#
# proxy.conf - proxy radius and realm configuration directives
#
# This file is included by default. To disable it, you will need
# to modify the PROXY CONFIGURATION section of "radiusd.conf".
#
#######################################################################
#
# Proxy server configuration
#
# This entry controls the servers behaviour towards ALL other servers
# to which it sends proxy requests.
#
proxy server {
#
# If the NAS re-sends the request to us, we can immediately re-send
# the proxy request to the end server. To do so, use 'yes' here.
#
# If this is set to 'no', then we send the retries on our own schedule,
# and ignore any duplicate NAS requests.
#
# If you want to have the server send proxy retries ONLY when the NAS
# sends it's retries to the server, then set this to 'yes', and
# set the other proxy configuration parameters to 0 (zero).
#
synchronous = no
#
# The time (in seconds) to wait for a response from the proxy, before
# re-sending the proxied request.
#
# If this time is set too high, then the NAS may re-send the request,
# or it may give up entirely, and reject the user.
#
# If it is set too low, then the RADIUS server which receives the proxy
# request will get kicked unnecessarily.
#
retry_delay = 5
#
# The number of retries to send before giving up, and sending a reject
# message to the NAS.
#
retry_count = 3
#
# If the home server does not respond to any of the multiple retries,
# then FreeRADIUS will stop sending it proxy requests, and mark it 'dead'.
#
# If there are multiple entries configured for this realm, then the
# server will fail-over to the next one listed. If no more are listed,
# then no requests will be proxied to that realm.
#
#
# After a configurable 'dead_time', in seconds, FreeRADIUS will
# speculatively mark the home server active, and start sending requests
# to it again.
#
# If this dead time is set too low, then you will lose requests,
# as FreeRADIUS will quickly switch back to the home server, even if
# it isn't up again.
#
# If this dead time is set too high, then FreeRADIUS may take too long
# to switch back to the primary home server.
#
# Realistic values for this number are in the range of minutes to hours.
# (60 to 3600)
#
dead_time = 120
# If you choose to list a realm more then once for fall-through or
# round-robin, then specify the total number of alternates here. Specify
# a ldflag attribute for all realms to be included in a round-robin
# setup. Currently (0 or fail_over) and (1 or round_robin) are the
# supported values for ldflag. Fail-Over is the default setup.
#
servers_per_realm = 15
#
# If all exact matching realms did not respond, we can try the
# DEFAULT realm, too. This is what the server normally does.
#
# This behaviour may be undesired for some cases. e.g. You are proxying
# for two different ISP's, and then act as a general dial-up for Gric.
# If one of the first two ISP's has their RADIUS server go down, you do
# NOT want to proxy those requests to GRIC. Instead, you probably want
# to just drop the requests on the floor. In that case, set this value
# to 'no'.
#
# allowed values: {yes, no}
#
default_fallback = yes
}
#######################################################################
#
# Configuration for the proxy realms.
#
# The information given here is used in conjunction with the 'realms'
# file. This format is preferred, as it is more flexible. The realms
# listed here take priority over those listed in the 'realms' file.
#
#realm isp2.com {
# type = radius
# authhost = radius.isp2.com:1645
# accthost = radius.isp2.com:1646
# secret = TheirKey
# nostrip
#}
#
# a fail-over realm for isp2.com
#
#realm isp2.com {
# type = radius
# authhost = radius2.isp2.com:1645
# accthost = radius2.isp2.com:1646
# secret = TheirKey2
# nostrip
#}
#
# 1st node serv.com...set up for round-robin.
# The ldflag attribute must be specified on all
# realms included in a rr scheme. ldflag may also
# be set as zero on realms using fail-over. Currently
# (0 or fail_over) and (1 or round_robin) are the only
# accepted values for ldflag. Fail-Over is the default setup.
#
#realm serv.com {
# type = radius
# authhost = radius.serv.com:1645
# accthost = radius.serv.com:1646
# secret = TheirKey
# ldflag = round_robin
# nostrip
#}
#
# Another node for serv.com
#
#realm serv.com {
# type = radius
# authhost = radius2.serv.com:1645
# accthost = radius2.serv.com:1646
# secret = TheirKey2
# ldflag = round_robin
# nostrip
#}
#
# A third round-robin node realm for serv.com
#
#realm serv.com {
# type = radius
# authhost = radius3.serv.com:1645
# accthost = radius3.serv.com:1646
# secret = TheirKey2
# ldflag = round_robin
# nostrip
#}
#
#
#realm company.com {
# type = radius
# authhost = radius.company.com:1600
# accthost = radius.company.com:1601
# secret = testing123
#}
#
# This is a local realm. The requests are NOT proxied,
# but instead are authenticated by the RADIUS server itself.
#
# You don't need a secret if BOTH 'authhost' and 'accthost' are
# set to LOCAL.
#
#realm bla.com {
# type = radius
# authhost = LOCAL
# accthost = LOCAL
#}
#
# This realm is for requests which don't have an explicit realm
# prefix or suffix. User names like "bob" will match this one.
#
#realm NULL {
# type = radius
# authhost = radius.company.com:1600
# accthost = radius.company.com:1601
# secret = testing123
#}
#
# This realm is for ALL OTHER requests.
#
#realm DEFAULT {
# type = radius
# authhost = radius.company.com:1600
# accthost = radius.company.com:1601
# secret = testing123
#}
#realm myfakerealm {
# type = radius
# authhost = radius.company.com:1600
# accthost = radius.company.com:1601
# secret = testing123
# notrealm
#}
