couchbase { # # List of Couchbase hosts (hosts may be space, tab, comma or semi-colon separated). # Ports are optional if servers are listening on the standard port. # Complete pool urls are preferred. # server = "http://cb01.blargs.com:8091/pools/ http://cb04.blargs.com:8091/pools/" # Couchbase bucket name bucket = "radius" # Couchbase bucket password (optional) #password = "password" # Couchbase accounting document key (unlang supported) acct_key = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}" # Value for the 'docType' element in the json body for accounting documents doctype = "radacct" ## Accounting document expire time in seconds (0 = never) expire = 2592000 # # Map attribute names to json element names for accounting. # # Configuration items are in the format: # = '' # # Element names should be single quoted. # # Note: Attributes not in this map will not be recorded. # update { Acct-Session-Id = 'sessionId' Acct-Unique-Session-Id = 'uniqueId' Acct-Status-Type = 'lastStatus' Acct-Authentic = 'authentic' User-Name = 'userName' Stripped-User-Name = 'strippedUserName' Stripped-User-Domain = 'strippedUserDomain' Realm = 'realm' NAS-IP-Address = 'nasIpAddress' NAS-Identifier = 'nasIdentifier' NAS-Port = 'nasPort' Called-Station-Id = 'calledStationId' Called-Station-SSID = 'calledStationSSID' Calling-Station-Id = 'callingStationId' Framed-Protocol = 'framedProtocol' Framed-IP-Address = 'framedIpAddress' NAS-Port-Type = 'nasPortType' Connect-Info = 'connectInfo' Acct-Session-Time = 'sessionTime' Acct-Input-Packets = 'inputPackets' Acct-Output-Packets = 'outputPackets' Acct-Input-Octets = 'inputOctets' Acct-Output-Octets = 'outputOctets' Acct-Input-Gigawords = 'inputGigawords' Acct-Output-Gigawords = 'outputGigawords' Event-Timestamp = 'lastUpdated' } # Couchbase document key for user documents (unlang supported) user_key = "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}" # Set to 'yes' to read radius clients from the Couchbase view specified below. # NOTE: Clients will ONLY be read on server startup. #read_clients = no # # Map attribute names to json element names when loading clients. # # Configuration follows the same rules as the accounting map above. # client { # Couchbase view that should return all available client documents. view = "_design/client/_view/by_id" # # Sets default values (not obtained from couchbase) for new client entries # template { # login = 'test' # password = 'test' # proto = tcp # require_message_authenticator = yes # Uncomment to add a home_server with the same # attributes as the client. # coa_server { # response_window = 2.0 # } } # # Client mappings are in the format: # = '' # # Element names should be single quoted. # # The following attributes are required: # * ipaddr | ipv4addr | ipv6addr - Client IP Address. # * secret - RADIUS shared secret. # # All attributes usually supported in a client # definition are also supported here. # attribute { ipaddr = 'clientIdentifier' secret = 'clientSecret' shortname = 'clientShortname' nas_type = 'nasType' virtual_server = 'virtualServer' require_message_authenticator = 'requireMessageAuthenticator' limit { max_connections = 'maxConnections' lifetime = 'clientLifetime' idle_timeout = 'idleTimeout' } } } # Set to 'yes' to enable simultaneous use checking (multiple logins). # NOTE: This will cause the execution of a view request on every check # and may be a performance penalty. # check_simul = no # Couchbase view that should return all account documents keyed by username. # simul_view = "_design/acct/_view/by_user" # The key to the above view. # NOTE: This will need to match EXACTLY what you emit from your view. # simul_vkey = "%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}" # Set to 'yes' to enable verification of the results returned from the above view. # NOTE: This may be an additional performance penalty to the actual check and # should be avoided unless absolutely neccessary. # verify_simul = no # Remove stale session if checkrad does not see a double login. # NOTE: This will only be executed if both check_simul and verify_simul # are set to 'yes' above. # delete_stale_sessions = yes # # The connection pool is used to pool outgoing connections. # pool { # Connections to create during module instantiation. # If the server cannot create specified number of # connections during instantiation it will exit. # Set to 0 to allow the server to start without the # couchbase being available. start = ${thread[pool].start_servers} # Minimum number of connections to keep open min = ${thread[pool].min_spare_servers} # Maximum number of connections # # If these connections are all in use and a new one # is requested, the request will NOT get a connection. # # Setting 'max' to LESS than the number of threads means # that some threads may starve, and you will see errors # like 'No connections available and at max connection limit' # # Setting 'max' to MORE than the number of threads means # that there are more connections than necessary. max = ${thread[pool].max_servers} # Spare connections to be left idle # # NOTE: Idle connections WILL be closed if "idle_timeout" # is set. This should be less than or equal to "max" above. spare = ${thread[pool].max_spare_servers} # Number of uses before the connection is closed # # 0 means "infinite" uses = 0 # The lifetime (in seconds) of the connection # # NOTE: A setting of 0 means infinite (no limit). lifetime = 0 # The idle timeout (in seconds). A connection which is # unused for this length of time will be closed. # # NOTE: A setting of 0 means infinite (no timeout). idle_timeout = 1200 # NOTE: All configuration settings are enforced. If a # connection is closed because of "idle_timeout", # "uses", or "lifetime", then the total number of # connections MAY fall below "min". When that # happens, it will open a new connection. It will # also log a WARNING message. # # The solution is to either lower the "min" connections, # or increase lifetime/idle_timeout. } }