1 # General settings 2 3 # specify which authentication comes first respectively which 4 # authentication is used. possible values are: "radius" and "local". 5 # if you specify "radius,local" then the RADIUS server is asked 6 # first then the local one. if only one keyword is specified only 7 # this server is asked. 8 auth_order radius 9 10 # maximum login tries a user has (default 4) 11 login_tries 4 12 13 # timeout for all login tries (default 60) 14 # if this time is exceeded the user is kicked out 15 login_timeout 60 16 17 # name of the nologin file which when it exists disables logins. 18 # it may be extended by the ttyname which will result in 19 # a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable 20 # logins on /dev/ttyS2) (default /etc/nologin) 21 nologin /etc/nologin 22 23 # name of the issue file. it's only display when no username is passed 24 # on the radlogin command line (default /etc/radiusclient/issue) 25 issue @pkgsysconfdir@/issue 26 27 # RADIUS settings 28 29 # RADIUS server to use for authentication requests. this config 30 # item can appear more then one time. if multiple servers are 31 # defined they are tried in a round robin fashion if one 32 # server is not answering. 33 # optionally you can specify a the port number on which is remote 34 # RADIUS listens separated by a colon from the hostname. if 35 # no port is specified /etc/services is consulted of the radius 36 # service. if this fails also a compiled in default is used. 37 authserver localhost:1812 38 39 # RADIUS server to use for accouting requests. All that I 40 # said for authserver applies, too. 41 # 42 acctserver localhost:1813 43 44 # file holding shared secrets used for the communication 45 # between the RADIUS client and server 46 servers @pkgsysconfdir@/servers 47 48 # dictionary of allowed attributes and values 49 # just like in the normal RADIUS distributions 50 dictionary @pkgsysconfdir@/dictionary 51 52 # program to call for a RADIUS authenticated login 53 # (default /usr/sbin/login.radius) 54 login_radius @sbindir@/login.radius 55 56 # file which holds sequence number for communication with the 57 # RADIUS server 58 seqfile /var/run/radius.seq 59 60 # file which specifies mapping between ttyname and NAS-Port attribute 61 mapfile @pkgsysconfdir@/port-id-map 62 63 # default authentication realm to append to all usernames if no 64 # realm was explicitly specified by the user 65 # the radiusd directly form Livingston doesnt use any realms, so leave 66 # it blank then 67 default_realm 68 69 # time to wait for a reply from the RADIUS server 70 radius_timeout 10 71 72 # resend request this many times before trying the next server 73 radius_retries 3 74 75 # NAS-Identifier 76 # 77 # If supplied, this option will cause the client to send the given string 78 # as the contents of the NAS-Identifier attribute in RADIUS requests. No 79 # NAS-IP-Address attribute will be sent in this case. 80 # 81 # The default behavior is to send a NAS-IP-Address option and not send 82 # a NAS-Identifier. The value of the NAS-IP-Address option is chosen 83 # by resolving the system hostname. 84 85 # nas_identifier MyUniqueNASName 86 87 # LOCAL settings 88 89 # program to execute for local login 90 # it must support the -f flag for preauthenticated login 91 login_local /bin/login 92
