1RADIUS.CONF(5)            InterNetNews Documentation            RADIUS.CONF(5)
2
3
4

NAME

6       radius.conf - Configuration for nnrpd RADIUS authenticator
7

DESCRIPTION

9       This describes the format and attributes of the configuration file for
10       the nnrpd RADIUS authenticator.  See radius(1) for more information
11       about the authenticator program.  The default location for this file is
12       radius.conf in pathetc.
13
14       Blank lines and lines beginning with "#" are ignored, as is anything
15       after a "#" on a line.  All other lines should begin with a parameter
16       name followed by a colon and the value of that key, except that each
17       section of configuration for a particular server should be enclosed in:
18
19           server <name> {
20               # parameters...
21           }
22
23       where <name> is just some convenient label for that server.
24
25       The available parameters are:
26
27       radhost
28           The hostname of the RADIUS server to use for authentication.  This
29           parameter must be set.
30
31       radport
32           The port to query on the RADIUS server.  Defaults to 1645 if not
33           set.
34
35       lochost
36           The hostname or IP address making the request.  The RADIUS server
37           expects an IP address; a hostname will be translated into an IP
38           address with gethostbyname().  If not given, this information isn't
39           included in the request (not all RADIUS setups require this
40           information).
41
42       locport
43           The port the client being authenticated is connecting to.  If not
44           given, defaults to 119.  This doesn't need to be set unless readers
45           are connecting to a non-standard port.
46
47       secret
48           The shared secret with the RADIUS server.  If your secret includes
49           spaces, tabs, or "#", be sure to include it in double quotes.  This
50           parameter must be set.
51
52       prefix
53           Prepend the value of this parameter to all usernames before passing
54           them to the RADIUS server.  Can be used to prepend something like
55           "news-" to all usernames in order to put news users into a
56           different namespace from other accounts served by the same server.
57           If not set, nothing is prepended.
58
59       suffix
60           Append the value of this parameter to all usernames before passing
61           them to the RADIUS server.  This is often something like
62           "@example.com", depending on how your RADIUS server is set up.  If
63           not set, nothing is appended.
64
65       ignore-source
66           Can be set to "true" or "false".  If set to false, the RADIUS
67           authenticator will check to ensure that the response it receives is
68           from the same IP address as it sent the request to (for some added
69           security).  If set to true, it will skip this verification check
70           (if your RADIUS server has multiple IP addresses or if other odd
71           things are going on, it may be perfectly normal for the response to
72           come from a different IP address).
73

EXAMPLE

75       Here is a configuration for a news server named news.example.com,
76       authenticating users against radius.example.com and appending
77       "@example.com" to all client-supplied usernames before passing them to
78       the RADIUS server:
79
80           server example {
81               radhost: radius.example.com
82               lochost: news.example.com
83               secret: IamARADIUSsecRET
84               suffix: @example.com
85           }
86
87       The shared secret with the RADIUS server is "IamARADIUSsecRET".
88

HISTORY

90       This documentation was written by Russ Allbery <rra@stanford.edu> based
91       on the comments in the sample radius.conf file by Yury B. Razbegin.
92
93       $Id: radius.conf.pod 8200 2008-11-30 13:31:30Z iulius $
94

SEE ALSO

96       radius(1)
97
98
99
100INN 2.5.2                         2010-08-11                    RADIUS.CONF(5)
Impressum