diff options
Diffstat (limited to '')
-rw-r--r-- | raddb/mods-available/couchbase | 204 |
1 files changed, 204 insertions, 0 deletions
diff --git a/raddb/mods-available/couchbase b/raddb/mods-available/couchbase new file mode 100644 index 0000000..da1a39d --- /dev/null +++ b/raddb/mods-available/couchbase @@ -0,0 +1,204 @@ +couchbase { + # + # List of Couchbase hosts (hosts may be space, tab, comma or semi-colon separated). + # Ports are optional if servers are listening on the standard port. + # Complete pool urls are preferred. + # + server = "http://cb01.blargs.com:8091/pools/ http://cb04.blargs.com:8091/pools/" + + # Couchbase bucket name + bucket = "radius" + + # Couchbase bucket password (optional) + #password = "password" + + # Couchbase accounting document key (unlang supported) + acct_key = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" + + # Value for the 'docType' element in the json body for accounting documents + doctype = "radacct" + + ## Accounting document expire time in seconds (0 = never) + expire = 2592000 + + # + # Map attribute names to json element names for accounting. + # + # Configuration items are in the format: + # <radius attribute> = '<element name>' + # + # Element names should be single quoted. + # + # Note: Attributes not in this map will not be recorded. + # + update { + Acct-Session-Id = 'sessionId' + Acct-Unique-Session-Id = 'uniqueId' + Acct-Status-Type = 'lastStatus' + Acct-Authentic = 'authentic' + User-Name = 'userName' + Stripped-User-Name = 'strippedUserName' + Stripped-User-Domain = 'strippedUserDomain' + Realm = 'realm' + NAS-IP-Address = 'nasIpAddress' + NAS-Identifier = 'nasIdentifier' + NAS-Port = 'nasPort' + Called-Station-Id = 'calledStationId' + Called-Station-SSID = 'calledStationSSID' + Calling-Station-Id = 'callingStationId' + Framed-Protocol = 'framedProtocol' + Framed-IP-Address = 'framedIpAddress' + NAS-Port-Type = 'nasPortType' + Connect-Info = 'connectInfo' + Acct-Session-Time = 'sessionTime' + Acct-Input-Packets = 'inputPackets' + Acct-Output-Packets = 'outputPackets' + Acct-Input-Octets = 'inputOctets' + Acct-Output-Octets = 'outputOctets' + Acct-Input-Gigawords = 'inputGigawords' + Acct-Output-Gigawords = 'outputGigawords' + Event-Timestamp = 'lastUpdated' + } + + # Couchbase document key for user documents (unlang supported) + user_key = "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}" + + # Set to 'yes' to read radius clients from the Couchbase view specified below. + # NOTE: Clients will ONLY be read on server startup. + #read_clients = no + + # + # Map attribute names to json element names when loading clients. + # + # Configuration follows the same rules as the accounting map above. + # + client { + # Couchbase view that should return all available client documents. + view = "_design/client/_view/by_id" + + # + # Sets default values (not obtained from couchbase) for new client entries + # + template { +# login = 'test' +# password = 'test' +# proto = tcp +# require_message_authenticator = yes + + # Uncomment to add a home_server with the same + # attributes as the client. +# coa_server { +# response_window = 2.0 +# } + } + + # + # Client mappings are in the format: + # <client attribute> = '<element name>' + # + # Element names should be single quoted. + # + # The following attributes are required: + # * ipaddr | ipv4addr | ipv6addr - Client IP Address. + # * secret - RADIUS shared secret. + # + # All attributes usually supported in a client + # definition are also supported here. + # + attribute { + ipaddr = 'clientIdentifier' + secret = 'clientSecret' + shortname = 'clientShortname' + nas_type = 'nasType' + virtual_server = 'virtualServer' + require_message_authenticator = 'requireMessageAuthenticator' + limit { + max_connections = 'maxConnections' + lifetime = 'clientLifetime' + idle_timeout = 'idleTimeout' + } + } + } + + # Set to 'yes' to enable simultaneous use checking (multiple logins). + # NOTE: This will cause the execution of a view request on every check + # and may be a performance penalty. +# check_simul = no + + # Couchbase view that should return all account documents keyed by username. +# simul_view = "_design/acct/_view/by_user" + + # The key to the above view. + # NOTE: This will need to match EXACTLY what you emit from your view. +# simul_vkey = "%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}" + + # Set to 'yes' to enable verification of the results returned from the above view. + # NOTE: This may be an additional performance penalty to the actual check and + # should be avoided unless absolutely neccessary. +# verify_simul = no + + # Remove stale session if checkrad does not see a double login. + # NOTE: This will only be executed if both check_simul and verify_simul + # are set to 'yes' above. +# delete_stale_sessions = yes + + # + # The connection pool is used to pool outgoing connections. + # + pool { + # Connections to create during module instantiation. + # If the server cannot create specified number of + # connections during instantiation it will exit. + # Set to 0 to allow the server to start without the + # couchbase being available. + start = ${thread[pool].start_servers} + + # Minimum number of connections to keep open + min = ${thread[pool].min_spare_servers} + + # Maximum number of connections + # + # If these connections are all in use and a new one + # is requested, the request will NOT get a connection. + # + # Setting 'max' to LESS than the number of threads means + # that some threads may starve, and you will see errors + # like 'No connections available and at max connection limit' + # + # Setting 'max' to MORE than the number of threads means + # that there are more connections than necessary. + max = ${thread[pool].max_servers} + + # Spare connections to be left idle + # + # NOTE: Idle connections WILL be closed if "idle_timeout" + # is set. This should be less than or equal to "max" above. + spare = ${thread[pool].max_spare_servers} + + # Number of uses before the connection is closed + # + # 0 means "infinite" + uses = 0 + + # The lifetime (in seconds) of the connection + # + # NOTE: A setting of 0 means infinite (no limit). + lifetime = 0 + + # The idle timeout (in seconds). A connection which is + # unused for this length of time will be closed. + # + # NOTE: A setting of 0 means infinite (no timeout). + idle_timeout = 1200 + + # NOTE: All configuration settings are enforced. If a + # connection is closed because of "idle_timeout", + # "uses", or "lifetime", then the total number of + # connections MAY fall below "min". When that + # happens, it will open a new connection. It will + # also log a WARNING message. + # + # The solution is to either lower the "min" connections, + # or increase lifetime/idle_timeout. + } +} |