Annotation of embedaddon/strongswan/conf/plugins/eap-radius.conf, revision 1.1
1.1 ! misho 1: eap-radius {
! 2:
! 3: # Send RADIUS accounting information to RADIUS servers.
! 4: # accounting = no
! 5:
! 6: # Close the IKE_SA if there is a timeout during interim RADIUS accounting
! 7: # updates.
! 8: # accounting_close_on_timeout = yes
! 9:
! 10: # Interval in seconds for interim RADIUS accounting updates, if not
! 11: # specified by the RADIUS server in the Access-Accept message.
! 12: # accounting_interval = 0
! 13:
! 14: # If enabled, accounting is disabled unless an IKE_SA has at least one
! 15: # virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
! 16: # accounting_requires_vip = no
! 17:
! 18: # If enabled, adds the Class attributes received in Access-Accept message to
! 19: # the RADIUS accounting messages.
! 20: # accounting_send_class = no
! 21:
! 22: # Use class attributes in Access-Accept messages as group membership
! 23: # information.
! 24: # class_group = no
! 25:
! 26: # Closes all IKE_SAs if communication with the RADIUS server times out. If
! 27: # it is not set only the current IKE_SA is closed.
! 28: # close_all_on_timeout = no
! 29:
! 30: # Send EAP-Start instead of EAP-Identity to start RADIUS conversation.
! 31: # eap_start = no
! 32:
! 33: # Use filter_id attribute as group membership information.
! 34: # filter_id = no
! 35:
! 36: # Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
! 37: # EAP method.
! 38: # id_prefix =
! 39:
! 40: # Whether to load the plugin. Can also be an integer to increase the
! 41: # priority of this plugin.
! 42: load = yes
! 43:
! 44: # NAS-Identifier to include in RADIUS messages.
! 45: # nas_identifier = strongSwan
! 46:
! 47: # Port of RADIUS server (authentication).
! 48: # port = 1812
! 49:
! 50: # Base to use for calculating exponential back off.
! 51: # retransmit_base = 1.4
! 52:
! 53: # Timeout in seconds before sending first retransmit.
! 54: # retransmit_timeout = 2.0
! 55:
! 56: # Number of times to retransmit a packet before giving up.
! 57: # retransmit_tries = 4
! 58:
! 59: # Shared secret between RADIUS and NAS. If set, make sure to adjust the
! 60: # permissions of the config file accordingly.
! 61: # secret =
! 62:
! 63: # IP/Hostname of RADIUS server.
! 64: # server =
! 65:
! 66: # Number of sockets (ports) to use, increase for high load.
! 67: # sockets = 1
! 68:
! 69: # Whether to include the UDP port in the Called- and Calling-Station-Id
! 70: # RADIUS attributes.
! 71: # station_id_with_port = yes
! 72:
! 73: dae {
! 74:
! 75: # Enables support for the Dynamic Authorization Extension (RFC 5176).
! 76: # enable = no
! 77:
! 78: # Address to listen for DAE messages from the RADIUS server.
! 79: # listen = 0.0.0.0
! 80:
! 81: # Port to listen for DAE requests.
! 82: # port = 3799
! 83:
! 84: # Shared secret used to verify/sign DAE messages. If set, make sure to
! 85: # adjust the permissions of the config file accordingly.
! 86: # secret =
! 87:
! 88: }
! 89:
! 90: forward {
! 91:
! 92: # RADIUS attributes to be forwarded from IKEv2 to RADIUS.
! 93: # ike_to_radius =
! 94:
! 95: # Same as ike_to_radius but from RADIUS to IKEv2.
! 96: # radius_to_ike =
! 97:
! 98: }
! 99:
! 100: # Section to specify multiple RADIUS servers.
! 101: servers {
! 102:
! 103: }
! 104:
! 105: # Section to configure multiple XAuth authentication rounds via RADIUS.
! 106: xauth {
! 107:
! 108: }
! 109:
! 110: }
! 111:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to eap-radius.conf CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / conf / plugins