Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
smradiusd.conf [2013-05-14 23:19] – external edit 127.0.0.1 | smradiusd.conf [2016-09-27 08:33] (current) – nkukard | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | =====[server]===== | + | ====== smradiusd.conf ====== |
- | ====user==== | + | ====== [server] ====== |
- | User to run this daemon as | + | |
- | < | + | |
- | ====group==== | + | ===== user ===== |
- | < | + | |
- | ====pid_file==== | + | User to run this daemon as: |
- | Filename | + | |
- | < | + | |
- | ====cache_file==== | + | < |
- | File name to store cache | + | user=user |
- | < | + | </ |
- | ====background==== | + | ===== group ===== |
- | Prevent smradiusd from going into the background | + | |
- | < | + | < |
+ | group=group | ||
+ | </ | ||
+ | |||
+ | ===== pid_file ===== | ||
+ | |||
+ | Filename to store pid of parent process: | ||
+ | |||
+ | < | ||
+ | pid_file=/ | ||
+ | </ | ||
+ | |||
+ | ===== cache_file ===== | ||
+ | |||
+ | File name to store cache: | ||
+ | |||
+ | < | ||
+ | cache_file=/ | ||
+ | </ | ||
+ | |||
+ | ==== background | ||
+ | |||
+ | Prevent smradiusd from going into the background: | ||
+ | |||
+ | < | ||
+ | background=no | ||
+ | </ | ||
+ | |||
+ | ===== Preforking configuration ===== | ||
- | ====Preforking configuration==== | ||
* min_server - Minimum servers to keep around | * min_server - Minimum servers to keep around | ||
* min_spare_servers - Minimum spare servers to keep around ready to handle requests | * min_spare_servers - Minimum spare servers to keep around ready to handle requests | ||
Line 30: | Line 52: | ||
* Medium: 4, 4, 12, 25, 1000 | * Medium: 4, 4, 12, 25, 1000 | ||
* Large : 8, 8, 16, 64, 1000 | * Large : 8, 8, 16, 64, 1000 | ||
- | < | + | |
+ | < | ||
+ | min_servers=4 | ||
min_spare_servers=4 | min_spare_servers=4 | ||
max_spare_servers=12 | max_spare_servers=12 | ||
max_servers=25 | max_servers=25 | ||
- | max_requests=1000</ | + | max_requests=1000 |
+ | </ | ||
+ | |||
+ | ===== log_level ===== | ||
+ | |||
+ | Specify the level of logging to use when smradius is running: | ||
- | ====log_level==== | ||
- | Specify the level of logging to use when smradius is running | ||
* 0 - Errors only | * 0 - Errors only | ||
* 1 - Warnings and errors | * 1 - Warnings and errors | ||
* 2 - Notices, warnings, errors | * 2 - Notices, warnings, errors | ||
* 3 - Info, notices, warnings, errors | * 3 - Info, notices, warnings, errors | ||
- | * 4 - Debugging | + | * 4 - Debugging |
- | < | + | |
- | ====log_file==== | + | < |
- | File to log to instead of stdout | + | log_level=2 |
- | < | + | </ |
- | ====log_detail==== | + | ===== log_file |
- | Things to log in extreme detail | + | |
- | * modules - Log detailed module running information | + | |
- | There is no default for this configuration option. Options can be separated by commas | + | |
- | < | + | |
- | ====host==== | + | File to log to instead of stdout: |
- | IP to listen on, * for all | + | |
- | < | + | |
- | ====timeout==== | + | < |
- | Timeout in communication with clients | + | log_file=/ |
- | < | + | </ |
+ | |||
+ | ===== log_detail ===== | ||
+ | |||
+ | Things to log in extreme detail: | ||
+ | |||
+ | * modules - Log detailed module running information | ||
+ | |||
+ | There is no default for this configuration option. Options can be separated by commas: | ||
+ | |||
+ | < | ||
+ | log_detail=modules | ||
+ | </ | ||
+ | |||
+ | ===== host ===== | ||
+ | |||
+ | IP to listen on, * for all: | ||
+ | |||
+ | < | ||
+ | host=* | ||
+ | </ | ||
+ | |||
+ | ===== timeout | ||
+ | |||
+ | Timeout in communication with clients: | ||
+ | |||
+ | < | ||
+ | timeout=120 | ||
+ | </ | ||
+ | |||
+ | ===== cidr_allow/ | ||
- | ====cidr_allow/ | ||
Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny or the client connection will be closed. | Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny or the client connection will be closed. | ||
- | < | ||
- | # | ||
- | ====event_timezone==== | + | < |
- | Event timestamp timezone, in " | + | cidr_allow=0.0.0.0/ |
- | < | + | # |
+ | </ | ||
+ | |||
+ | ===== event_timezone | ||
+ | |||
+ | Event timestamp timezone, in " | ||
+ | |||
+ | < | ||
+ | event_timezone=GMT | ||
+ | </ | ||
+ | |||
+ | ====== [radius] ====== | ||
- | =====[radius]===== | + | ===== use_packet_timestamp |
- | ====use_packet_timestamp==== | ||
Use packet timestamp, if unset, the default is to use the server timestamp at the moment the packet is received, default is " | Use packet timestamp, if unset, the default is to use the server timestamp at the moment the packet is received, default is " | ||
- | __WARNING!!!!__ | ||
Not all routers keep time, it may occur that some routers depend on getting date & time apon reboot from an ntp server. The problem will arise when the router cannot get the date and time before the first user logs in resulting in sessions with a period key in the current month but an event timestamp in 1970. | Not all routers keep time, it may occur that some routers depend on getting date & time apon reboot from an ntp server. The problem will arise when the router cannot get the date and time before the first user logs in resulting in sessions with a period key in the current month but an event timestamp in 1970. | ||
- | < | ||
- | ====use_abuse_prevention==== | + | < |
- | Radius server abuse prevention | + | use_packet_timestamp=yes |
+ | </ | ||
+ | |||
+ | ===== use_abuse_prevention ===== | ||
+ | |||
+ | Radius server abuse prevention. | ||
Abuse prevention will drop packets which flood the radius server, or are duplicated in a short timeframe. You probably want this if you are not being fed by a radius proxy. Defaults to " | Abuse prevention will drop packets which flood the radius server, or are duplicated in a short timeframe. You probably want this if you are not being fed by a radius proxy. Defaults to " | ||
- | < | ||
- | ====access_request_abuse_threshold==== | + | < |
- | How fast can a NAS spam the same type of request | + | use_abuse_prevention=yes |
+ | </ | ||
+ | |||
+ | ===== access_request_abuse_threshold ===== | ||
+ | |||
+ | How fast can a NAS spam the same type of request: | ||
* Access-Request defaults to 10s | * Access-Request defaults to 10s | ||
* < | * < | ||
Line 94: | Line 159: | ||
* < | * < | ||
- | =====[database]===== | + | ====== [database] |
- | ====Database connection details==== | + | ===== DSN/ |
- | < | + | |
+ | < | ||
+ | # | ||
DSN=DBI: | DSN=DBI: | ||
Username=root | Username=root | ||
- | Password=</ | + | Password= |
+ | </ | ||
+ | |||
+ | ===== bypass_mode ===== | ||
+ | |||
+ | What do we do when we have a database connection problem: | ||
- | ====bypass_mode==== | ||
- | What do we do when we have a database connection problem | ||
* tempfail - Return temporary failure | * tempfail - Return temporary failure | ||
* pass - Return success | * pass - Return success | ||
- | < | ||
- | ====bypass_timeout==== | + | < |
- | How many seconds before retrying a DB connection | + | bypass_mode=tempfail |
- | < | + | </ |
+ | |||
+ | ===== bypass_timeout ===== | ||
+ | |||
+ | How many seconds before retrying a DB connection: | ||
+ | |||
+ | < | ||
+ | bypass_timeout=5 | ||
+ | </ | ||
+ | |||
+ | ===== accounting_usage_cache_time ===== | ||
+ | |||
+ | How long to cache the usage query for, default is " | ||
+ | |||
+ | < | ||
+ | accounting_usage_cache_time=300 | ||
+ | </ | ||
+ | |||
+ | ===== userdb_data_cache_time ===== | ||
- | ====accounting_usage_cache_time==== | + | How long to cache the data query for default is " |
- | How long to cache the usage query for, default is " | + | |
- | You can use " | + | |
- | < | + | |
- | ====userdb_data_cache_time==== | + | < |
- | How long to cache the data query for default is " | + | userdb_data_cache_time=300 |
- | You can use " | + | </ |
- | < | + |