#
# This file contains the configuration for experimental modules.
#
# By default, it is NOT included in the build.
#
# $Id: experimental.conf,v 1.25.2.1.2.3 2007/07/17 12:49:28 pnixon Exp $
#
# Configuration for the Python module.
#
# Where radiusd is a Python module, radiusd.py, and the
# function 'authorize' is called. Here is a dummy piece
# of code:
#
# def authorize(params):
# print params
# return (5, ('Reply-Message', 'banned'))
#
# The RADIUS value-pairs are passed as a tuple of tuple
# pairs as the first argument, e.g. (('attribute1',
# 'value1'), ('attribute2', 'value2'))
#
# The function return is a tuple with the first element
# being the return value of the function.
# The 5 corresponds to RLM_MODULE_USERLOCK. I plan to
# write the return values as Python symbols to avoid
# confusion.
#
# The remaining tuple members are the string form of
# value-pairs which are passed on to pairmake().
#
python {
mod_instantiate = radiusd_test
func_instantiate = instantiate
mod_authorize = radiusd_test
func_authorize = authorize
mod_accounting = radiusd_test
func_accounting = accounting
mod_preacct = radiusd_test
func_preacct = preacct
mod_detach = radiusd_test
func_detach = detach
}
# Configuration for the example module. Uncommenting it will cause it
# to get loaded and initialized, but should have no real effect as long
# it is not referencened in one of the autz/auth/preacct/acct sections
example {
# Boolean variable.
# allowed values: {no, yes}
boolean = yes
# An integer, of any value.
integer = 16
# A string.
string = "This is an example configuration string"
# An IP address, either in dotted quad (1.2.3.4) or hostname
# (example.com)
ipaddr = 127.0.0.1
# A subsection
mysubsection {
anotherinteger = 1000
# They nest
deeply nested {
string = "This is a different string"
}
}
}
#
# To create a dbm users file, do:
#
# cat test.users | rlm_dbm_parser -f /etc/raddb/users_db
#
# Then add 'dbm' in 'authorize' section.
#
# Note that even if the file has a ".db" or ".dbm" extension,
# you may have to specify it here without that extension. This
# is because the DBM libraries "helpfully" add a ".db" to the
# filename, but don't check if it's already there.
#
dbm {
usersfile = ${raddbdir}/users_db
}
#
# Persistent, embedded Perl interpreter.
#
perl {
#
# The Perl script to execute on authorize, authenticate,
# accounting, xlat, etc. This is very similar to using
# Exec-Program-Wait = "/path/foo.pl", but it is persistent,
# and therefore faster.
#
module = /path/to/your/perl_program
#
# The following hashes are given to the module and
# filled with value-pairs (Attribute names and values)
#
# %RAD_REPLY Attributes to go into the reply
# %RAD_REQUEST Attributes from the request
# %RAD_CHECK Check items
#
# Only the %RAD_REPLY hash can be modified.
# All of the other hashes are read only.
#
# The return codes from functions in the perl_script
# are passed directly back to the server. These
# codes are defined in doc/configurable_failover,
# src/include/modules.h (RLM_MODULE_REJECT, etc),
# and are pre-defined in the 'example.pl' program
# which is included.
#
func_accounting = accounting
func_authenticate = authenticate
func_authorize = authorize
func_preacct = preacct
func_checksimul = checksimul
func_xlat = xlat
func_post_auth = post_auth
}
#
# Perform NT-Domain authentication. This only works
# with PAP authentication. That is, Authentication-Request
# packets containing a User-Password attribute.
#
# To use it, add 'smb' into the 'authenticate' section,
# and then in another module (usually the 'users' file),
# set 'Auth-Type := SMB'
#
# WARNING: this module is not only experimental, it's also
# a security threat. It's not recommended to use it until
# it gets fixed.
#
smb {
server = ntdomain.server.example.com
backup = backup.server.example.com
domain = NTDOMAIN
}
# See doc/rlm_fastusers before using this
# module or changing these values.
#
fastusers {
usersfile = ${confdir}/users_fast
hashsize = 1000
compat = no
# Reload the hash every 600 seconds (10mins)
hash_reload = 600
}