# -*- text -*- # # test configuration file. Do not install. # # $Id$ # # # Minimal radiusd.conf for testing # top_srcdir = $ENV{TOP_SRCDIR} testdir = $ENV{TESTDIR} output = ${top_srcdir}/$ENV{OUTPUT} run_dir = ${output} raddb = raddb pidfile = ${run_dir}/radiusd.pid panic_action = "gdb -batch -x src/tests/panic.gdb %e %p > ${run_dir}/gdb.log 2>&1; cat ${run_dir}/gdb.log" maindir = ${raddb} radacctdir = ${run_dir}/radacct modconfdir = ${maindir}/mods-config certdir = ${maindir}/certs cadir = ${maindir}/certs test_port = $ENV{TEST_PORT} client docnet { ipaddr = 192.0.2.1 secret = testing123123 } # Only for testing! # Setting this on a production system is a BAD IDEA. security { allow_vulnerable_openssl = yes } policy { files.authorize { if (&User-Name == "bob") { update control { &Password.Cleartext := "hello" } } } $INCLUDE ${maindir}/policy.d/ } modules { expr { } sql { driver = "rlm_sql_sqlite" dialect = "sqlite" sqlite { # Path to the sqlite database filename = "$ENV{SQL_NASTABLE_DB}" # How long to wait for write locks on the database to be # released (in ms) before giving up. busy_timeout = 200 # The bootstrap is handled by src/tests/sql_nas_table/all.mk } radius_db = "radius" acct_table1 = "radacct" acct_table2 = "radacct" postauth_table = "radpostauth" authcheck_table = "radcheck" groupcheck_table = "radgroupcheck" authreply_table = "radreply" groupreply_table = "radgroupreply" usergroup_table = "radusergroup" read_groups = yes read_profiles = yes # Set to 'yes' to read radius clients from the database ('nas' table) # Clients will ONLY be read on server startup. read_clients = yes # Table to keep radius client info client_table = "nas" # The group attribute specific to this instance of rlm_sql group_attribute = "SQL-Group" # Read database-specific queries $INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf } always reject { rcode = reject } always fail { rcode = fail } always ok { rcode = ok } always handled { rcode = handled } always invalid { rcode = invalid } always notfound { rcode = notfound } always noop { rcode = noop } always updated { rcode = updated } } # # This virtual server is chosen for processing requests when using: # # radiusd -Xd src/tests/ -i 127.0.0.1 -p 12340 -n test # server extra { listen { ipaddr = 127.0.0.1 port = ${test_port} type = auth } authorize { if (&User-Name == "bob") { accept } else { reject } } authenticate { } }