radius.conf.5 (50476) | radius.conf.5 (52709) |
---|---|
1.\" Copyright 1998 Juniper Networks, Inc. 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" | 1.\" Copyright 1998 Juniper Networks, Inc. 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. --- 8 unchanged lines hidden (view full) --- 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" |
25.\" $FreeBSD: head/lib/libradius/radius.conf.5 50476 1999-08-28 00:22:10Z peter $ | 25.\" $FreeBSD: head/lib/libradius/radius.conf.5 52709 1999-10-31 04:47:59Z jdp $ |
26.\" | 26.\" |
27.Dd July 29, 1998 | 27.Dd October 30, 1999 |
28.Dt RADIUS.CONF 5 29.Os FreeBSD 30.Sh NAME 31.Nm radius.conf 32.Nd RADIUS client configuration file 33.Sh SYNOPSIS 34.Pa /etc/radius.conf 35.Sh DESCRIPTION 36.Nm 37contains the information necessary to configure the RADIUS client 38library. It is parsed by 39.Xr rad_config 3 . 40The file contains one or more lines of text, each describing a 41single RADIUS server which will be used by the library. Leading 42white space is ignored, as are empty lines and lines containing 43only comments. 44.Pp | 28.Dt RADIUS.CONF 5 29.Os FreeBSD 30.Sh NAME 31.Nm radius.conf 32.Nd RADIUS client configuration file 33.Sh SYNOPSIS 34.Pa /etc/radius.conf 35.Sh DESCRIPTION 36.Nm 37contains the information necessary to configure the RADIUS client 38library. It is parsed by 39.Xr rad_config 3 . 40The file contains one or more lines of text, each describing a 41single RADIUS server which will be used by the library. Leading 42white space is ignored, as are empty lines and lines containing 43only comments. 44.Pp |
45A RADIUS server is described by two to four fields on a line. The 46fields are separated by white space. The | 45A RADIUS server is described by three to five fields on a line: 46.Pp 47.Bl -item -offset indent -compact 48.It 49Service type 50.It 51Server host 52.It 53Shared secret 54.It 55Timeout 56.It 57Retries 58.El 59.Pp 60The fields are separated by white space. The |
47.Ql # 48character at the beginning of a field begins a comment, which extends 49to the end of the line. A field may be enclosed in double quotes, 50in which case it may contain white space and/or begin with the 51.Ql # 52character. Within a quoted string, the double quote character can 53be represented by 54.Ql \e\&" , 55and the backslash can be represented by 56.Ql \e\e . 57No other escape sequences are supported. 58.Pp | 61.Ql # 62character at the beginning of a field begins a comment, which extends 63to the end of the line. A field may be enclosed in double quotes, 64in which case it may contain white space and/or begin with the 65.Ql # 66character. Within a quoted string, the double quote character can 67be represented by 68.Ql \e\&" , 69and the backslash can be represented by 70.Ql \e\e . 71No other escape sequences are supported. 72.Pp |
59The first field specifies | 73.Pp 74The first field gives the service type, either 75.Ql auth 76for RADIUS authentication or 77.Ql acct 78for RADIUS accounting. If a single server provides both services, two 79lines are required in the file. Earlier versions of this file did 80not include a service type. For backward compatibility, if the first 81field is not 82.Ql auth 83or 84.Ql acct 85the library behaves as if 86.Ql auth 87were specified, and interprets the fields in the line as if they 88were fields two through five. 89.Pp 90The second field specifies |
60the server host, either as a fully qualified domain name or as a 61dotted-quad IP address. The host may optionally be followed by a 62.Ql \&: 63and a numeric port number, without intervening white space. If the 64port specification is omitted, it defaults to the 65.Ql radius | 91the server host, either as a fully qualified domain name or as a 92dotted-quad IP address. The host may optionally be followed by a 93.Ql \&: 94and a numeric port number, without intervening white space. If the 95port specification is omitted, it defaults to the 96.Ql radius |
97or 98.Ql radacct |
|
66service in the 67.Pa /etc/services | 99service in the 100.Pa /etc/services |
68file, or to the standard RADIUS port 1812 if there is no such entry in 69.Pa /etc/services . | 101file for service types 102.Ql auth 103and 104.Ql acct , 105respectively. 106If no such entry is present, the standard ports 1812 and 1813 are 107used. |
70.Pp | 108.Pp |
71The second field contains the shared secret, which should be known | 109The third field contains the shared secret, which should be known |
72only to the client and server hosts. It is an arbitrary string of 73characters, though it must be enclosed in double quotes if it 74contains white space. The shared secret may be 75any length, but the RADIUS protocol uses only the first 128 76characters. N.B., some popular RADIUS servers have bugs which 77prevent them from working properly with secrets longer than 16 78characters. 79.Pp | 110only to the client and server hosts. It is an arbitrary string of 111characters, though it must be enclosed in double quotes if it 112contains white space. The shared secret may be 113any length, but the RADIUS protocol uses only the first 128 114characters. N.B., some popular RADIUS servers have bugs which 115prevent them from working properly with secrets longer than 16 116characters. 117.Pp |
80The third field contains a decimal integer specifying the timeout in | 118The fourth field contains a decimal integer specifying the timeout in |
81seconds for receiving a valid reply from the server. If this field 82is omitted, it defaults to 3 seconds. 83.Pp | 119seconds for receiving a valid reply from the server. If this field 120is omitted, it defaults to 3 seconds. 121.Pp |
84The fourth field contains a decimal integer specifying the maximum | 122The fifth field contains a decimal integer specifying the maximum |
85number of attempts that will be made to authenticate with the server 86before giving up. If omitted, it defaults to 3 attempts. Note, 87this is the total number of attempts and not the number of retries. 88.Pp | 123number of attempts that will be made to authenticate with the server 124before giving up. If omitted, it defaults to 3 attempts. Note, 125this is the total number of attempts and not the number of retries. 126.Pp |
89Up to 10 RADIUS servers may be specified. The servers are tried in | 127Up to 10 RADIUS servers may be specified for each service type. 128The servers are tried in |
90round-robin fashion, until a valid response is received or the 91maximum number of tries has been reached for all servers. 92.Pp 93The standard location for this file is 94.Pa /etc/radius.conf . 95But an alternate pathname may be specified in the call to 96.Xr rad_config 3 . 97Since the file contains sensitive information in the form of the 98shared secrets, it should not be readable except by root. 99.Sh FILES 100.Pa /etc/radius.conf 101.Sh EXAMPLES 102.Bd -literal 103# A simple entry using all the defaults: | 129round-robin fashion, until a valid response is received or the 130maximum number of tries has been reached for all servers. 131.Pp 132The standard location for this file is 133.Pa /etc/radius.conf . 134But an alternate pathname may be specified in the call to 135.Xr rad_config 3 . 136Since the file contains sensitive information in the form of the 137shared secrets, it should not be readable except by root. 138.Sh FILES 139.Pa /etc/radius.conf 140.Sh EXAMPLES 141.Bd -literal 142# A simple entry using all the defaults: |
104radius1.domain.com OurLittleSecret | 143acct radius1.domain.com OurLittleSecret |
105 106# A server still using the obsolete RADIUS port, with increased 107# timeout and maximum tries: | 144 145# A server still using the obsolete RADIUS port, with increased 146# timeout and maximum tries: |
108auth.domain.com:1645 "I can't see you, but I know you're there" 5 4 | 147auth auth.domain.com:1645 "I can't see you" 5 4 |
109 110# A server specified by its IP address: | 148 149# A server specified by its IP address: |
111192.168.27.81 $X*#..38947ax-+= | 150auth 192.168.27.81 $X*#..38947ax-+= |
112.Ed 113.Sh SEE ALSO 114.Xr libradius 3 115.Rs 116.%A C. Rigney, et al 117.%T Remote Authentication Dial In User Service (RADIUS) 118.%O RFC 2138 119.Re | 151.Ed 152.Sh SEE ALSO 153.Xr libradius 3 154.Rs 155.%A C. Rigney, et al 156.%T Remote Authentication Dial In User Service (RADIUS) 157.%O RFC 2138 158.Re |
159.Rs 160.%A C. Rigney 161.%T RADIUS Accounting 162.%O RFC 2139 163.Re |
|
120.Sh AUTHORS 121This documentation was written by 122.An John Polstra , 123and donated to the FreeBSD project by Juniper Networks, Inc. | 164.Sh AUTHORS 165This documentation was written by 166.An John Polstra , 167and donated to the FreeBSD project by Juniper Networks, Inc. |