3 radius.conf - Configuration for nnrpd RADIUS authenticator
7 This describes the format and attributes of the configuration file for the
8 nnrpd RADIUS authenticator. See radius(1) for more information about the
9 authenticator program. The default location for this file is
10 F<radius.conf> in I<pathetc>.
12 Blank lines and lines beginning with C<#> are ignored, as is anything
13 after a C<#> on a line. All other lines should begin with a parameter
14 name followed by a colon and the value of that key, except that each
15 section of configuration for a particular server should be enclosed in:
21 where <name> is just some convenient label for that server.
23 The available parameters are:
29 The hostname of the RADIUS server to use for authentication. This
30 parameter must be set.
34 The port to query on the RADIUS server. Defaults to 1645 if not set.
38 The hostname or IP address making the request. The RADIUS server expects
39 an IP address; a hostname will be translated into an IP address with
40 gethostbyname(). If not given, this information isn't included in the
41 request (not all RADIUS setups require this information).
45 The port the client being authenticated is connecting to. If not given,
46 defaults to 119. This doesn't need to be set unless readers are
47 connecting to a non-standard port.
51 The shared secret with the RADIUS server. If your secret includes spaces,
52 tabs, or C<#>, be sure to include it in double quotes. This parameter
57 Prepend the value of this parameter to all usernames before passing them
58 to the RADIUS server. Can be used to prepend something like C<news-> to
59 all usernames in order to put news users into a different namespace from
60 other accounts served by the same server. If not set, nothing is
65 Append the value of this parameter to all usernames before passing them to
66 the RADIUS server. This is often something like C<@example.com>,
67 depending on how your RADIUS server is set up. If not set, nothing is
70 =item I<ignore-source>
72 Can be set to C<true> or C<false>. If set to false, the RADIUS
73 authenticator will check to ensure that the response it receives is from
74 the same IP address as it sent the request to (for some added security).
75 If set to true, it will skip this verification check (if your RADIUS
76 server has multiple IP addresses or if other odd things are going on, it
77 may be perfectly normal for the response to come from a different IP
84 Here is a configuration for a news server named news.example.com,
85 authenticating users against radius.example.com and appending
86 C<@example.com> to all client-supplied usernames before passing them to
90 radhost: radius.example.com
91 lochost: news.example.com
92 secret: IamARADIUSsecRET
96 The shared secret with the RADIUS server is C<IamARADIUSsecRET>.
100 This documentation was written by Russ Allbery <rra@stanford.edu> based on
101 the comments in the sample radius.conf file by Yury B. Razbegin.
103 $Id: radius.conf.pod 6736 2004-05-16 23:06:08Z rra $