This is an old revision of the document!


user

User to run this daemon as

user=user

group

group=group

pid_file

Filename to store pid of parent process

pid_file=/var/run/smradius/smradiusd.pid

cache_file

File name to store cache

cache_file=/var/run/smradius/cache

background

Prevent smradiusd from going into the background

background=no

Preforking configuration

  • min_server - Minimum servers to keep around
  • min_spare_servers - Minimum spare servers to keep around ready to handle requests
  • max_spare_servers - Maximum spare servers to have around doing nothing
  • max_servers - Maximum servers alltogether
  • max_requests - Maximum number of requests each child will serve

One may want to use the following as a rough guidelineā€¦

  • Small : 2, 2, 4, 10, 1000
  • Medium: 4, 4, 12, 25, 1000
  • Large : 8, 8, 16, 64, 1000
min_servers=4
min_spare_servers=4
max_spare_servers=12
max_servers=25
max_requests=1000

log_level

Specify the level of logging to use when smradius is running

  • 0 - Errors only
  • 1 - Warnings and errors
  • 2 - Notices, warnings, errors
  • 3 - Info, notices, warnings, errors
  • 4 - Debugging
log_level=2

log_file

File to log to instead of stdout

log_file=/var/log/smradiusd.log

log_detail

Things to log in extreme detail

  • modules - Log detailed module running information

There is no default for this configuration option. Options can be separated by commas

log_detail=modules

host

IP to listen on, * for all

host=*

timeout

Timeout in communication with clients

timeout=120

cidr_allow/cidr_deny

Comma, whitespace or semi-colon separated. Contains a CIDR block to compare the clients IP to. If cidr_allow or cidr_deny options are given, the incoming client must match a cidr_allow and not match a cidr_deny or the client connection will be closed.

cidr_allow=0.0.0.0/0
#cidr_deny=

event_timezone

Event timestamp timezone, in "Continent/City" format, defaults to "GMT"

event_timezone=GMT

use_packet_timestamp

Use packet timestamp, if unset, the default is to use the server timestamp at the moment the packet is received, default is "no".

WARNING!!!! Not all routers keep time, it may occur that some routers depend on getting date & time apon reboot from an ntp server. The problem will arise when the router cannot get the date and time before the first user logs in resulting in sessions with a period key in the current month but an event timestamp in 1970.

use_packet_timestamp=yes

use_abuse_prevention

Radius server abuse prevention

Abuse prevention will drop packets which flood the radius server, or are duplicated in a short timeframe. You probably want this if you are not being fed by a radius proxy. Defaults to "no".

use_abuse_prevention=yes

access_request_abuse_threshold

How fast can a NAS spam the same type of request

  • Access-Request defaults to 10s
  • access_request_abuse_threshold=10
  • Accounting-Request defaults to 5s
  • accounting_request_abuse_threshold=5

Database connection details

#DSN=DBI:SQLite:dbname=smradius.sqlite
DSN=DBI:mysql:database=smradius;host=localhost
Username=root
Password=

bypass_mode

What do we do when we have a database connection problem

  • tempfail - Return temporary failure
  • pass - Return success
bypass_mode=tempfail

bypass_timeout

How many seconds before retrying a DB connection

bypass_timeout=5

accounting_usage_cache_time

How long to cache the usage query for, default is "300" (seconds). You can use "no", "0", "false" to disable, specify a number > 1, or use "yes", "1", "true" to enable with the default value.

accounting_usage_cache_time=300

userdb_data_cache_time

How long to cache the data query for default is "300" (seconds). You can use "no", "0", "false" to disable, specify a number > 1, or use "yes", "1", "true" to enable with the default value.

userdb_data_cache_time=300