; An example configuration for 
; RADIUS authentication using RadAliasAuth module
;
; Author:
;  Michal Zygmuntowicz <m.zygmuntowicz@onet.pl>

; Standard stuff
[Gatekeeper::Main]
Fortytwo=42
TimeToLive=600

[RoutedMode]
GKRouted=1
H245Routed=0
CallSignalPort=1720

[GkStatus::Auth]
rule=allow

; Put RadAliasAuth entry if RADIUS authentication
; should be used (you may also put additional
; entries for other authenticators)

; Currently only RRQ, ARQ and Setup are supported
[Gatekeeper::Auth]
RadAliasAuth=required;RRQ,ARQ
;RadAliasAuth=sufficient;RRQ
;RadAliasAuth=optional;ARQ
;RadAliasAuth=required;Setup
default=allow

; Configuration section for RadAuth authenticator module
[RadAliasAuth]

; List of RADIUS servers separated by ';'. Server name
; is specified as:
;	<DNS or IP>[:auth_port[:acct_port[:secret]]]
; if port is ommited, default is taken from:
;	1. DefaultAuthPort key;
;	2. /etc/services ('radius') if 1. not specified.
Servers=123.123.123.1:1645;123.123.123.2;radius1.mycompany.com
;Servers=192.168.1.1:1812:1813:secret1;192.168.2.1:1812:1813:secret2

; Local network interface address that RADIUS client should use
; when communicating with RADIUS server. Leave empty (not set)
; to be able to communicate with RADIUS servers on different
; subnets.
LocalInterface=192.168.0.1

; By default (if this option is not set) RADIUS client
; allocates ports dynamically as specified by the operating system.
; If you want to restrict RADIUS client to use only some
; port range - set this parameter
RadiusPortRange=10000-11000

; Default port where non-accounting packets will be sent to.
; Overrides /etc/services and can be overriden in Servers key
; for particular RADIUS servers
DefaultAuthPort=1645

; Secret shared between the GNU Gk (NAS) and a RADIUS servers.
; Should be a cryptographically-strong password
; You can override this setting by setting a secret in the Servers line
SharedSecret=0wnd239eqhq!*kajw821osa

; Timeout value (ms) for a single RADIUS request
RequestTimeout=2000

; Time interval (ms) for RADIUS requests identifiers to be unique
IdCacheTimeout=9000

; Timeout value (ms) for unused RADIUS sockets to be deleted
SocketDeleteTimeout=60000

; Number of request retransmissions per RADIUS server (1==no retransmission)
RequestRetransmissions=2

; How requests should be retransmitted
; 0: Server A attempt #1, ..., Server A attempt #RequestRetransmissions;
;	 Server B attempt #1, ..., Server B attempt #RequestRetransmissions;
;	 ...
; 1: Server A attempt #1, Server B attempt #1, ...
;	 ...
;	 Server A attempt #RequestRetransmissions, Server B attempt #RequestRetransmissions, ...
RoundRobinServers=1

; Set to 1 if RADIUS packets should contain Cisco VSAs
; (h323-conf-id,h323-call-type,h323-call-origin,etc.)
AppendCiscoAttributes=1

; Set to 1 if RADIUS packets should contain a Cisco h323-ivr-out VSA
; containing a list of all aliases the endpoint wishes to register
; AppendCiscoAttributes must be set to 1 above.
IncludeTerminalAliases=1

; If not set, approtiate alias it extracted from RRQ or ARQ.
; Otherwise, this string is used as User-Name attribute
; for outgoing RADIUS requests
FixedUsername=

; If not set, User-Password attribute is set to the value
; copied from User-Name (example: if User-Name="user1",
; then User-Password="user1" too).
; Otherwise, this string is used as User-Password attribute
; for outgoing RADIUS requests
FixedPassword=

; Choose between the original dialed number and the rewritten one
UseDialedNumber=0


;; A typical configuration:
;;
;[RadAliasAuth]
;Servers=192.168.1.1
;DefaultAuthPort=1812
;SharedSecret=testing123
;RequestTimeout=2500
;RequestRetransmissions=4
;RoundRobinServers=1
;AppendCiscoAttributes=1
;IncludeTerminalAliases=0
;FixedPassword=dummy

; EOF