blob: da1a39d21e40635fdef20981aef365b5befa43e1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
|
couchbase {
#
# List of Couchbase hosts (hosts may be space, tab, comma or semi-colon separated).
# Ports are optional if servers are listening on the standard port.
# Complete pool urls are preferred.
#
server = "http://cb01.blargs.com:8091/pools/ http://cb04.blargs.com:8091/pools/"
# Couchbase bucket name
bucket = "radius"
# Couchbase bucket password (optional)
#password = "password"
# Couchbase accounting document key (unlang supported)
acct_key = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}"
# Value for the 'docType' element in the json body for accounting documents
doctype = "radacct"
## Accounting document expire time in seconds (0 = never)
expire = 2592000
#
# Map attribute names to json element names for accounting.
#
# Configuration items are in the format:
# <radius attribute> = '<element name>'
#
# Element names should be single quoted.
#
# Note: Attributes not in this map will not be recorded.
#
update {
Acct-Session-Id = 'sessionId'
Acct-Unique-Session-Id = 'uniqueId'
Acct-Status-Type = 'lastStatus'
Acct-Authentic = 'authentic'
User-Name = 'userName'
Stripped-User-Name = 'strippedUserName'
Stripped-User-Domain = 'strippedUserDomain'
Realm = 'realm'
NAS-IP-Address = 'nasIpAddress'
NAS-Identifier = 'nasIdentifier'
NAS-Port = 'nasPort'
Called-Station-Id = 'calledStationId'
Called-Station-SSID = 'calledStationSSID'
Calling-Station-Id = 'callingStationId'
Framed-Protocol = 'framedProtocol'
Framed-IP-Address = 'framedIpAddress'
NAS-Port-Type = 'nasPortType'
Connect-Info = 'connectInfo'
Acct-Session-Time = 'sessionTime'
Acct-Input-Packets = 'inputPackets'
Acct-Output-Packets = 'outputPackets'
Acct-Input-Octets = 'inputOctets'
Acct-Output-Octets = 'outputOctets'
Acct-Input-Gigawords = 'inputGigawords'
Acct-Output-Gigawords = 'outputGigawords'
Event-Timestamp = 'lastUpdated'
}
# Couchbase document key for user documents (unlang supported)
user_key = "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}"
# Set to 'yes' to read radius clients from the Couchbase view specified below.
# NOTE: Clients will ONLY be read on server startup.
#read_clients = no
#
# Map attribute names to json element names when loading clients.
#
# Configuration follows the same rules as the accounting map above.
#
client {
# Couchbase view that should return all available client documents.
view = "_design/client/_view/by_id"
#
# Sets default values (not obtained from couchbase) for new client entries
#
template {
# login = 'test'
# password = 'test'
# proto = tcp
# require_message_authenticator = yes
# Uncomment to add a home_server with the same
# attributes as the client.
# coa_server {
# response_window = 2.0
# }
}
#
# Client mappings are in the format:
# <client attribute> = '<element name>'
#
# Element names should be single quoted.
#
# The following attributes are required:
# * ipaddr | ipv4addr | ipv6addr - Client IP Address.
# * secret - RADIUS shared secret.
#
# All attributes usually supported in a client
# definition are also supported here.
#
attribute {
ipaddr = 'clientIdentifier'
secret = 'clientSecret'
shortname = 'clientShortname'
nas_type = 'nasType'
virtual_server = 'virtualServer'
require_message_authenticator = 'requireMessageAuthenticator'
limit {
max_connections = 'maxConnections'
lifetime = 'clientLifetime'
idle_timeout = 'idleTimeout'
}
}
}
# Set to 'yes' to enable simultaneous use checking (multiple logins).
# NOTE: This will cause the execution of a view request on every check
# and may be a performance penalty.
# check_simul = no
# Couchbase view that should return all account documents keyed by username.
# simul_view = "_design/acct/_view/by_user"
# The key to the above view.
# NOTE: This will need to match EXACTLY what you emit from your view.
# simul_vkey = "%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}"
# Set to 'yes' to enable verification of the results returned from the above view.
# NOTE: This may be an additional performance penalty to the actual check and
# should be avoided unless absolutely neccessary.
# verify_simul = no
# Remove stale session if checkrad does not see a double login.
# NOTE: This will only be executed if both check_simul and verify_simul
# are set to 'yes' above.
# delete_stale_sessions = yes
#
# The connection pool is used to pool outgoing connections.
#
pool {
# Connections to create during module instantiation.
# If the server cannot create specified number of
# connections during instantiation it will exit.
# Set to 0 to allow the server to start without the
# couchbase being available.
start = ${thread[pool].start_servers}
# Minimum number of connections to keep open
min = ${thread[pool].min_spare_servers}
# Maximum number of connections
#
# If these connections are all in use and a new one
# is requested, the request will NOT get a connection.
#
# Setting 'max' to LESS than the number of threads means
# that some threads may starve, and you will see errors
# like 'No connections available and at max connection limit'
#
# Setting 'max' to MORE than the number of threads means
# that there are more connections than necessary.
max = ${thread[pool].max_servers}
# Spare connections to be left idle
#
# NOTE: Idle connections WILL be closed if "idle_timeout"
# is set. This should be less than or equal to "max" above.
spare = ${thread[pool].max_spare_servers}
# Number of uses before the connection is closed
#
# 0 means "infinite"
uses = 0
# The lifetime (in seconds) of the connection
#
# NOTE: A setting of 0 means infinite (no limit).
lifetime = 0
# The idle timeout (in seconds). A connection which is
# unused for this length of time will be closed.
#
# NOTE: A setting of 0 means infinite (no timeout).
idle_timeout = 1200
# NOTE: All configuration settings are enforced. If a
# connection is closed because of "idle_timeout",
# "uses", or "lifetime", then the total number of
# connections MAY fall below "min". When that
# happens, it will open a new connection. It will
# also log a WARNING message.
#
# The solution is to either lower the "min" connections,
# or increase lifetime/idle_timeout.
}
}
|