1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
|
# -*- text -*-
######################################################################
#
# A virtual server to handle ONLY Status-Server packets.
#
# Server statistics can be queried with a properly formatted
# Status-Server request. See dictionary.freeradius for comments.
#
# If radiusd.conf has "status_server = yes", then any client
# will be able to send a Status-Server packet to any port
# (listen section type "auth", "acct", or "status"), and the
# server will respond.
#
# If radiusd.conf has "status_server = no", then the server will
# ignore Status-Server packets to "auth" and "acct" ports. It
# will respond only if the Status-Server packet is sent to a
# "status" port.
#
# The server statistics are available ONLY on socket of type
# "status". Queries for statistics sent to any other port
# are ignored.
#
# Similarly, a socket of type "status" will not process
# authentication or accounting packets. This is for security.
#
# $Id$
#
######################################################################
server status {
listen {
# ONLY Status-Server is allowed to this port.
# ALL other packets are ignored.
type = status
ipaddr = 127.0.0.1
port = 18121
}
#
# We recommend that you list ONLY management clients here.
# i.e. NOT your NASes or Access Points, and for an ISP,
# DEFINITELY not any RADIUS servers that are proxying packets
# to you.
#
# If you do NOT list a client here, then any client that is
# globally defined (i.e. all of them) will be able to query
# these statistics.
#
# Do you really want your partners seeing the internal details
# of what your RADIUS server is doing?
#
client admin {
ipaddr = 127.0.0.1
secret = adminsecret
}
#
# Simple authorize section. The "Autz-Type Status-Server"
# section will work here, too. See "raddb/sites-available/default".
authorize {
ok
# respond to the Status-Server request.
Autz-Type Status-Server {
ok
}
}
}
# Statistics can be queried via a number of methods:
#
# All packets received/sent by the server (1 = auth, 2 = acct)
# FreeRADIUS-Statistics-Type = 3
#
# All packets proxied by the server (4 = proxy-auth, 8 = proxy-acct)
# FreeRADIUS-Statistics-Type = 12
#
# All packets sent && received:
# FreeRADIUS-Statistics-Type = 15
#
# Internal server statistics:
# FreeRADIUS-Statistics-Type = 16
#
# All packets for a particular client (globally defined)
# FreeRADIUS-Statistics-Type = 35
# FreeRADIUS-Stats-Client-IP-Address = 192.0.2.1
#
# All packets for a client attached to a "listen" ip/port
# FreeRADIUS-Statistics-Type = 35
# FreeRADIUS-Stats-Client-IP-Address = 192.0.2.1
# FreeRADIUS-Stats-Server-IP-Address = 127.0.0.1
# FreeRADIUS-Stats-Server-Port = 1812
#
# All packets for a "listen" IP/port
# FreeRADIUS-Statistics-Type = 67
# FreeRADIUS-Stats-Server-IP-Address = 127.0.0.1
# FreeRADIUS-Stats-Server-Port = 1812
#
# All packets for a home server IP / port
# FreeRADIUS-Statistics-Type = 131
# FreeRADIUS-Stats-Server-IP-Address = 192.0.2.2
# FreeRADIUS-Stats-Server-Port = 1812
#
# You can also get exponentially weighted moving averages of
# response times (in usec) of home servers. Just set the config
# item "historic_average_window" in a home_server section.
#
# By default it is zero (don't calculate it). Useful values
# are between 100, and 10,000. The server will calculate and
# remember the moving average for this window, and for 10 times
# that window.
#
#
# Some of this could have been simplified. e.g. the proxy-auth and
# proxy-acct bits aren't completely necessary. But using them permits
# the server to be queried for ALL inbound && outbound packets at once.
# This gives a good snapshot of what the server is doing.
#
# Due to internal limitations, the statistics might not be exactly up
# to date. Do not expect all of the numbers to add up perfectly.
# The Status-Server packets are also counted in the total requests &&
# responses. The responses are counted only AFTER the response has
# been sent.
#
|