Sophie

Sophie

distrib > Mandriva > 9.1 > i586 > by-pkgid > 452fb54f812d5eccac1ff636cca08676 > files > 36

freeradius-0.8.1-1mdk.i586.rpm

#
#  This file contains the configuration for experimental modules.
#
#  By default, it is NOT included in the build.
#
#  $Id: experimental.conf,v 1.14 2002/10/28 20:38:40 aland Exp $
#

	# Configuration for the Python module.
	#
	# Where radiusd is a Python module, radiusd.py, and the
	# function 'authorize' is called.  Here is a dummy piece
	# of code:
	# 
	#	def authorize(params):
	#	    print params
	#	    return (5, ('Reply-Message', 'banned'))
	#
	# The RADIUS value-pairs are passed as a tuple of tuple
	# pairs as the first argument, e.g. (('attribute1',
	# 'value1'), ('attribute2', 'value2'))
	#
	# The function return is a tuple with the first element
	# being the return value of the function.
	# The 5 corresponds to RLM_MODULE_USERLOCK. I plan to
	# write the return values as Python symbols to avoid
	# confusion.
	#
	# The remaining tuple members are the string form of
	# value-pairs which are passed on to pairmake().
	#
	python {
		mod_instantiate = radiusd_test
		func_instantiate = instantiate

		mod_authorize = radiusd_test
		func_authorize = authorize

		mod_accounting = radiusd_test
		func_accounting = accounting

		mod_preacct = radiusd_test
		func_preacct = preacct

		mod_detach = radiusd_test
		func_detach = detach
	}

	
	# Configuration for the example module.  Uncommenting it will cause it
	# to get loaded and initialized, but should have no real effect as long
	# it is not referencened in one of the autz/auth/preacct/acct sections
	example {
		#  Boolean variable.
		# allowed values: {no, yes}
		boolean = yes

		#  An integer, of any value.
		integer = 16

		#  A string.
		string = "This is an example configuration string"

		# An IP address, either in dotted quad (1.2.3.4) or hostname
		# (example.com)
		ipaddr = 127.0.0.1

		# A subsection
		mysubsection {
			anotherinteger = 1000
			# They nest
			deeply nested {
				string = "This is a different string"
			}
		}
	}


	#  This module is an SQL enabled version of the counter module.
	#  
	#  Rather than maintaining seperate (GDBM) databases of
	#  accounting info for each counter, this module uses the data
	#  stored in the raddacct table by the sql modules. This
	#  module NEVER does any database INSERTs or UPDATEs.  It is
	#  totally dependent on the SQL module to process Accounting
	#  packets.
	#
	#  The 'sqlmod_inst' parameter holds the instance of the sql
	#  module to use when querying the SQL database. Normally it
	#  is just "sql".  If you define more and one SQL module
	#  instance (usually for failover situations), you can
	#  specify which module has access to the Accounting Data
	#  (radacct table).
	#
	#  The 'reset' parameter defines when the counters are all
	#  reset to zero.  It can be hourly, daily, weekly, monthly or
	#  never.  It can also be user defined. It should be of the
	#  form:
	#  	num[hdwm] where:
	#  	h: hours, d: days, w: weeks, m: months
	#  	If the letter is ommited days will be assumed. In example:
	#  	reset = 10h (reset every 10 hours)
	#  	reset = 12  (reset every 12 days)
	#
	#  The 'key' parameter specifies the unique identifier for the
	#  counter records (usually 'User-Name').
	#
	#  The 'query' parameter specifies the SQL query used to get
	#  the current Counter value from the database. There are 3
	#  parameters that can be used in the query:
	#		%k	'key' parameter
	#		%b	unix time value of beginning of reset period 
	#		%e	unix time value of end of reset period
	#
	#
	#  The 'check-name' parameter is the name of the 'check'
	#  attribute to use to access the counter in the 'users' file
	#  or SQL radcheck or radcheckgroup tables.
	#
	#  DEFAULT  Max-Daily-Session > 3600, Auth-Type = Reject
	#      Reply-Message = "You've used up more than one hour today"
	#
	sqlcounter dailycounter {
		counter-name = Daily-Session-Time
		check-name = Max-Daily-Session
		sqlmod-inst = sqlcca3
		key = User-Name
		reset = daily

		# This query properly handles calls that span from the
		# previous reset period into the current period but
		# involves more work for the SQL server than those
		# below
		query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"

		# This query ignores calls that started in a previous
		# reset period and continue into into this one. But it
		# is a little easier on the SQL server
		# query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')"

		# This query is the same as above, but demonstrates an
		# additional counter parameter '%e' which is the
		# timestamp for the end of the period
		# query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"		
	}

	sqlcounter monthlycounter {
		counter-name = Monthly-Session-Time
		check-name = Max-Monthly-Session
		sqlmod-inst = sqlcca3
		key = User-Name
		reset = monthly

		# This query properly handles calls that span from the
		# previous reset period into the current period but
		# involves more work for the SQL server than those
		# below
		query = "SELECT SUM(AcctSessionTime - GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{%k}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"

		# This query ignores calls that started in a previous
		# reset period and continue into into this one. But it
		# is a little easier on the SQL server
		# query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime > FROM_UNIXTIME('%b')"

		# This query is the same as above, but demonstrates an
		# additional counter parameter '%e' which is the
		# timestamp for the end of the period
		# query = "SELECT SUM(AcctSessionTime) FROM radacct WHERE UserName='%{%k}' AND AcctStartTime BETWEEN FROM_UNIXTIME('%b') AND FROM_UNIXTIME('%e')"		
	}

	#  Do server side ip pool management. Should be added in post-auth and
	#  accounting sections.
	#
	##  This module is highly experimental at the moment. Please
	##  give feedback on the mailing list.
	#
	#  The module also requires the existance of the Pool-Name
	#  attribute. That way the administrator can add the Pool-Name
	#  attribute in the user profiles and use different pools
	#  for different users
	#
	# Example:
	# radiusd.conf: ippool students { [...] }
	# users file  : DEFAULT Group == students, Pool-Name := "students"
	#
	# ********* IF YOU CHANGE THE RANGE PARAMETERS YOU MUST THEN ERASE THE DB FILES *******
	#
	ippool main_pool {

	       #  range-start,range-stop: The start and end ip
	       #  addresses for the ip pool
		range-start = 192.168.1.1
		range-stop = 192.168.3.254

		#  netmask: The network mask used for the ip's
		netmask = 255.255.255.0

		#  cache-size: The gdbm cache size for the db
		#  files. Should be equal to the number of ip's
		#  available in the ip pool
		cache-size = 800

		# session-db: The main db file used to allocate ip's to clients
		session-db = ${raddbdir}/db.ippool

		# ip-index: Helper db index file used in multilink
		ip-index = ${raddbdir}/db.ipindex
	}
       
	#  To create a dbm users file, do:
	#
	#   cat test.users | rlm_dbm_parser -f /etc/raddb/users_db
	#
	#  Then add 'dbm' in 'authorize' section.
	#
	#  Note that even if the file has a ".db" or ".dbm" extension,
	#  you may have to specify it here without that extension.  This
	#  is because the DBM libraries "helpfully" add a ".db" to the
	#  filename, but don't check if it's already there.
	#
	dbm {
		usersfile = ${raddbdir}/users_db
	}

	#
	#  Persistent, embedded Perl interpreter.
	#
	perl {
		#
		#  The Perl script to execute on authorize, authenticate,
		#  accounting, etc.  This is very similar to using
		#  Exec-Program-Wait = "/path/foo.pl", but it is persistent,
		#  and therefore faster.
		#
		#  For now, the attributes are passed in environment
		#  variables (%ENV array).  See doc/variables.txt,
		#  under 'Exec-Program-Wait' for more details.
		#
		#  Any attributes to be added to the request are
		#  returned in the %main::result hash, and exit status
		#  is $!.
		#
        	cmd =  ${raddbdir}/test.pl

		#
		#  The script which provides 'package Embed::Persistent'
		#  without this file, the 'cmd' Perl script will NOT be
		#  persistent, and will not run.
		#
		persistent = ${raddbdir}/persistent.pl
	}

	#
	#  The digest module.  It doesn't take any configuration
	#  parameters, but it does require a configuration section,
	#  otherwise the parser complains.
	#
	#
	#
	#  See '../doc/rfc/draft-sterman-aaa-sip-00.txt' for details
	#  on performing digest authentication for Cisco SIP servers.
	#
	digest {
	}

	#
	#  Perform NT-Domain authentication.  This only works
	#  with PAP authentication.  That is, Authentication-Request
	#  packets containing a User-Password attribute.
	#
	#  To use it, add 'smb' into the 'authenticate' section,
	#  and then in another module (usually the 'users' file),
	#  set 'Auth-Type := SMB'
	#
	smb {
		server = ntdomain.server.example.com
		backup = backup.server.example.com
		domain = NTDOMAIN
	}

	# See doc/rlm_fastusers before using this
	# module or changing these values.
	#
	fastusers {
		usersfile = ${confdir}/users_fast
		hashsize = 1000
		compat = no
		# Reload the hash every 600 seconds (10mins)
		hash_reload = 600
	}

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional