Index Index for
Section 5
Index Alphabetical
listing for R
Bottom of page Bottom of
page		 

RADIUS.CONF(5)


NAME

  radius.conf - Configuration for nnrpd RADIUS authenticator


DESCRIPTION

  This describes the format and attributes of the configuration file for the
  nnrpd RADIUS authenticator.  See radius(1) for more information about the
  authenticator program.  The default location for this file is radius.conf
  in pathetc.

  Blank lines and lines beginning with "#" are ignored, as is anything after
  a "#" on a line.  All other lines should begin with a parameter name
  followed by a colon and the value of that key.  The available parameters
  are:

  radhost
      The hostname of the RADIUS server to use for authentication.  This
      parameter must be set.

  radport
      The port to query on the RADIUS server.  Defaults to 1645 if not set.

  lochost
      The hostname or IP address making the request.  The RADIUS server
      expects an IP address; a hostname will be translated into an IP address
      with gethostbyname().  If not given, this information isn't included in
      the request (not all RADIUS setups require this information).

  locport
      The port the client being authenticated is connecting to.	 If not
      given, defaults to 119.  This doesn't need to be set unless readers are
      connecting to a non-standard port.

  secret
      The shared secret with the RADIUS server.	 Be careful not to include a
      "#" in your secret, since this will be taken to be the beginning of a
      comment rather than part of the secret.  This parameter must be set.

  prefix
      Prepend the value of this parameter to all usernames before passing
      them to the RADIUS server.  Can be used to prepend something like
      "news-" to all usernames in order to put news users into a different
      namespace from other accounts served by the same server.	If not set,
      nothing is prepended.

  suffix
      Append the value of this parameter to all usernames before passing them
      to the RADIUS server.  This is often something like "@example.com",
      depending on how your RADIUS server is set up.  If not set, nothing is
      appended.

  ignore-source
      Can be set to "true" or "false".	If set to false, the RADIUS
      authenticator will check to ensure that the response it receives is
      from the same IP address as it sent the request to (for some added
      security).  If set to true, it will skip this verification check (if
      your RADIUS server has multiple IP addresses or if other odd things are
      going on, it may be perfectly normal for the response to come from a
      different IP address).


EXAMPLE

  Here is a configuration for a news server named news.example.com,
  authenticating users against radius.example.com and appending
  "@example.com" to all client-supplied usernames before passing them to the
  RADIUS server:

      radhost: radius.example.com
      lochost: news.example.com
      secret: IamARADIUSsecRET
      suffix: @example.com

  The shared secret with the RADIUS server is "IamARADIUSsecRET".


HISTORY

  This documentation was written by Russ Allbery <rra@stanford.edu> based on
  the comments in the sample radius.conf file by Yury B. Razbegin.

  $Id: radius.conf.5,v 1.2 2002/12/03 05:31:11 vinocur Exp $


SEE ALSO

  radius(1)

Index Index for
Section 5
Index Alphabetical
listing for R
Top of page Top of
page