GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  RADIUS.CONF (5)

NAME

radius.conf - RADIUS client configuration file

CONTENTS

Synopsis
Description
Files
Examples
See Also
Authors

SYNOPSIS

/etc/radius.conf

DESCRIPTION

radius.conf contains the information necessary to configure the RADIUS client library. It is parsed by rad_config(3). The file contains one or more lines of text, each describing a single RADIUS server which will be used by the library. Leading white space is ignored, as are empty lines and lines containing only comments.

A RADIUS server is described by three to seven fields on a line:

Service type
Server host
Shared secret
Timeout
Retries
Dead time
Bind address

The fields are separated by white space. The #’ character at the beginning of a field begins a comment, which extends to the end of the line. A field may be enclosed in double quotes, in which case it may contain white space and/or begin with the #’ character. Within a quoted string, the double quote character can be represented by \’, and the backslash can be represented by \\’. No other escape sequences are supported.

The first field gives the service type, either auth’ for RADIUS authentication or acct’ for RADIUS accounting. If a single server provides both services, two lines are required in the file. Earlier versions of this file did not include a service type. For backward compatibility, if the first field is not auth’ or acct’ the library behaves as if auth’ were specified, and interprets the fields in the line as if they were fields two through five.

The second field specifies the server host, either as a fully qualified domain name or as a dotted-quad IP address. The host may optionally be followed by a :’ and a numeric port number, without intervening white space. If the port specification is omitted, it defaults to the radius’ or radacct’ service in the /etc/services file for service types auth’ and acct’, respectively. If no such entry is present, the standard ports 1812 and 1813 are used.

The third field contains the shared secret, which should be known only to the client and server hosts. It is an arbitrary string of characters, though it must be enclosed in double quotes if it contains white space. The shared secret may be any length, but the RADIUS protocol uses only the first 128 characters. N.B., some popular RADIUS servers have bugs which prevent them from working properly with secrets longer than 16 characters.

The fourth field contains a decimal integer specifying the timeout in seconds for receiving a valid reply from the server. If this field is omitted, it defaults to 3 seconds.

The fifth field contains a decimal integer specifying the maximum number of attempts that will be made to authenticate with the server before giving up. If omitted, it defaults to 3 attempts. Note, this is the total number of attempts and not the number of retries.

The sixth field contains a decimal integer specifying a time interval in seconds when the server will not requested if it was inaccessible on the last try. 0 means ask always.

The seventh field contains an IP address on multihomed host. All requests will be binded to this IP.

Up to 10 RADIUS servers may be specified for each service type. The servers are tried in round-robin fashion, until a valid response is received or the maximum number of tries has been reached for all servers.

The standard location for this file is /etc/radius.conf. But an alternate pathname may be specified in the call to rad_config(3). Since the file contains sensitive information in the form of the shared secrets, it should not be readable except by root.

FILES

/etc/radius.conf
 

EXAMPLES

# A simple entry using all the defaults:
acct  radius1.domain.com  OurLittleSecret

# A server still using the obsolete RADIUS port, with increased # timeout and maximum tries: auth auth.domain.com:1645 "I can’t see you" 5 4

# As above but set dead time and bind address auth auth.domain.com:1645 "I can’t see you" 5 4 60 192.168.1.8

# A server specified by its IP address: auth 192.168.27.81 $X*#..38947ax-+=

SEE ALSO

libradius(3)
.Rs Remote Authentication Dial In User Service (RADIUS)
.Re
.Rs RADIUS Accounting
.Re

AUTHORS

This documentation was written by
.An John Polstra , and donated to the
.Fx project by Juniper Networks, Inc.
Search for    or go to Top of page |  Section 5 |  Main Index


Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.