; An example configuration for ; RADIUS authentication using RadAuth module ; ; Author: ; Michal Zygmuntowicz <m.zygmuntowicz@onet.pl> ; Standard stuff [Gatekeeper::Main] Fortytwo=42 TimeToLive=600 [RoutedMode] GKRouted=1 H245Routed=0 [GkStatus::Auth] rule=allow ; Put RadAuth entry if RADIUS authentication ; should be used (you may also put additional ; entries for other authenticators) ; Currently only RRQ, ARQ and Setup are supported [Gatekeeper::Auth] RadAuth=required;RRQ,ARQ default=allow ;RadAuth=sufficient;RRQ ;RadAuth=optional;ARQ ; Configuration section for RadAuth authenticator module [RadAuth] ; List of RADIUS servers separated by ';'. Server name ; is specified as: ; <DNS or IP>[:auth_port] ; if port is ommited, default is taken from: ; 1. DefaultAuthPort key; ; 2. /etc/services ('radius') if 1. not specified. Servers=192.168.1.1:1645;192.168.1.2;radius1.mycompany.com ; Local network interface address that RADIUS client should use ; when communicating with RADIUS server. Leave empty (not set) ; to be able to communicate with RADIUS servers on different ; subnets. LocalInterface=192.168.0.1 ; By default (if this option is not set) RADIUS client ; allocates ports dynamically as specified by the operating system. ; If you want to restrict RADIUS client to use only some ; port range - set this parameter RadiusPortRange=10000-11000 ; Default port where non-accounting packets will be sent to. ; Overrides /etc/services and can be overriden in Servers key ; for particular RADIUS servers DefaultAuthPort=1645 ; Secret shared between the GNU Gk (NAS) and a RADIUS servers. ; Should be a cryptographically-strong password SharedSecret=0wnd239eqhq!*kajw821osa ; Timeout value (ms) for a single RADIUS request RequestTimeout=2000 ; Time interval (ms) for RADIUS requests identifiers to be unique IdCacheTimeout=9000 ; Timeout value (ms) for unused RADIUS sockets to be deleted SocketDeleteTimeout=60000 ; Number of request retransmissions per RADIUS server (1==no retransmission) RequestRetransmissions=2 ; How requests should be retransmitted ; 0: Server A attempt #1, ..., Server A attempt #RequestRetransmissions; ; Server B attempt #1, ..., Server B attempt #RequestRetransmissions; ; ... ; 1: Server A attempt #1, Server B attempt #1, ... ; ... ; Server A attempt #RequestRetransmissions, Server B attempt #RequestRetransmissions, ... RoundRobinServers=1 ; Set to 1 if RADIUS packets should contain Cisco VSAs ; (h323-conf-id,h323-call-type,h323-call-origin,etc.) AppendCiscoAttributes=1 ; Set to 1 if RADIUS packets should contain a Cisco h323-ivr-out VSA ; containing a list of all aliases the endpoint wishes to register ; AppendCiscoAttributes must be set to 1 above. IncludeTerminalAliases=1 ; Choose between the original dialed number and the rewritten one UseDialedNumber=0 ;; A typical configuration: ;; ;[RadAuth] ;Servers=192.168.1.1 ;DefaultAuthPort=1812 ;SharedSecret=testing123 ;RequestTimeout=2500 ;RequestRetransmissions=4 ;RoundRobinServers=1 ;AppendCiscoAttributes=1 ;IncludeTerminalAliases=0 ; EOF