max-Daily-Session
    allowed-servicetype = Framed-User
    cache-size = 5000
    }
    sqlcounter dailycounter {
    counter-name = Daily-Session-Time
    check-name = Max-Daily-Session
    reply-name = Session-Timeout
    sqlmod-inst = sql
    key = User-Name
    reset = daily
    query = "SELECT SUM(AcctSessionTime - \
    GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
    FROM radacct WHERE UserName='%{%k}' AND \
    UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    }
    sqlcounter monthlycounter {
    counter-name = Monthly-Session-Time
    check-name = Max-Monthly-Session
    reply-name = Session-Timeout
    sqlmod-inst = sql
    key = User-Name
    reset = monthly
    query = "SELECT SUM(AcctSessionTime - \
    GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
    FROM radacct WHERE UserName='%{%k}' AND \
    UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
    always fail {
    rcode = fail
    }
    always reject {
    rcode = reject
    }
    always ok {
    rcode = ok
    simulcount = 0
    mpp = no
    }
    expr {
    }
    digest {
    }
    exec {
    wait = yes
    input_pairs = request
    }
    exec echo {
    wait = yes
    program = "/bin/echo %{User-Name}"
    input_pairs = request
    output_pairs = reply
    }
    ippool main_pool {
    range-start = 192.168.1.1
    range-stop = 192.168.3.254
    netmask = 255.255.255.0
    cache-size = 800

    ip-index = ${raddbdir}/db.ipindex
    override = no
    maximum-timeout = 0
    }
    session-db = ${raddbdir}/db.ippool
    }
    instantiate {
    exec
    expr
    # daily
    }
    authorize {
    preprocess# auth_log
    # attr_filter
    #chap
    mschap
    # digest
    suffix
    # ntdomain
    # See "Authorization Queries" in sql.conf
    sql
    # etc_smbpasswd
    # ldap# daily
    # checkval
    pap
    }
    authenticate {
    Auth-Type PAP {
    pap
    }
    Auth-Type CHAP {
    chap
    }
    Auth-Type MS-CHAP {
    mschap
    }
    unix

    # Auth-Type LDAP {
    # ldap
    # }
    # eap
    }
    preacct {
    preprocess
    # acct_unique
    # IPASS
    # suffix
    # ntdomain
    files
    }
    accounting {
    # detail
    # daily

    # unix

    # main_pool
    # sqlippool

    # See "Accounting queries" in sql.conf
    sql

    # sql_log

    # pgsql-voip

    }
    session {
    # radutmp
    # See "Simultaneous Use Checking Querie" in sql.conf
    sql
    }
    post-auth {
    # main_pool
    # sqlippool
    # reply_log
    # See "Authentication Logging Queries" in sql.conf
    sql# sql_log
    # ldap
    # Post-Auth-Type REJECT {
    # insert-module-name-here
    # }pre-proxy {
    # attr_rewrite
    # files
    # pre_proxy_log
    }
    post-proxy {
    # post_proxy_log
    # attr_rewrite
    # attr_filter
    eap
    }

  2. Qual seria o problema que estou tendo como freeradius e com o mysql?



  3. ola pessoal..alguem pode me ajudar...

    radiusd -X

    me retorna um erro assim:

    Module: Library search path is /usr/local/lib
    radiusd.conf[1600] Failed to link to module 'rlm_exec': rlm_exec.a: cannot open shared object file: No such file or directory

    ja olhei no /usr/local/lib e esta lah o arquivo rlm_exec.a

    nao sei o q é...ja usei o ./configure --disable-shared

    mas nao sei o q é...

    espero ajudas..obrigado.






Tópicos Similares

  1. problema com freeradius no mandriva 2008
    Por guezth no fórum Servidores de Rede
    Respostas: 5
    Último Post: 02-04-2008, 13:19
  2. Problemas com o freeradius 1.05
    Por thilupas no fórum Servidores de Rede
    Respostas: 0
    Último Post: 03-05-2007, 09:40
  3. Problemas com Freeradius 1.05
    Por japaeye4u no fórum Servidores de Rede
    Respostas: 0
    Último Post: 15-09-2005, 17:42
  4. Problema com freeradius
    Por sarna no fórum Servidores de Rede
    Respostas: 1
    Último Post: 29-04-2005, 14:52
  5. Problemas com FreeRadius e MySql
    Por TheHawk no fórum Servidores de Rede
    Respostas: 0
    Último Post: 08-03-2005, 09:00

Visite: BR-Linux ·  VivaOLinux ·  Dicas-L