*nix Documentation Project
·  Home
 +   man pages
·  Linux HOWTOs
·  FreeBSD Tips
·  *niX Forums

  man pages->FreeBSD man pages -> radius.conf (5)              
Title
Content
Arch
Section
 

RADIUS.CONF(5)

Contents


NAME    [Toc]    [Back]

     radius.conf -- RADIUS client configuration file

SYNOPSIS    [Toc]    [Back]

     /etc/radius.conf

DESCRIPTION    [Toc]    [Back]

     radius.conf contains the information necessary to configure the RADIUS
     client library.  It is parsed by rad_config(3).  The file contains one or
     more lines of text, each describing a single RADIUS server which will be
     used by the library.  Leading white space is ignored, as are empty lines
     and lines containing only comments.

     A RADIUS server is described by three to five fields on a line:

	   Service type
	   Server host
	   Shared secret
	   Timeout
	   Retries

     The fields are separated by white space.  The `#' character at the beginning
 of a field begins a comment, which extends to the end of the line.
     A field may be enclosed in double quotes, in which case it may contain
     white space and/or begin with the `#' character.  Within a quoted string,
     the double quote character can be represented by `\"', and the backslash
     can be represented by `\\'.  No other escape sequences are supported.

     The first field gives the service type, either `auth' for RADIUS authentication
 or `acct' for RADIUS accounting.	If a single server provides
     both services, two lines are required in the file.  Earlier versions of
     this file did not include a service type.	For backward compatibility, if
     the first field is not `auth' or `acct' the library behaves as if `auth'
     were specified, and interprets the fields in the line as if they were
     fields two through five.

     The second field specifies the server host, either as a fully qualified
     domain name or as a dotted-quad IP address.  The host may optionally be
     followed by a `:' and a numeric port number, without intervening white
     space.  If the port specification is omitted, it defaults to the `radius'
     or `radacct' service in the /etc/services file for service types `auth'
     and `acct', respectively.	If no such entry is present, the standard
     ports 1812 and 1813 are used.

     The third field contains the shared secret, which should be known only to
     the client and server hosts.  It is an arbitrary string of characters,
     though it must be enclosed in double quotes if it contains white space.
     The shared secret may be any length, but the RADIUS protocol uses only
     the first 128 characters.	N.B., some popular RADIUS servers have bugs
     which prevent them from working properly with secrets longer than 16
     characters.

     The fourth field contains a decimal integer specifying the timeout in
     seconds for receiving a valid reply from the server.  If this field is
     omitted, it defaults to 3 seconds.

     The fifth field contains a decimal integer specifying the maximum number
     of attempts that will be made to authenticate with the server before giving
 up.  If omitted, it defaults to 3 attempts.  Note, this is the total
     number of attempts and not the number of retries.

     Up to 10 RADIUS servers may be specified for each service type.  The
     servers are tried in round-robin fashion, until a valid response is
     received or the maximum number of tries has been reached for all servers.

     The standard location for this file is /etc/radius.conf.  But an alternate
 pathname may be specified in the call to rad_config(3).  Since the
     file contains sensitive information in the form of the shared secrets, it
     should not be readable except by root.

FILES    [Toc]    [Back]

     /etc/radius.conf

EXAMPLES    [Toc]    [Back]

     # A simple entry using all the defaults:
     acct  radius1.domain.com  OurLittleSecret

     # A server still using the obsolete RADIUS port, with increased
     # timeout and maximum tries:
     auth  auth.domain.com:1645  "I can't see you"  5  4

     # A server specified by its IP address:
     auth  192.168.27.81  $X*#..38947ax-+=

SEE ALSO    [Toc]    [Back]

      
      
     libradius(3)

     C. Rigney, et al, Remote Authentication Dial In User Service (RADIUS),
     RFC 2138.

     C. Rigney, RADIUS Accounting, RFC 2139.

AUTHORS    [Toc]    [Back]

     This documentation was written by John Polstra, and donated to the
     FreeBSD project by Juniper Networks, Inc.


FreeBSD 5.2.1		       October 30, 1999 		 FreeBSD 5.2.1
[ Back ]
 Similar pages
Name OS Title
libradius FreeBSD RADIUS client library
dhclient.conf OpenBSD DHCP client configuration file
dhclient.conf FreeBSD DHCP client configuration file
dhclient.conf Linux DHCP client configuration file
tacplus.conf FreeBSD TACACS+ client configuration file
ssh2_config Tru64 Configuration file for the Secure Shell client
info HP-UX diskless client configuration information file
ssh-validate-conf Tru64 Verifies the Secure Shell client or server configuration file.
pppoec.conf HP-UX PPPoE (Point to Point Protocol over Ethernet) client configuration file
dhcpparm Tru64 Daemon for client configuration
Copyright © 2004-2005 DeniX Solutions SRL
newsletter delivery service