Subversion Repositories ALCASAR

#

# Main Configuration File

#

# it can be default or whatever language. Only greek are supported

# from non latin alphabet languages

# These attribute only apply for ldap not for sql

#

general_prefered_lang: en

general_prefered_lang_name: English

#

# The charset which will be added as a meta tag in all pages

#

general_charset: iso-8859-1

#

# Uncomment this if normal attributes (not the ;lang-xx ones) in ldap

# are utf8 encoded.

#

#general_decode_normal_attributes: yes

#

# The directory where dialupadmin is installed

#

general_base_dir: /usr/share/freeradius-web

#

# The base directory of the freeradius radius installation

#

general_radiusd_base_dir: /usr

general_domain: company.com

#

# Set it to yes to use sessions and cache the various mappings

# You can also set use_session = 1 in config.php to also cache

# the admin.conf

#

# ---- IMPORTANT -- IMPORTANT -- IMPORTANT ----

#Remember to use the 'Clear Cache' page if you use sessions and do any changes

#in any of the configuration files.

#

general_use_session: no

#

# This is used by the failed logins page. It states the default back time

# in minutes.

#

general_most_recent_fl: 30

#

# Realm setup

#

# Set general_strip_realms to yes in order  to stip realms from usernames.

# By default realms are not striped

#general_strip_realms: yes

#

# The delimiter used  in realms. Default is @

#

general_realm_delimiter: @

#

# The format of the realms. Can be either suffix (realm is after the username)

# or prefix (realm is before the username). Default is suffix

#

general_realm_format: suffix

#

#

# Determines if the administrator will be able to see and change the user password through

# the user edit page

general_show_user_password: yes

general_raddb_dir: /etc/raddb

general_ldap_attrmap: %{general_raddb_dir}/ldap.attrmap

# Need to fix admin.conf file parser

#general_clients_conf: %{general_raddb_dir}/clients.conf

general_clients_conf: /etc/raddb/clients.conf

general_sql_attrmap: /etc/freeradius-web/sql.attrmap

general_accounting_attrs_file: /etc/freeradius-web/accounting.attrs

general_extra_ldap_attrmap: /etc/freeradius-web/extra.ldap-attrmap

general_username_mappings_file: /etc/freeradius-web/username.mappings

#

# it can be either ldap or sql

# This affects the user base not accounting. Accounting is always in sql

#

general_lib_type: sql

#

# Define which attributes will be visible in the user edit page

#

general_user_edit_attrs_file: /etc/freeradius-web/user_edit.attrs

#

# Used by the Accounting Report Generator

#

general_sql_attrs_file: /etc/freeradius-web/sql.attrs

#

# Set default values for various attributes

#

general_default_file: /etc/freeradius-web/default.vals

#general_ld_library_path: /usr/local/snmpd/lib

#

# can be 'snmp' (for snmpfinger) or empty to query the radacct table without first

# querying the nas

# This is used by the online users page

#

general_finger_type: snmp

#

# Defines the nas type. This is only used by snmpfinger

# cisco, usrhiper and lucent are supported for now

#

general_nas_type: cisco

general_snmpfinger_bin: %{general_base_dir}/bin/snmpfinger

#

# Used by the 'Disconnect User' button in the Clear Open Sessions page

# Uses the Cisco AAA Session MIB or a telnet session

#

general_sessionclear_bin: %{general_base_dir}/bin/clearsession

#

# Can be one of telnet or snmp

#

general_sessionclear_method: snmp

general_radclient_bin: %{general_radiusd_base_dir}/bin/radclient

#

# this information is used from the server check page

#

general_test_account_login: test

general_test_account_password: testpass

#

# These are used as default values for the user test page

#

general_radius_server: localhost

general_radius_server_port: 1812

#

# can be either pap or chap

#

general_radius_server_auth_proto: pap

#

# sorry, single valued for now. Should become something like

# password[server-name]: xxxxx

#

general_radius_server_secret: XXXXXX

general_auth_request_file: /etc/freeradius-web/auth.request

#

# can be one of crypt,md5,clear

#

general_encryption_method: crypt

#

# can be either asc (older dates first) or desc (recent dates first)

# This is used in the user accounting and badusers pages

#

general_accounting_info_order: desc

#

# Use the totacct table in the user statistics page instead of the radacct

# table. That will make the page run quicker. totacct should have data for

# this to work :-)

#

general_stats_use_totacct: no

#

# If set to yes then we only allow each administrator to examine it's own entries

# in the badusers table

#

general_restrict_badusers_access: no

#

# If set to yes then we restrict access to the nas administration page only to those

# users which are allowed by their username mapping (nasadmin is set to yes)

#

general_restrict_nasadmin_access: no

INCLUDE: /etc/freeradius-web/naslist.conf

INCLUDE: /etc/freeradius-web/captions.conf

#

# The ldap server to connect to.

# Both ldap_server and ldap_write_server can be a space-separated

# list of ldap hostnames. In that case the library will try to connect

# to the servers in the order that they appear. If the first host is down

# ldap_connect will ask for the second ldap host and so on.

#

ldap_server: ldap.%{general_domain}

#

# There are many cases where we have a small write master and

# a lot of fast read only replicas. If that is the case uncomment

# ldap_write_server and point it to the write master. It will be

# used only when writing to the directory, not when reading

#

#ldap_write_server: master.%{general_domain}

ldap_base: dc=company,dc=com

ldap_binddn: cn=Directory Manager

ldap_bindpw: XXXXXXX

ldap_default_new_entry_suffix: ou=dialup,ou=guests,%{ldap_base}

ldap_default_dn: uid=default-dialup,%{ldap_base}

ldap_regular_profile_attr: dialupregularprofile

#

# If set to yes then the HTTP credentials (http authentication)

# will be used to bind to the ldap server instead of ldap_binddn

# and ldap_bindpw. That way multiple admins with different rights

# on the ldap database can connect through one dialup_admin interface.

# The ldap_binddn and ldap_bindpw are still needed to find the DN

# to bind with (http authentication will only provide us with a

# username). As a result the ldap_binddn should be able to do a search

# with a filter of (uid=<username>). Normally, the anonymous (empty DN)

# user can do that.

#ldap_use_http_credentials: yes

#

# If we are using http credentials we can map a specific username to the

# directory manager (which usually does not correspond to a specific username)

#

#ldap_directory_manager: cn=Directory Manager

#ldap_map_to_directory_manager: admin

#

# Uncomment to enable ldap debug

#

ldap_debug: true

#

# Allow for defining the ldap filter used when searching for a user

# Variables supported:

# %u: username

# %U: username provided though http authentication

# %mu: mappings for userdb

# %ma: mappings for accounting

# %mn: mappings for nasdb

# %mN: mappings for nas administration

#

# One use of this would be to restrict access to only the user's belonging to

# a specific administrator like this:

# ldap_filter: (&(uid=%u)(manager=uid=%U,ou=admins,o=company,c=com))

#

#ldap_filter: (uid=%u)

#

# If ldap_userdn is set then we use that for user dns, we don't perform an ldap

# search. This can be somewhat faster. The variables supported for ldap_filter

# are also supported here

#

#ldap_userdn: uid=%u,%{ldap_base}

#

# can be one of mysql,pg,oracle,sqlrelay where:

# mysq: MySQL database (port 3306)

# pg: PostgreSQL database (port 5432)

# oracle: Oracle database (port 1521)

# sqlrelay: SQL Relay

#

sql_type: mysql

sql_server: localhost

sql_port: 3306

sql_username: dialup_admin

sql_password: XXXXXX

sql_database: radius

sql_accounting_table: radacct

sql_badusers_table: badusers

sql_check_table: radcheck

sql_reply_table: radreply

sql_user_info_table: userinfo

sql_groupcheck_table: radgroupcheck

sql_groupreply_table: radgroupreply

sql_usergroup_table: radusergroup

sql_total_accounting_table: totacct

sql_nas_table: nas

#

# If set to true then we show all the available groups with the groups

# that the user is a member of highlighted in the user edit page.

# Otherwise we only show the groups he is a member of.

sql_show_all_groups: true

#

# This variable is used by the scripts in the bin folder

# It should contain the path to the sql binary used to run

# sql commands (mysql, psql, oracle and sqlrelay are only supported for now)

sql_command: /usr/bin/mysql

#sql_command: /usr/bin/psql

#sql_command: /usr/bin/sqlplus

#

# This variable is used by the scripts in the bin folder

# It should contain the snmp type and  path to the binary 

# used to run snmp commands. 

# (ucd = UCD-Snmp and net = Net-Snmp are only supported for now)

general_snmp_type: net

general_snmpwalk_command: /usr/bin/snmpwalk

general_snmpget_command: /usr/bin/snmpget

#

# Uncomment to enable sql debug

#

sql_debug: true

#

# If set to yes then the HTTP credentials (http authentication)

# will be used to connect to the sql server instead of sql_username

# and sql_password. That way multiple admins with different rights

# on the sql database can connect through one dialup_admin interface.

#sql_use_http_credentials: yes

#

# If set the query will be added to all of the queries on the accounting

# table

# Variables supported:

# %u: username

# %U: username provided though http authentication

# %mu: mappings for userdb

# %ma: mappings for accounting

# %mn: mappings for nasdb

# %mN: mappings for nas administration

#sql_accounting_extra_query: %ma

#

# true or false

#

sql_use_user_info_table: true

sql_use_operators: true

#

# Set this to the value of the default_user_profile in your

# sql.conf if that one is set. If it is not set leave blank

# or commented out

#sql_default_user_profile: DEFAULT

#

#

sql_password_attribute: User-Password

sql_date_format: Y-m-d

sql_full_date_format: Y-m-d H:i:s

#

# Used in the accounting report generator so that we

# don't return too many results

#

sql_row_limit: 40

#

# These options are used by the log_badlogins script and by the

# mysql driver

#

# Set the sql connect timeout (secs)

sql_connect_timeout: 3

# Give a space separated list of extra mysql servers to connect to when

# logging bad logins or adding users in the badusers table

#sql_extra_servers: sql2.company.com sql3.company.com

#

# Default values for the various user limits in case the counter module

# is used to impose such limits.

# The value should be the user limit in seconds or none for nothing

# Check out conf/sql.attrmap or extra.ldap-attrmap (depending on if you are

# using sql or ldap) for per user attributes. The mapping should be made to

# the attributes configured in the counter module. The attributes used by

# dialupadmin will always be the ones appearing in the attribute mapping files

# so you should make sure they are mapped to the correct attributes

#

#counter_default_daily: 14400

#counter_default_weekly: 72000

counter_default_daily: none

counter_default_weekly: none

counter_default_monthly: none

#

# Since calculating monthly usage can be quite expensive we make

# it configurable

# This is not needed if the monthly limit is not none

#counter_monthly_calculate_usage: true

# some of the date/time related functions need to know what timezone we are in

timezone: Europe/Luxembourg