Subversion Repositories ALCASAR

Rev

Rev 1831 | Go to most recent revision | Details | Last modification | View Log

Rev Author Line No. Line
1805 clement.si 1
#
2
# Main Configuration File
3
#
4
# it can be default or whatever language. Only greek are supported
5
# from non latin alphabet languages
6
# These attribute only apply for ldap not for sql
7
#
8
general_prefered_lang: en
9
general_prefered_lang_name: English
10
#
11
# The charset which will be added as a meta tag in all pages
12
#
13
general_charset: utf-8
14
#
15
# Uncomment this if normal attributes (not the ;lang-xx ones) in ldap
16
# are utf8 encoded.
17
#
18
#general_decode_normal_attributes: yes
19
#
20
# The directory where dialupadmin is installed
21
#
22
general_base_dir: /usr/share/freeradius-web
23
#
24
# The base directory of the freeradius radius installation
25
#
26
general_radiusd_base_dir: /usr
27
general_domain: localdomain
28
#
29
# Set it to yes to use sessions and cache the various mappings
30
# You can also set use_session = 1 in config.php to also cache
31
# the admin.conf
32
#
33
# ---- IMPORTANT -- IMPORTANT -- IMPORTANT ----
34
#Remember to use the 'Clear Cache' page if you use sessions and do any changes
35
#in any of the configuration files.
36
#
37
general_use_session: no
38
#
39
# This is used by the failed logins page. It states the default back time
40
# in minutes.
41
#
42
general_most_recent_fl: 30
43
 
44
#
45
# Realm setup
46
#
47
# Set general_strip_realms to yes in order  to stip realms from usernames.
48
# By default realms are not striped
49
#general_strip_realms: yes
50
#
51
# The delimiter used  in realms. Default is @
52
#
53
general_realm_delimiter: @
54
#
55
# The format of the realms. Can be either suffix (realm is after the username)
56
# or prefix (realm is before the username). Default is suffix
57
#
58
general_realm_format: suffix
59
#
60
 
61
#
62
# Determines if the administrator will be able to see and change the user password through
63
# the user edit page
64
general_show_user_password: yes
65
 
66
general_raddb_dir: /etc/raddb
67
general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap
68
# Need to fix admin.conf file parser
69
#general_clients_conf: %{general_raddb_dir}/clients.conf
70
general_clients_conf: /etc/raddb/clients.conf
71
general_sql_attrmap: /etc/freeradius-web/sql.attrmap
72
general_accounting_attrs_file: /etc/freeradius-web/accounting.attrs
73
general_extra_ldap_attrmap: /etc/freeradius-web/extra.ldap-attrmap
74
general_username_mappings_file: /etc/freeradius-web/username.mappings
75
#
76
# it can be either ldap or sql
77
# This affects the user base not accounting. Accounting is always in sql
78
#
79
general_lib_type: sql
80
#
81
# Define which attributes will be visible in the user edit page
82
#
83
general_user_edit_attrs_file: /etc/freeradius-web/user_edit.attrs
84
#
85
# Used by the Accounting Report Generator
86
#
87
general_sql_attrs_file: /etc/freeradius-web/sql.attrs
88
#
89
# Set default values for various attributes
90
#
91
general_default_file: /etc/freeradius-web/default.vals
92
#general_ld_library_path: /usr/local/snmpd/lib
93
#
94
# can be 'snmp' (for snmpfinger) or empty to query the radacct table without first
95
# querying the nas
96
# This is used by the online users page
97
#
98
# general_finger_type: snmp
99
#
100
# Defines the nas type. This is only used by snmpfinger
101
# cisco, usrhiper and lucent are supported for now
102
#
103
general_nas_type: cisco
104
general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger
105
#
106
# Used by the 'Disconnect User' button in the Clear Open Sessions page
107
# Uses the Cisco AAA Session MIB or a telnet session
108
#
109
general_sessionclear_bin: %{general_base_dir}/bin/clearsession
110
#
111
# Can be one of telnet or snmp
112
#
113
general_sessionclear_method: snmp
114
general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient
115
#
116
# this information is used from the server check page
117
#
118
general_test_account_login: test
119
general_test_account_password: testpass
120
#
121
# These are used as default values for the user test page
122
#
123
general_radius_server: localhost
124
general_radius_server_port: 1812
125
#
126
# can be either pap or chap
127
#
128
general_radius_server_auth_proto: pap
129
#
130
# sorry, single valued for now. Should become something like
131
# password[server-name]: xxxxx
132
#
133
general_radius_server_secret: XXXXXX
134
general_auth_request_file: /etc/freeradius-web/auth.request
135
#
136
# can be one of crypt,md5,clear
137
#
138
general_encryption_method: crypt
139
#
140
# can be either asc (older dates first) or desc (recent dates first)
141
# This is used in the user accounting and badusers pages
142
#
143
general_accounting_info_order: desc
144
#
145
# Use the totacct table in the user statistics page instead of the radacct
146
# table. That will make the page run quicker. totacct should have data for
147
# this to work :-)
148
#
149
general_stats_use_totacct: yes
150
#
151
# If set to yes then we only allow each administrator to examine it's own entries
152
# in the badusers table
153
#
154
general_restrict_badusers_access: no
155
#
156
# If set to yes then we restrict access to the nas administration page only to those
157
# users which are allowed by their username mapping (nasadmin is set to yes)
158
#
159
general_restrict_nasadmin_access: no
160
 
161
 
162
INCLUDE: /etc/freeradius-web/naslist.conf
163
 
164
INCLUDE: /etc/freeradius-web/captions.conf
165
 
166
#
167
# The ldap server to connect to.
168
# Both ldap_server and ldap_write_server can be a space-separated
169
# list of ldap hostnames. In that case the library will try to connect
170
# to the servers in the order that they appear. If the first host is down
171
# ldap_connect will ask for the second ldap host and so on.
172
#
173
ldap_server: ldap.%{general_domain}
174
#
175
# There are many cases where we have a small write master and
176
# a lot of fast read only replicas. If that is the case uncomment
177
# ldap_write_server and point it to the write master. It will be
178
# used only when writing to the directory, not when reading
179
#
180
#ldap_write_server: master.%{general_domain}
181
ldap_base: dc=company,dc=com
182
ldap_binddn: cn=Directory Manager
183
ldap_bindpw: XXXXXXX
184
ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}
185
ldap_default_dn: uid=default-dialup,%{ldap_base}
186
ldap_regular_profile_attr: dialupregularprofile
187
#
188
# If set to yes then the HTTP credentials (http authentication)
189
# will be used to bind to the ldap server instead of ldap_binddn
190
# and ldap_bindpw. That way multiple admins with different rights
191
# on the ldap database can connect through one dialup_admin interface.
192
# The ldap_binddn and ldap_bindpw are still needed to find the DN
193
# to bind with (http authentication will only provide us with a
194
# username). As a result the ldap_binddn should be able to do a search
195
# with a filter of (uid=<username>). Normally, the anonymous (empty DN)
196
# user can do that.
197
#ldap_use_http_credentials: yes
198
#
199
# If we are using http credentials we can map a specific username to the
200
# directory manager (which usually does not correspond to a specific username)
201
#
202
#ldap_directory_manager: cn=Directory Manager
203
#ldap_map_to_directory_manager: admin
204
#
205
# Uncomment to enable ldap debug
206
#
207
ldap_debug: true
208
#
209
# Allow for defining the ldap filter used when searching for a user
210
# Variables supported:
211
# %u: username
212
# %U: username provided though http authentication
213
# %mu: mappings for userdb
214
# %ma: mappings for accounting
215
# %mn: mappings for nasdb
216
# %mN: mappings for nas administration
217
#
218
# One use of this would be to restrict access to only the user's belonging to
219
# a specific administrator like this:
220
# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))
221
#
222
#ldap_filter: (uid=%u)
223
#
224
# If ldap_userdn is set then we use that for user dns, we don't perform an ldap
225
# search. This can be somewhat faster. The variables supported for ldap_filter
226
# are also supported here
227
#
228
#ldap_userdn: uid=%u,%{ldap_base}
229
 
230
 
231
#
232
# can be one of mysql,pg,oracle,sqlrelay where:
233
# mysq: MySQL database (port 3306)
234
# pg: PostgreSQL database (port 5432)
235
# oracle: Oracle database (port 1521)
236
# sqlrelay: SQL Relay
237
#
238
sql_type: mysql
239
sql_server: localhost
240
sql_port: 3306
241
sql_username: radius
242
sql_password: KS3ShPIP
243
sql_database: radius
244
sql_accounting_table: radacct
245
sql_badusers_table: badusers
246
sql_check_table: radcheck
247
sql_reply_table: radreply
248
sql_user_info_table: userinfo
249
sql_groupcheck_table: radgroupcheck
250
sql_groupreply_table: radgroupreply
251
sql_usergroup_table: radusergroup
252
sql_total_accounting_table: totacct
253
sql_nas_table: nas
254
#
255
# If set to true then we show all the available groups with the groups
256
# that the user is a member of highlighted in the user edit page.
257
# Otherwise we only show the groups he is a member of.
258
sql_show_all_groups: true
259
#
260
# This variable is used by the scripts in the bin folder
261
# It should contain the path to the sql binary used to run
262
# sql commands (mysql, psql, oracle and sqlrelay are only supported for now)
263
sql_command: /usr/bin/mysql
264
#sql_command: /usr/bin/psql
265
#sql_command: /usr/bin/sqlplus
266
#
267
# This variable is used by the scripts in the bin folder
268
# It should contain the snmp type and  path to the binary 
269
# used to run snmp commands. 
270
# (ucd = UCD-Snmp and net = Net-Snmp are only supported for now)
271
general_snmp_type: net
272
general_snmpwalk_command: /usr/bin/snmpwalk
273
general_snmpget_command: /usr/bin/snmpget
274
#
275
# Uncomment to enable sql debug
276
#
277
sql_debug: false
278
#
279
# If set to yes then the HTTP credentials (http authentication)
280
# will be used to connect to the sql server instead of sql_username
281
# and sql_password. That way multiple admins with different rights
282
# on the sql database can connect through one dialup_admin interface.
283
#sql_use_http_credentials: yes
284
#
285
# If set the query will be added to all of the queries on the accounting
286
# table
287
# Variables supported:
288
# %u: username
289
# %U: username provided though http authentication
290
# %mu: mappings for userdb
291
# %ma: mappings for accounting
292
# %mn: mappings for nasdb
293
# %mN: mappings for nas administration
294
#sql_accounting_extra_query: %ma
295
 
296
 
297
#
298
# true or false
299
#
300
sql_use_user_info_table: true
301
sql_use_operators: true
302
#
303
# Set this to the value of the default_user_profile in your
304
# sql.conf if that one is set. If it is not set leave blank
305
# or commented out
306
#sql_default_user_profile: DEFAULT
307
#
308
#
309
sql_password_attribute: Crypt-Password
310
sql_date_format: Y-m-d
311
sql_full_date_format: Y-m-d H:i:s
312
#
313
# Used in the accounting report generator so that we
314
# don't return too many results
315
#
316
sql_row_limit: 40
317
#
318
# These options are used by the log_badlogins script and by the
319
# mysql driver
320
#
321
# Set the sql connect timeout (secs)
322
sql_connect_timeout: 3
323
# Give a space separated list of extra mysql servers to connect to when
324
# logging bad logins or adding users in the badusers table
325
#sql_extra_servers: sql2.company.com sql3.company.com
326
 
327
#
328
# Default values for the various user limits in case the counter module
329
# is used to impose such limits.
330
# The value should be the user limit in seconds or none for nothing
331
# Check out conf/sql.attrmap or extra.ldap-attrmap (depending on if you are
332
# using sql or ldap) for per user attributes. The mapping should be made to
333
# the attributes configured in the counter module. The attributes used by
334
# dialupadmin will always be the ones appearing in the attribute mapping files
335
# so you should make sure they are mapped to the correct attributes
336
#
337
#counter_default_daily: 14400
338
#counter_default_weekly: 72000
339
counter_default_daily: none
340
counter_default_weekly: none
341
counter_default_monthly: none
342
#
343
# Since calculating monthly usage can be quite expensive we make
344
# it configurable
345
# This is not needed if the monthly limit is not none
346
#counter_monthly_calculate_usage: true
347
 
348
# some of the date/time related functions need to know what timezone we are in
349
 
350
timezone: Europe/Luxembourg
351