Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Contact Us
Online Help
Domain Status
Man Pages

Virtual Servers

Topology Map

Server Agreement
Year 2038

USA Flag



Man Pages

Manual Reference Pages  -  INN-RADIUS.CONF (5)

.ds Aq ’


inn-radius.conf - Configuration for nnrpd RADIUS authenticator



This describes the format and attributes of the configuration file for the nnrpd RADIUS authenticator. See radius(8) for more information about the authenticator program. The default location for this file is inn-radius.conf in pathetc.

Blank lines and lines beginning with # are ignored, as is anything after a # on a line. All other lines should begin with a parameter name followed by a colon and the value of that key, except that each section of configuration for a particular server should be enclosed in:

    server <name> {
        # parameters...

where <name> is just some convenient label for that server.


The available parameters are:
radhost The hostname of the RADIUS server to use for authentication. This parameter must be set.
radport The port to query on the RADIUS server. Defaults to 1645 if not set.
lochost The hostname or IP address making the request. The RADIUS server expects an IP address; a hostname will be translated into an IP address with gethostbyname(). If not given, this information isn’t included in the request (not all RADIUS setups require this information).
locport The port the client being authenticated is connecting to. If not given, defaults to 119. This doesn’t need to be set unless readers are connecting to a non-standard port.
secret The shared secret with the RADIUS server. If your secret includes spaces, tabs, or #, be sure to include it in double quotes. This parameter must be set.
prefix Prepend the value of this parameter to all usernames before passing them to the RADIUS server. Can be used to prepend something like news- to all usernames in order to put news users into a different namespace from other accounts served by the same server. If not set, nothing is prepended.
suffix Append the value of this parameter to all usernames before passing them to the RADIUS server. This is often something like, depending on how your RADIUS server is set up. If not set, nothing is appended.
ignore-source Can be set to true or false. If set to false, the RADIUS authenticator will check to ensure that the response it receives is from the same IP address as it sent the request to (for some added security). If set to true, it will skip this verification check (if your RADIUS server has multiple IP addresses or if other odd things are going on, it may be perfectly normal for the response to come from a different IP address).


Here is a configuration for a news server named, authenticating users against and appending to all client-supplied usernames before passing them to the RADIUS server:

    server example {
        secret: IamARADIUSsecRET

The shared secret with the RADIUS server is IamARADIUSsecRET.


This documentation was written by Russ Allbery <> based on the comments in the sample inn-radius.conf file by Yury B. Razbegin.

$Id: inn-radius.conf.pod 9940 2015-09-04 12:58:15Z iulius $


Search for    or go to Top of page |  Section 5 |  Main Index

INN 2.6.0 INN-RADIUS.CONF (5) 2015-09-12

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.