Return to eap-radius.conf CVS log

Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / conf / plugins

Strongswan

    1: eap-radius {
    2: 
    3:     # Send RADIUS accounting information to RADIUS servers.
    4:     # accounting = no
    5: 
    6:     # Close the IKE_SA if there is a timeout during interim RADIUS accounting
    7:     # updates.
    8:     # accounting_close_on_timeout = yes
    9: 
   10:     # Interval in seconds for interim RADIUS accounting updates, if not
   11:     # specified by the RADIUS server in the Access-Accept message.
   12:     # accounting_interval = 0
   13: 
   14:     # If enabled, accounting is disabled unless an IKE_SA has at least one
   15:     # virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
   16:     # accounting_requires_vip = no
   17: 
   18:     # If enabled, adds the Class attributes received in Access-Accept message to
   19:     # the RADIUS accounting messages.
   20:     # accounting_send_class = no
   21: 
   22:     # Use class attributes in Access-Accept messages as group membership
   23:     # information.
   24:     # class_group = no
   25: 
   26:     # Closes all IKE_SAs if communication with the RADIUS server times out. If
   27:     # it is not set only the current IKE_SA is closed.
   28:     # close_all_on_timeout = no
   29: 
   30:     # Send EAP-Start instead of EAP-Identity to start RADIUS conversation.
   31:     # eap_start = no
   32: 
   33:     # Use filter_id attribute as group membership information.
   34:     # filter_id = no
   35: 
   36:     # Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
   37:     # EAP method.
   38:     # id_prefix =
   39: 
   40:     # Whether to load the plugin. Can also be an integer to increase the
   41:     # priority of this plugin.
   42:     load = yes
   43: 
   44:     # NAS-Identifier to include in RADIUS messages.
   45:     # nas_identifier = strongSwan
   46: 
   47:     # Port of RADIUS server (authentication).
   48:     # port = 1812
   49: 
   50:     # Base to use for calculating exponential back off.
   51:     # retransmit_base = 1.4
   52: 
   53:     # Timeout in seconds before sending first retransmit.
   54:     # retransmit_timeout = 2.0
   55: 
   56:     # Number of times to retransmit a packet before giving up.
   57:     # retransmit_tries = 4
   58: 
   59:     # Shared secret between RADIUS and NAS. If set, make sure to adjust the
   60:     # permissions of the config file accordingly.
   61:     # secret =
   62: 
   63:     # IP/Hostname of RADIUS server.
   64:     # server =
   65: 
   66:     # Number of sockets (ports) to use, increase for high load.
   67:     # sockets = 1
   68: 
   69:     # Whether to include the UDP port in the Called- and Calling-Station-Id
   70:     # RADIUS attributes.
   71:     # station_id_with_port = yes
   72: 
   73:     dae {
   74: 
   75:         # Enables support for the Dynamic Authorization Extension (RFC 5176).
   76:         # enable = no
   77: 
   78:         # Address to listen for DAE messages from the RADIUS server.
   79:         # listen = 0.0.0.0
   80: 
   81:         # Port to listen for DAE requests.
   82:         # port = 3799
   83: 
   84:         # Shared secret used to verify/sign DAE messages. If set, make sure to
   85:         # adjust the permissions of the config file accordingly.
   86:         # secret =
   87: 
   88:     }
   89: 
   90:     forward {
   91: 
   92:         # RADIUS attributes to be forwarded from IKEv2 to RADIUS.
   93:         # ike_to_radius =
   94: 
   95:         # Same as ike_to_radius but from RADIUS to IKEv2.
   96:         # radius_to_ike =
   97: 
   98:     }
   99: 
  100:     # Section to specify multiple RADIUS servers.
  101:     servers {
  102: 
  103:     }
  104: 
  105:     # Section to configure multiple XAuth authentication rounds via RADIUS.
  106:     xauth {
  107: 
  108:     }
  109: 
  110: }
  111: