1INN-RADIUS.CONF(5) InterNetNews Documentation INN-RADIUS.CONF(5)
2
3
4
6 inn-radius.conf - Configuration for nnrpd RADIUS authenticator
7
9 This describes the format and attributes of the configuration file for
10 the nnrpd RADIUS authenticator. See radius(8) for more information
11 about the authenticator program. The default location for this file is
12 inn-radius.conf in pathetc.
13
14 Blank lines and lines beginning with "#" are ignored, as is anything
15 after a "#" on a line. All other lines should begin with a parameter
16 name followed by a colon and the value of that key, except that each
17 section of configuration for a particular server should be enclosed in:
18
19 server <name> {
20 # parameters...
21 }
22
23 where <name> is just some convenient label for that server.
24
26 The available parameters are:
27
28 radhost
29 The hostname of the RADIUS server to use for authentication. This
30 parameter must be set.
31
32 radport
33 The port to query on the RADIUS server. Defaults to 1645 if not
34 set.
35
36 lochost
37 The hostname or IP address making the request. The RADIUS server
38 expects an IP address; a hostname will be translated into an IP
39 address with gethostbyname(). If not given, this information isn't
40 included in the request (not all RADIUS setups require this
41 information).
42
43 locport
44 The port the client being authenticated is connecting to. If not
45 given, defaults to 119. This doesn't need to be set unless readers
46 are connecting to a non-standard port.
47
48 secret
49 The shared secret with the RADIUS server. If your secret includes
50 spaces, tabs, or "#", be sure to include it in double quotes. This
51 parameter must be set.
52
53 prefix
54 Prepend the value of this parameter to all usernames before passing
55 them to the RADIUS server. Can be used to prepend something like
56 "news-" to all usernames in order to put news users into a
57 different namespace from other accounts served by the same server.
58 If not set, nothing is prepended.
59
60 suffix
61 Append the value of this parameter to all usernames before passing
62 them to the RADIUS server. This is often something like
63 "@example.com", depending on how your RADIUS server is set up. If
64 not set, nothing is appended.
65
66 ignore-source
67 Can be set to "true" or "false". If set to false, the RADIUS
68 authenticator will check to ensure that the response it receives is
69 from the same IP address as it sent the request to (for some added
70 security). If set to true, it will skip this verification check
71 (if your RADIUS server has multiple IP addresses or if other odd
72 things are going on, it may be perfectly normal for the response to
73 come from a different IP address).
74
76 Here is a configuration for a news server named news.example.com,
77 authenticating users against radius.example.com and appending
78 "@example.com" to all client-supplied usernames before passing them to
79 the RADIUS server:
80
81 server example {
82 radhost: radius.example.com
83 lochost: news.example.com
84 secret: IamARADIUSsecRET
85 suffix: @example.com
86 }
87
88 The shared secret with the RADIUS server is "IamARADIUSsecRET".
89
91 This documentation was written by Russ Allbery <eagle@eyrie.org> based
92 on the comments in the sample inn-radius.conf file by Yury B. Razbegin.
93
94 $Id: inn-radius.conf.pod 9940 2015-09-04 12:58:15Z iulius $
95
97 radius(8).
98
99
100
101INN 2.6.3 2015-09-12 INN-RADIUS.CONF(5)