FreeBSD manual
download PDF document: radius.conf.5.pdf
RADIUS.CONF(5) FreeBSD File Formats Manual RADIUS.CONF(5)
NAME
radius.conf - RADIUS client configuration file
SYNOPSIS
/etc/radius.conf
DESCRIPTION
radius.conf contains the information necessary to configure the RADIUS
client library. It is parsed by rad_config(3). The file contains one or
more lines of text, each describing a single RADIUS server which will be
used by the library. Leading white space is ignored, as are empty lines
and lines containing only comments.
A RADIUS server is described by three to seven fields on a line:
Service type
Server host
Shared secret
Timeout
Retries
Dead time
Bind address
The fields are separated by white space. The `#' character at the
beginning of a field begins a comment, which extends to the end of the
line. A field may be enclosed in double quotes, in which case it may
contain white space and/or begin with the `#' character. Within a quoted
string, the double quote character can be represented by `\"', and the
backslash can be represented by `\\'. No other escape sequences are
supported.
The first field gives the service type, either `auth' for RADIUS
authentication or `acct' for RADIUS accounting. If a single server
provides both services, two lines are required in the file. Earlier
versions of this file did not include a service type. For backward
compatibility, if the first field is not `auth' or `acct' the library
behaves as if `auth' were specified, and interprets the fields in the
line as if they were fields two through five.
The second field specifies the server host, either as a fully qualified
domain name or as a dotted-quad IP address. The host may optionally be
followed by a `:' and a numeric port number, without intervening white
space. If the port specification is omitted, it defaults to the `radius'
or `radacct' service in the /etc/services file for service types `auth'
and `acct', respectively. If no such entry is present, the standard
ports 1812 and 1813 are used.
The third field contains the shared secret, which should be known only to
the client and server hosts. It is an arbitrary string of characters,
though it must be enclosed in double quotes if it contains white space.
The shared secret may be any length, but the RADIUS protocol uses only
the first 128 characters. N.B., some popular RADIUS servers have bugs
which prevent them from working properly with secrets longer than 16
characters.
The fourth field contains a decimal integer specifying the timeout in
seconds for receiving a valid reply from the server. If this field is
The sixth field contains a decimal integer specifying a time interval in
seconds when the server will not requested if it was inaccessible on the
last try. 0 means ask always.
The seventh field contains an IP address on multihomed host. All requests
will be binded to this IP.
Up to 10 RADIUS servers may be specified for each service type. The
servers are tried in round-robin fashion, until a valid response is
received or the maximum number of tries has been reached for all servers.
The standard location for this file is /etc/radius.conf. But an
alternate pathname may be specified in the call to rad_config(3). Since
the file contains sensitive information in the form of the shared
secrets, it should not be readable except by root.
FILES
/etc/radius.conf
EXAMPLES
# A simple entry using all the defaults:
acct radius1.domain.com OurLittleSecret
# A server still using the obsolete RADIUS port, with increased
# timeout and maximum tries:
auth auth.domain.com:1645 "I can't see you" 5 4
# As above but set dead time and bind address
auth auth.domain.com:1645 "I can't see you" 5 4 60 192.168.1.8
# A server specified by its IP address:
auth 192.168.27.81 $X*#..38947ax-+=
SEE ALSO
libradius(3)
C. Rigney, et al, Remote Authentication Dial In User Service (RADIUS),
RFC 2138.
C. Rigney, RADIUS Accounting, RFC 2139.
AUTHORS
This documentation was written by John Polstra, and donated to the
FreeBSD project by Juniper Networks, Inc.
FreeBSD 14.2-RELEASE October 30, 1999 FreeBSD 14.2-RELEASE