mirror of
https://gitlab.com/openconnect/ocserv.git
synced 2026-02-10 16:57:00 +08:00
79 lines
2.3 KiB
Plaintext
79 lines
2.3 KiB
Plaintext
============================================
|
|
Using Radius with ocserv
|
|
============================================
|
|
|
|
For radius support the freeradius-client library is required. Currently
|
|
(2014-12-14) the best would be to use the version from the git repository
|
|
at: https://github.com/FreeRADIUS/freeradius-client
|
|
|
|
Freeradius-client uses a configuration file to setup the
|
|
server configuration. That is typically found at:
|
|
/etc/radiusclient/radiusclient.conf
|
|
and is best to copy the default installed by freeradius-client
|
|
as radiusclient-ocserv.conf and edit it accordingly.
|
|
|
|
The important options for ocserv usage are the following:
|
|
dictionary /etc/radiusclient/dictionary
|
|
servers /etc/radiusclient/servers
|
|
|
|
The dictionary should contain at least the attributes shown below,
|
|
and the servers file should contain the radius server to use.
|
|
|
|
============================================
|
|
Ocserv configuration
|
|
============================================
|
|
|
|
For authentication the following line should be enabled.
|
|
#auth = "radius[/path/to/radiusclient.conf,groupconfig]"
|
|
|
|
Check the ocserv manpage for the meaning of the various options
|
|
such as groupconfig.
|
|
|
|
To enable accounting, set the following option to the time (in
|
|
seconds), that accounting information should be reported.
|
|
#stats-report-time = 360
|
|
|
|
|
|
============================================
|
|
Dictionary
|
|
============================================
|
|
|
|
#
|
|
# Ocserv would support the following radious attributes.
|
|
#
|
|
|
|
# Standard attributes
|
|
ATTRIBUTE User-Name 1 string
|
|
ATTRIBUTE Password 2 string
|
|
ATTRIBUTE Framed-Protocol 7 integer
|
|
ATTRIBUTE Framed-IP-Address 8 ipaddr
|
|
ATTRIBUTE Framed-IP-Netmask 9 ipaddr
|
|
ATTRIBUTE Framed-Route 22 string
|
|
ATTRIBUTE Acct-Input-Octets 42 integer
|
|
ATTRIBUTE Acct-Output-Octets 43 integer
|
|
ATTRIBUTE Acct-Session-Id 44 string
|
|
ATTRIBUTE Acct-Input-Gigawords 52 integer
|
|
ATTRIBUTE Acct-Output-Gigawords 53 integer
|
|
ATTRIBUTE Framed-IPv6-Route 99 string
|
|
|
|
# IPv6 attributes
|
|
ATTRIBUTE Framed-IPv6-Address 168 ipv6addr
|
|
ATTRIBUTE DNS-Server-IPv6-Address 169 ipv6addr
|
|
|
|
|
|
# Experimental Non Protocol Attributes used by Cistron-Radiusd
|
|
#
|
|
ATTRIBUTE Group-Name 1030 string
|
|
|
|
# DNS server extensions
|
|
VENDOR Microsoft 311
|
|
|
|
BEGIN-VENDOR Microsoft
|
|
|
|
ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr
|
|
ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr
|
|
|
|
END-VENDOR Microsoft
|
|
|
|
|