smradiusd.conf
[server]
user
User to run this daemon as:
user=user
group
group=group
pid_file
Filename to store pid of parent process:
pid_file=/var/run/smradius/smradiusd.pid
cache_file
File name to store cache:
cache_file=/var/run/smradius/cache
background
Prevent smradiusd from going into the background:
background=no
Preforking configuration
- min_server - Minimum servers to keep around
- min_spare_servers - Minimum spare servers to keep around ready to handle requests
- max_spare_servers - Maximum spare servers to have around doing nothing
- max_servers - Maximum servers alltogether
- max_requests - Maximum number of requests each child will serve
One may want to use the following as a rough guidelineā¦
- Small : 2, 2, 4, 10, 1000
- Medium: 4, 4, 12, 25, 1000
- Large : 8, 8, 16, 64, 1000
min_servers=4 min_spare_servers=4 max_spare_servers=12 max_servers=25 max_requests=1000
log_level
Specify the level of logging to use when smradius is running:
- 0 - Errors only
- 1 - Warnings and errors
- 2 - Notices, warnings, errors
- 3 - Info, notices, warnings, errors
- 4 - Debugging
log_level=2
log_file
File to log to instead of stdout:
log_file=/var/log/smradiusd.log
log_detail
Things to log in extreme detail:
- modules - Log detailed module running information
There is no default for this configuration option. Options can be separated by commas:
log_detail=modules
host
IP to listen on, * for all:
host=*
timeout
Timeout in communication with clients:
timeout=120
cidr_allow/cidr_deny
Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny or the client connection will be closed.
cidr_allow=0.0.0.0/0 #cidr_deny=
event_timezone
Event timestamp timezone, in "Continent/City" format, defaults to "GMT":
event_timezone=GMT
[radius]
use_packet_timestamp
Use packet timestamp, if unset, the default is to use the server timestamp at the moment the packet is received, default is "no".
Not all routers keep time, it may occur that some routers depend on getting date & time apon reboot from an ntp server. The problem will arise when the router cannot get the date and time before the first user logs in resulting in sessions with a period key in the current month but an event timestamp in 1970.
use_packet_timestamp=yes
use_abuse_prevention
Radius server abuse prevention.
Abuse prevention will drop packets which flood the radius server, or are duplicated in a short timeframe. You probably want this if you are not being fed by a radius proxy. Defaults to "no".
use_abuse_prevention=yes
access_request_abuse_threshold
How fast can a NAS spam the same type of request:
- Access-Request defaults to 10s
access_request_abuse_threshold=10
- Accounting-Request defaults to 5s
accounting_request_abuse_threshold=5
[database]
DSN/Username/Password
#DSN=DBI:SQLite:dbname=smradius.sqlite DSN=DBI:mysql:database=smradius;host=localhost Username=root Password=
bypass_mode
What do we do when we have a database connection problem:
- tempfail - Return temporary failure
- pass - Return success
bypass_mode=tempfail
bypass_timeout
How many seconds before retrying a DB connection:
bypass_timeout=5
accounting_usage_cache_time
How long to cache the usage query for, default is "300" (seconds). You can use "no", "0", "false" to disable, specify a number > 1, or use "yes", "1", "true" to enable with the default value.
accounting_usage_cache_time=300
userdb_data_cache_time
How long to cache the data query for default is "300" (seconds). You can use "no", "0", "false" to disable, specify a number > 1, or use "yes", "1", "true" to enable with the default value.
userdb_data_cache_time=300