| 1 | # General settings |
|---|
| 2 | |
|---|
| 3 | # specify which authentication comes first respectively which |
|---|
| 4 | # authentication is used. possible values are: "radius" and "local". |
|---|
| 5 | # if you specify "radius,local" then the RADIUS server is asked |
|---|
| 6 | # first then the local one. if only one keyword is specified only |
|---|
| 7 | # this server is asked. |
|---|
| 8 | auth_order radius,local |
|---|
| 9 | |
|---|
| 10 | # maximum login tries a user has |
|---|
| 11 | login_tries 4 |
|---|
| 12 | |
|---|
| 13 | # timeout for all login tries |
|---|
| 14 | # if this time is exceeded the user is kicked out |
|---|
| 15 | login_timeout 60 |
|---|
| 16 | |
|---|
| 17 | # name of the nologin file which when it exists disables logins. |
|---|
| 18 | # it may be extended by the ttyname which will result in |
|---|
| 19 | # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable |
|---|
| 20 | # logins on /dev/ttyS2) |
|---|
| 21 | nologin /etc/nologin |
|---|
| 22 | |
|---|
| 23 | # name of the issue file. it's only display when no username is passed |
|---|
| 24 | # on the radlogin command line |
|---|
| 25 | issue /etc/radiusclient/issue |
|---|
| 26 | |
|---|
| 27 | # RADIUS settings |
|---|
| 28 | |
|---|
| 29 | # RADIUS server to use for authentication requests. this config |
|---|
| 30 | # item can appear more then one time. if multiple servers are |
|---|
| 31 | # defined they are tried in a round robin fashion if one |
|---|
| 32 | # server is not answering. |
|---|
| 33 | # optionally you can specify a the port number on which is remote |
|---|
| 34 | # RADIUS listens separated by a colon from the hostname. if |
|---|
| 35 | # no port is specified /etc/services is consulted of the radius |
|---|
| 36 | # service. if this fails also a compiled in default is used. |
|---|
| 37 | authserver localhost |
|---|
| 38 | |
|---|
| 39 | # RADIUS server to use for accouting requests. All that I |
|---|
| 40 | # said for authserver applies, too. |
|---|
| 41 | # |
|---|
| 42 | acctserver localhost |
|---|
| 43 | |
|---|
| 44 | # file holding shared secrets used for the communication |
|---|
| 45 | # between the RADIUS client and server |
|---|
| 46 | servers /etc/radiusclient/servers |
|---|
| 47 | |
|---|
| 48 | # dictionary of allowed attributes and values |
|---|
| 49 | # just like in the normal RADIUS distributions |
|---|
| 50 | dictionary /etc/radiusclient/dictionary |
|---|
| 51 | |
|---|
| 52 | # program to call for a RADIUS authenticated login |
|---|
| 53 | login_radius /usr/sbin/login.radius |
|---|
| 54 | |
|---|
| 55 | # file which holds sequence number for communication with the |
|---|
| 56 | # RADIUS server |
|---|
| 57 | seqfile /var/run/radius.seq |
|---|
| 58 | |
|---|
| 59 | # file which specifies mapping between ttyname and NAS-Port attribute |
|---|
| 60 | mapfile /etc/radiusclient/port-id-map |
|---|
| 61 | |
|---|
| 62 | # default authentication realm to append to all usernames if no |
|---|
| 63 | # realm was explicitly specified by the user |
|---|
| 64 | # the radiusd directly form Livingston doesnt use any realms, so leave |
|---|
| 65 | # it blank then |
|---|
| 66 | default_realm |
|---|
| 67 | |
|---|
| 68 | # time to wait for a reply from the RADIUS server |
|---|
| 69 | radius_timeout 10 |
|---|
| 70 | |
|---|
| 71 | # resend request this many times before trying the next server |
|---|
| 72 | radius_retries 3 |
|---|
| 73 | |
|---|
| 74 | # LOCAL settings |
|---|
| 75 | |
|---|
| 76 | # program to execute for local login |
|---|
| 77 | # it must support the -f flag for preauthenticated login |
|---|
| 78 | login_local /bin/login |
|---|
