blob: 16513bbc9a7a8cbc6b74d86a1d57b8aff143cf72 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
|
# -*- text -*-
#
# test configuration file. Do not install.
#
# $Id$
#
#
# Minimal radiusd.conf for testing
#
top_srcdir = $ENV{TOP_SRCDIR}
testdir = $ENV{TESTDIR}
output = ${top_srcdir}/$ENV{OUTPUT}
run_dir = ${output}
raddb = raddb
pidfile = ${run_dir}/radiusd.pid
panic_action = "gdb -batch -x src/tests/panic.gdb %e %p > ${run_dir}/gdb.log 2>&1; cat ${run_dir}/gdb.log"
maindir = ${raddb}
radacctdir = ${run_dir}/radacct
modconfdir = ${maindir}/mods-config
certdir = ${maindir}/certs
cadir = ${maindir}/certs
test_port = $ENV{TEST_PORT}
client docnet {
ipaddr = 192.0.2.1
secret = testing123123
}
# Only for testing!
# Setting this on a production system is a BAD IDEA.
security {
allow_vulnerable_openssl = yes
}
policy {
files.authorize {
if (&User-Name == "bob") {
update control {
&Password.Cleartext := "hello"
}
}
}
$INCLUDE ${maindir}/policy.d/
}
modules {
expr {
}
sql {
driver = "rlm_sql_sqlite"
dialect = "sqlite"
sqlite {
# Path to the sqlite database
filename = "$ENV{SQL_NASTABLE_DB}"
# How long to wait for write locks on the database to be
# released (in ms) before giving up.
busy_timeout = 200
# The bootstrap is handled by src/tests/sql_nas_table/all.mk
}
radius_db = "radius"
acct_table1 = "radacct"
acct_table2 = "radacct"
postauth_table = "radpostauth"
authcheck_table = "radcheck"
groupcheck_table = "radgroupcheck"
authreply_table = "radreply"
groupreply_table = "radgroupreply"
usergroup_table = "radusergroup"
read_groups = yes
read_profiles = yes
# Set to 'yes' to read radius clients from the database ('nas' table)
# Clients will ONLY be read on server startup.
read_clients = yes
# Table to keep radius client info
client_table = "nas"
# The group attribute specific to this instance of rlm_sql
group_attribute = "SQL-Group"
# Read database-specific queries
$INCLUDE ${modconfdir}/${.:name}/main/${dialect}/queries.conf
}
always reject {
rcode = reject
}
always fail {
rcode = fail
}
always ok {
rcode = ok
}
always handled {
rcode = handled
}
always invalid {
rcode = invalid
}
always notfound {
rcode = notfound
}
always noop {
rcode = noop
}
always updated {
rcode = updated
}
}
#
# This virtual server is chosen for processing requests when using:
#
# radiusd -Xd src/tests/ -i 127.0.0.1 -p 12340 -n test
#
server extra {
listen {
ipaddr = 127.0.0.1
port = ${test_port}
type = auth
}
authorize {
if (&User-Name == "bob") {
accept
} else {
reject
}
}
authenticate {
}
}
|
