smradiusd.conf

[server]

User to run this daemon as:

user=user
group=group

Filename to store pid of parent process:

pid_file=/var/run/smradius/smradiusd.pid

File name to store cache:

cache_file=/var/run/smradius/cache

background

Prevent smradiusd from going into the background:

background=no
  • min_server - Minimum servers to keep around
  • min_spare_servers - Minimum spare servers to keep around ready to handle requests
  • max_spare_servers - Maximum spare servers to have around doing nothing
  • max_servers - Maximum servers alltogether
  • max_requests - Maximum number of requests each child will serve

One may want to use the following as a rough guidelineā€¦

  • Small : 2, 2, 4, 10, 1000
  • Medium: 4, 4, 12, 25, 1000
  • Large : 8, 8, 16, 64, 1000
min_servers=4
min_spare_servers=4
max_spare_servers=12
max_servers=25
max_requests=1000

Specify the level of logging to use when smradius is running:

  • 0 - Errors only
  • 1 - Warnings and errors
  • 2 - Notices, warnings, errors
  • 3 - Info, notices, warnings, errors
  • 4 - Debugging
log_level=2

File to log to instead of stdout:

log_file=/var/log/smradiusd.log

Things to log in extreme detail:

  • modules - Log detailed module running information

There is no default for this configuration option. Options can be separated by commas:

log_detail=modules

IP to listen on, * for all:

host=*

Timeout in communication with clients:

timeout=120

Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny or the client connection will be closed.

cidr_allow=0.0.0.0/0
#cidr_deny=

Event timestamp timezone, in "Continent/City" format, defaults to "GMT":

event_timezone=GMT

[radius]

Use packet timestamp, if unset, the default is to use the server timestamp at the moment the packet is received, default is "no".

Not all routers keep time, it may occur that some routers depend on getting date & time apon reboot from an ntp server. The problem will arise when the router cannot get the date and time before the first user logs in resulting in sessions with a period key in the current month but an event timestamp in 1970.

use_packet_timestamp=yes

Radius server abuse prevention.

Abuse prevention will drop packets which flood the radius server, or are duplicated in a short timeframe. You probably want this if you are not being fed by a radius proxy. Defaults to "no".

use_abuse_prevention=yes

How fast can a NAS spam the same type of request:

  • Access-Request defaults to 10s
  • access_request_abuse_threshold=10
  • Accounting-Request defaults to 5s
  • accounting_request_abuse_threshold=5

[database]

#DSN=DBI:SQLite:dbname=smradius.sqlite
DSN=DBI:mysql:database=smradius;host=localhost
Username=root
Password=

What do we do when we have a database connection problem:

  • tempfail - Return temporary failure
  • pass - Return success
bypass_mode=tempfail

How many seconds before retrying a DB connection:

bypass_timeout=5

How long to cache the usage query for, default is "300" (seconds). You can use "no", "0", "false" to disable, specify a number > 1, or use "yes", "1", "true" to enable with the default value.

accounting_usage_cache_time=300

How long to cache the data query for default is "300" (seconds). You can use "no", "0", "false" to disable, specify a number > 1, or use "yes", "1", "true" to enable with the default value.

userdb_data_cache_time=300