; An example configuration for ; RADIUS authentication using RadAliasAuth module ; ; Author: ; Michal Zygmuntowicz <m.zygmuntowicz@onet.pl> ; Standard stuff [Gatekeeper::Main] Fortytwo=42 TimeToLive=600 [RoutedMode] GKRouted=1 H245Routed=0 CallSignalPort=1720 [GkStatus::Auth] rule=allow ; Put RadAliasAuth entry if RADIUS authentication ; should be used (you may also put additional ; entries for other authenticators) ; Currently only RRQ, ARQ and Setup are supported [Gatekeeper::Auth] RadAliasAuth=required;RRQ,ARQ ;RadAliasAuth=sufficient;RRQ ;RadAliasAuth=optional;ARQ ;RadAliasAuth=required;Setup default=allow ; Configuration section for RadAuth authenticator module [RadAliasAuth] ; List of RADIUS servers separated by ';'. Server name ; is specified as: ; <DNS or IP>[:auth_port[:acct_port[:secret]]] ; if port is ommited, default is taken from: ; 1. DefaultAuthPort key; ; 2. /etc/services ('radius') if 1. not specified. Servers=123.123.123.1:1645;123.123.123.2;radius1.mycompany.com ;Servers=192.168.1.1:1812:1813:secret1;192.168.2.1:1812:1813:secret2 ; Local network interface address that RADIUS client should use ; when communicating with RADIUS server. Leave empty (not set) ; to be able to communicate with RADIUS servers on different ; subnets. LocalInterface=192.168.0.1 ; By default (if this option is not set) RADIUS client ; allocates ports dynamically as specified by the operating system. ; If you want to restrict RADIUS client to use only some ; port range - set this parameter RadiusPortRange=10000-11000 ; Default port where non-accounting packets will be sent to. ; Overrides /etc/services and can be overriden in Servers key ; for particular RADIUS servers DefaultAuthPort=1645 ; Secret shared between the GNU Gk (NAS) and a RADIUS servers. ; Should be a cryptographically-strong password ; You can override this setting by setting a secret in the Servers line SharedSecret=0wnd239eqhq!*kajw821osa ; Timeout value (ms) for a single RADIUS request RequestTimeout=2000 ; Time interval (ms) for RADIUS requests identifiers to be unique IdCacheTimeout=9000 ; Timeout value (ms) for unused RADIUS sockets to be deleted SocketDeleteTimeout=60000 ; Number of request retransmissions per RADIUS server (1==no retransmission) RequestRetransmissions=2 ; How requests should be retransmitted ; 0: Server A attempt #1, ..., Server A attempt #RequestRetransmissions; ; Server B attempt #1, ..., Server B attempt #RequestRetransmissions; ; ... ; 1: Server A attempt #1, Server B attempt #1, ... ; ... ; Server A attempt #RequestRetransmissions, Server B attempt #RequestRetransmissions, ... RoundRobinServers=1 ; Set to 1 if RADIUS packets should contain Cisco VSAs ; (h323-conf-id,h323-call-type,h323-call-origin,etc.) AppendCiscoAttributes=1 ; Set to 1 if RADIUS packets should contain a Cisco h323-ivr-out VSA ; containing a list of all aliases the endpoint wishes to register ; AppendCiscoAttributes must be set to 1 above. IncludeTerminalAliases=1 ; If not set, approtiate alias it extracted from RRQ or ARQ. ; Otherwise, this string is used as User-Name attribute ; for outgoing RADIUS requests FixedUsername= ; If not set, User-Password attribute is set to the value ; copied from User-Name (example: if User-Name="user1", ; then User-Password="user1" too). ; Otherwise, this string is used as User-Password attribute ; for outgoing RADIUS requests FixedPassword= ; Choose between the original dialed number and the rewritten one UseDialedNumber=0 ;; A typical configuration: ;; ;[RadAliasAuth] ;Servers=192.168.1.1 ;DefaultAuthPort=1812 ;SharedSecret=testing123 ;RequestTimeout=2500 ;RequestRetransmissions=4 ;RoundRobinServers=1 ;AppendCiscoAttributes=1 ;IncludeTerminalAliases=0 ;FixedPassword=dummy ; EOF