Commit 36f1a92c authored by venaas's avatar venaas Committed by venaas

updated config examples and README

git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@86 e88ac4ed-0b26-0410-9574-a7f39faa03bf
parent cb9e63ae
......@@ -2,14 +2,12 @@ This is a beta version of a generic RADIUS proxy that can support
various RADIUS clients over UDP or TLS (RadSec).
It should build on most Linux and BSD platforms by simply typing
"make". To use it you need to create three config files. These
are the main config file "radsecproxy.conf" and server and client
files "servers.conf" and "clients.conf". See the enclosed example
files for further instructions.
The config files must be in either "/etc/radsecproxy" or the
proxy's current work directory. You may alter the path near
the top of radsecproxy.h if necessary.
"make". To use it you need to create a config file called
"radsecproxy.conf" which must be in /etc/radsecproxy (unless
you alter it in the header file), the current directory, or
you can specify the location with the "-c" command line
option (see below). See the enclosed example file for further
instructions.
There are three options that may be specified on the command line.
"-c configfile" to specify a non-default config file path;
......@@ -20,4 +18,4 @@ log to syslog.
For more information, feedback etc. contact <venaas@uninett.no>.
Stig Venaas, 2007.05.14
Stig Venaas, 2007.05.15
#Here we list RADIUS clients that we are willing to serve
# this file must be in /etc/radsecproxy or proxy's current directory
#
#First field is T or U for TLS or UDP
#Second is address or fqdn, and must match certificate cn for TLS
#Third field is the secret and is optional for TLS
T 2001:db8::1
U 127.0.0.1 secret
T radius.example.com verysecret
......@@ -448,12 +448,12 @@ void tlsconnect(struct server *server, struct timeval *when, char *text) {
sleep(10);
} else if (elapsed < 5)
sleep(10);
else if (elapsed < 600) {
else if (elapsed < 300) {
debug(DBG_INFO, "tlsconnect: sleeping %lds", elapsed);
sleep(elapsed);
} else if (elapsed < 1000) {
debug(DBG_INFO, "tlsconnect: sleeping %ds", 900);
sleep(900);
} else if (elapsed < 100000) {
debug(DBG_INFO, "tlsconnect: sleeping %ds", 600);
sleep(600);
} else
server->lastconnecttry.tv_sec = now.tv_sec; /* no sleep at startup */
debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->peer.host, server->peer.port);
......
......@@ -28,3 +28,52 @@ TLSCertificateKeyPassword follow the white rabbit
# LOG_LOCAL0, ..., LOG_LOCAL7
#LogDestination x-syslog://
#LogDestination x-syslog://log_local2
#Now we configure clients, servers and realms. Note that these and
#also the lines above may be in any order, except that a realm
#can only be configured to use a server that is previously configured.
client 2001:db8::1 {
type tls
secret verysecret
}
client 127.0.0.1 {
type udp
secret secret
}
client radius.example.com {
type TLS
# secret is optional for TLS
}
server 127.0.0.1 {
type UDP
secret secret
}
realm eduroam.cc {
server 127.0.0.1
}
server 2001:db8::1 {
type TLS
port 2283
# secret is optional for TLS
}
server radius.example.com {
type tls
secret verysecret
}
realm example.com {
server 2001:db8::1
}
realm com {
server 2001:db8::1
}
# Matching of realms is done in the order specified.
# Except * which is a catch all that is used as a last resort
# The matching is going to be changed to be regexp of the
# entire username value
realm * {
server radius.example.com
}
#Here we list RADIUS servers we will use for different realms
# this file must be in /etc/radsecproxy or proxy's current directory
#
#First field is T or U for TLS or UDP
#Second is address or fqdn and optional port, must match certificate cn for TLS
# port is specified using addr:port or domain:port
#Third field is ";" separated list of realms
# * can be used for matching anything (default route)
# realms will be matched in the order specified, using first match
#Fourth field is the secret and is optional for TLS
T [2001:db8::1]:2283 example.com;com
U 127.0.0.1 eduroam.cc secret
T radius.example.com * verysecret
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment