👤
Home Man
Search
Today's Posts
Register

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

NetBSD 6.1.5 - man page for radius.conf (netbsd section 5)

RADIUS.CONF(5)			     BSD File Formats Manual			   RADIUS.CONF(5)

NAME
     radius.conf -- RADIUS client configuration file

SYNOPSIS
     /etc/radius.conf

DESCRIPTION
     radius.conf contains the information necessary to configure the RADIUS client library.  It
     is parsed by rad_config(3).  The file contains one or more lines of text, each describing a
     single RADIUS server which will be used by the library.  Leading white space is ignored, as
     are empty lines and lines containing only comments.

     A RADIUS server is described by three to five fields on a line:

	   Service type
	   Server host
	   Shared secret
	   Timeout
	   Retries

     The fields are separated by white space.  The '#' character at the beginning of a field
     begins a comment, which extends to the end of the line.  A field may be enclosed in double
     quotes, in which case it may contain white space and/or begin with the '#' character.
     Within a quoted string, the double quote character can be represented by '\"', and the back-
     slash can be represented by '\\'.	No other escape sequences are supported.

     The first field gives the service type, either 'auth' for RADIUS authentication or 'acct'
     for RADIUS accounting.  If a single server provides both services, two lines are required in
     the file.	Earlier versions of this file did not include a service type.  For backward com-
     patibility, if the first field is not 'auth' or 'acct' the library behaves as if 'auth' were
     specified, and interprets the fields in the line as if they were fields two through five.

     The second field specifies the server host, either as a fully qualified domain name or as a
     dotted-quad IP address.  The host may optionally be followed by a ':' and a numeric port
     number, without intervening white space.  If the port specification is omitted, it defaults
     to the 'radius' or 'radacct' service in the /etc/services file for service types 'auth' and
     'acct', respectively.  If no such entry is present, the standard ports 1812 and 1813 are
     used.

     The third field contains the shared secret, which should be known only to the client and
     server hosts.  It is an arbitrary string of characters, though it must be enclosed in double
     quotes if it contains white space.  The shared secret may be any length, but the RADIUS pro-
     tocol uses only the first 128 characters.	N.B., some popular RADIUS servers have bugs which
     prevent them from working properly with secrets longer than 16 characters.

     The fourth field contains a decimal integer specifying the timeout in seconds for receiving
     a valid reply from the server.  If this field is omitted, it defaults to 3 seconds.

     The fifth field contains a decimal integer specifying the maximum number of attempts that
     will be made to authenticate with the server before giving up.  If omitted, it defaults to 3
     attempts.	Note, this is the total number of attempts and not the number of retries.

     Up to 10 RADIUS servers may be specified for each service type.  The servers are tried in
     round-robin fashion, until a valid response is received or the maximum number of tries has
     been reached for all servers.

     The standard location for this file is /etc/radius.conf.  But an alternate pathname may be
     specified in the call to rad_config(3).  Since the file contains sensitive information in
     the form of the shared secrets, it should not be readable except by root.

FILES
     /etc/radius.conf

EXAMPLES
     # A simple entry using all the defaults:
     acct  radius1.domain.com  OurLittleSecret

     # A server still using the obsolete RADIUS port, with increased
     # timeout and maximum tries:
     auth  auth.domain.com:1645  "I can't see you"  5  4

     # A server specified by its IP address:
     auth  192.168.27.81  $X*#..38947ax-+=

SEE ALSO
     libradius(3)

     C. Rigney, et al, Remote Authentication Dial In User Service (RADIUS), RFC 2138.

     C. Rigney, RADIUS Accounting, RFC 2139.

AUTHORS
     This documentation was written by John Polstra, and donated to the FreeBSD project by
     Juniper Networks, Inc.

BSD					 October 30, 1999				      BSD


All times are GMT -4. The time now is 06:18 PM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
×
UNIX.COM Login
Username:
Password:  
Show Password





Not a Forum Member?
Forgot Password?