# # This file contains the configuration for experimental modules. # # By default, it is NOT included in the build. # # $Id: experimental.conf,v 1.25.2.1.2.3 2007/07/17 12:49:28 pnixon Exp $ # # Configuration for the Python module. # # Where radiusd is a Python module, radiusd.py, and the # function 'authorize' is called. Here is a dummy piece # of code: # # def authorize(params): # print params # return (5, ('Reply-Message', 'banned')) # # The RADIUS value-pairs are passed as a tuple of tuple # pairs as the first argument, e.g. (('attribute1', # 'value1'), ('attribute2', 'value2')) # # The function return is a tuple with the first element # being the return value of the function. # The 5 corresponds to RLM_MODULE_USERLOCK. I plan to # write the return values as Python symbols to avoid # confusion. # # The remaining tuple members are the string form of # value-pairs which are passed on to pairmake(). # python { mod_instantiate = radiusd_test func_instantiate = instantiate mod_authorize = radiusd_test func_authorize = authorize mod_accounting = radiusd_test func_accounting = accounting mod_preacct = radiusd_test func_preacct = preacct mod_detach = radiusd_test func_detach = detach } # Configuration for the example module. Uncommenting it will cause it # to get loaded and initialized, but should have no real effect as long # it is not referencened in one of the autz/auth/preacct/acct sections example { # Boolean variable. # allowed values: {no, yes} boolean = yes # An integer, of any value. integer = 16 # A string. string = "This is an example configuration string" # An IP address, either in dotted quad (1.2.3.4) or hostname # (example.com) ipaddr = 127.0.0.1 # A subsection mysubsection { anotherinteger = 1000 # They nest deeply nested { string = "This is a different string" } } } # # To create a dbm users file, do: # # cat test.users | rlm_dbm_parser -f /etc/raddb/users_db # # Then add 'dbm' in 'authorize' section. # # Note that even if the file has a ".db" or ".dbm" extension, # you may have to specify it here without that extension. This # is because the DBM libraries "helpfully" add a ".db" to the # filename, but don't check if it's already there. # dbm { usersfile = ${raddbdir}/users_db } # # Persistent, embedded Perl interpreter. # perl { # # The Perl script to execute on authorize, authenticate, # accounting, xlat, etc. This is very similar to using # Exec-Program-Wait = "/path/foo.pl", but it is persistent, # and therefore faster. # module = /path/to/your/perl_program # # The following hashes are given to the module and # filled with value-pairs (Attribute names and values) # # %RAD_REPLY Attributes to go into the reply # %RAD_REQUEST Attributes from the request # %RAD_CHECK Check items # # Only the %RAD_REPLY hash can be modified. # All of the other hashes are read only. # # The return codes from functions in the perl_script # are passed directly back to the server. These # codes are defined in doc/configurable_failover, # src/include/modules.h (RLM_MODULE_REJECT, etc), # and are pre-defined in the 'example.pl' program # which is included. # func_accounting = accounting func_authenticate = authenticate func_authorize = authorize func_preacct = preacct func_checksimul = checksimul func_xlat = xlat func_post_auth = post_auth } # # Perform NT-Domain authentication. This only works # with PAP authentication. That is, Authentication-Request # packets containing a User-Password attribute. # # To use it, add 'smb' into the 'authenticate' section, # and then in another module (usually the 'users' file), # set 'Auth-Type := SMB' # # WARNING: this module is not only experimental, it's also # a security threat. It's not recommended to use it until # it gets fixed. # smb { server = ntdomain.server.example.com backup = backup.server.example.com domain = NTDOMAIN } # See doc/rlm_fastusers before using this # module or changing these values. # fastusers { usersfile = ${confdir}/users_fast hashsize = 1000 compat = no # Reload the hash every 600 seconds (10mins) hash_reload = 600 }