GitLab/ocserv
1
0
Fork 0
mirror of https://gitlab.com/openconnect/ocserv.git synced 2026-02-10 00:37:00 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
d925276da8e6cb0298e0d30006fbd162e043ff03
ocserv/doc
History
Aron Xu d925276da8 Remove syslog.target from systemd service files 
syslog is now socket-activated on all major distributions, hence
the target is deprecated.

Signed-off-by: Aron Xu <aron@debian.org>
2015-01-24 10:15:57 +01:00
..
dbus
No need to install the dbus service file.
2014-01-28 17:56:37 +01:00
scripts
Added the STATS_DURATION script environment variable.
2014-05-04 11:20:32 +02:00
systemd
Remove syslog.target from systemd service files
2015-01-24 10:15:57 +01:00
auth-state.dia
Updated authentication state and design figures.
2014-05-14 14:50:03 +02:00
design.dia
Updated authentication state and design figures.
2014-05-14 14:50:03 +02:00
Makefile.am
Added README.radius
2014-12-11 12:09:56 +01:00
profile.xml
Allow Remote Desktop Users to establish AnyConnect connections
2014-01-29 13:58:28 +01:00
README.radius
radius: added support for Framed-IPv6-Prefix
2014-12-29 20:00:45 +02:00
sample.config
doc update
2015-01-20 14:26:42 +01:00
sample.passwd
Added the select-group and auto-select-group config options.
2014-05-19 18:25:25 +02:00
session-seq-diagram.dia
Added sequence diagram describing the session control operation.
2014-06-10 15:39:10 +02:00

README.radius 

============================================
	Using Radius with ocserv
============================================

For radius support the freeradius-client library is required. Currently
(2014-12-14) the best would be to use the version from the git repository
at: https://github.com/FreeRADIUS/freeradius-client

Freeradius-client uses a configuration file to setup the
server configuration. That is typically found at:
/etc/radiusclient/radiusclient.conf
and is best to copy the default installed by freeradius-client
as radiusclient-ocserv.conf and edit it accordingly.

The important options for ocserv usage are the following:
dictionary 	/etc/radiusclient/dictionary
servers         /etc/radiusclient/servers

The dictionary should contain at least the attributes shown below,
and the servers file should contain the radius server to use.

============================================
	Ocserv configuration
============================================

For authentication the following line should be enabled.
#auth = "radius[/path/to/radiusclient.conf,groupconfig]"

Check the ocserv manpage for the meaning of the various options
such as groupconfig.

To enable accounting, set the following option to the time (in
seconds), that accounting information should be reported.
#stats-report-time = 360


============================================
	Dictionary
============================================

#
# Ocserv would support the following radious attributes.
#

#	Standard attributes
ATTRIBUTE	User-Name		1	string
ATTRIBUTE	Password		2	string
ATTRIBUTE	Framed-Protocol		7	integer
ATTRIBUTE	Framed-IP-Address	8	ipaddr
ATTRIBUTE	Framed-IP-Netmask	9	ipaddr
ATTRIBUTE       Framed-Route            22      string
ATTRIBUTE	Acct-Input-Octets	42	integer
ATTRIBUTE	Acct-Output-Octets	43	integer
ATTRIBUTE	Acct-Session-Id		44	string
ATTRIBUTE	Acct-Input-Gigawords	52	integer
ATTRIBUTE	Acct-Output-Gigawords	53	integer

#	IPv6 attributes
ATTRIBUTE       Framed-IPv6-Route       99      string
ATTRIBUTE	Framed-IPv6-Prefix	97	ipv6prefix
ATTRIBUTE	Framed-IPv6-Address	168	ipv6addr
ATTRIBUTE	DNS-Server-IPv6-Address	169	ipv6addr


#	Experimental Non Protocol Attributes used by Cistron-Radiusd
#
ATTRIBUTE	Group-Name		1030	string

#	DNS server extensions
VENDOR Microsoft 311

BEGIN-VENDOR Microsoft

ATTRIBUTE	MS-Primary-DNS-Server 	28 	ipaddr
ATTRIBUTE 	MS-Secondary-DNS-Server 29 	ipaddr

END-VENDOR Microsoft
Reference in New Issue View Git Blame Copy Permalink