# General settings # specify which authentication comes first respectively which # authentication is used. possible values are: "radius" and "local". # if you specify "radius,local" then the RADIUS server is asked # first then the local one. if only one keyword is specified only # this server is asked. auth_order radius,local # maximum login tries a user has login_tries 4 # timeout for all login tries # if this time is exceeded the user is kicked out login_timeout 60 # RADIUS settings # RADIUS server to use for authentication requests. this config # item can appear more then one time. if multiple servers are # defined they are tried in a round robin fashion if one # server is not answering. # optionally you can specify a the port number on which is remote # RADIUS listens separated by a colon from the hostname. if # no port is specified /etc/services is consulted of the radius # service. if this fails also a compiled in default is used. authserver localhost # RADIUS server to use for accounting requests. All that I # said for authserver applies, too. # acctserver localhost # file holding shared secrets used for the communication # between the RADIUS client and server servers ./data/radiusclient/servers # dictionary of allowed attributes and values # just like in the normal RADIUS distributions dictionary ./data/radiusclient/dictionary # file which holds sequence number for communication with the # RADIUS server seqfile ./radius.seq.tmp # file which specifies mapping between ttyname and NAS-Port attribute #mapfile ./data/radiusclient/port-id-map # default authentication realm to append to all usernames if no # realm was explicitly specified by the user # the radiusd directly form Livingston doesn't use any realms, so leave # it blank then default_realm # time to wait for a reply from the RADIUS server radius_timeout 10 # resend request this many times before trying the next server radius_retries 3 # The length of time in seconds that we skip a nonresponsive RADIUS # server for transaction requests. Server(s) being in the "dead" state # are tried only after all other non-dead servers have been tried and # failed or timeouted. The deadtime interval starts when the server # does not respond to an authentication/accounting request transmissions. # When the interval expires, the "dead" server would be re-tried again, # and if it's still down then it will be considered "dead" for another # such interval and so on. This option is no-op if there is only one # server in the list. Set to 0 in order to disable the feature. radius_deadtime 0 # local address from which radius packets have to be sent bindaddr *