smradiusd.conf 11.1 KB
Newer Older
Nigel Kukard's avatar
Nigel Kukard committed
1 2 3 4 5 6 7 8 9 10
#
# Server configuration
#
[server]

# User to run this daemon as
#user=
#group=

# Filename to store pid of parent process
11 12 13 14 15
#pid_file=/var/run/smradius/smradiusd.pid

# Cache file
#cache_file=/var/run/smradius/cache

Nigel Kukard's avatar
Nigel Kukard committed
16 17 18 19 20 21 22

# Uncommenting the below option will prevent awradiusd going into the background
#background=no

# Preforking configuration
#
# min_server		- Minimum servers to keep around
23 24
# min_spare_servers	- Minimum spare servers to keep around ready to
# handle requests
Nigel Kukard's avatar
Nigel Kukard committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
# max_spare_servers	- Maximum spare servers to have around doing nothing
# max_servers		- Maximum servers alltogether
# max_requests		- Maximum number of requests each child will serve
#
# One may want to use the following as a rough guideline...
# Small : 2, 2,  4, 10, 1000
# Medium: 4, 4, 12, 25, 1000
# Large : 8, 8, 16, 64, 1000
#
#min_servers=4
#min_spare_servers=4
#max_spare_servers=12
#max_servers=25
#max_requests=1000



# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
47
# 4 - Debugging
Nigel Kukard's avatar
Nigel Kukard committed
48 49 50 51 52 53
#log_level=2

# File to log to instead of stdout
#log_file=/var/log/smradiusd.log

# Things to log in extreme detail
54
# modules - Log detailed module running information
Nigel Kukard's avatar
Nigel Kukard committed
55 56
#
# There is no default for this configuration option. Options can be
57
# separated by commas. ie. modules
Nigel Kukard's avatar
Nigel Kukard committed
58 59 60 61 62 63 64 65 66 67
#
#log_detail=

# IP to listen on, * for all
#host=*

# Timeout in communication with clients
#timeout=120

# cidr_allow/cidr_deny
68 69 70
# Comma, whitespace or semi-colon separated. Contains a CIDR block to
# compare the clients IP to.  If cidr_allow or cidr_deny options are
# given, the incoming client must match a cidr_allow and not match a
Nigel Kukard's avatar
Nigel Kukard committed
71 72 73 74
# cidr_deny or the client connection will be closed.
#cidr_allow=0.0.0.0/0
#cidr_deny=

75 76 77
# Event timestamp timezone, in "Continent/City" format
# Defaults to "GMT"
event_timezone=GMT
Nigel Kukard's avatar
Nigel Kukard committed
78

Nigel Kukard's avatar
Nigel Kukard committed
79 80 81
# SMTP server to use when sending email
#smtp_server=127.0.0.1

82 83

[radius]
84 85 86 87
# Use packet timestamp, if unset, the default is to use the server
# timestamp at the moment the packet is received.
#
# WARNING!!!!
88 89 90 91
# Not all routers keep time, it may occur that some routers depend on
# getting date & time apon reboot from an ntp server. The problem
# will arise when the router cannot get the date and time before the
# first user logs in .. BAM, you'll have sessions with a period key
92 93
# in current month but an event timestamp in 1970.
#
94
# Defaults to "no"
95
#use_packet_timestamp=yes
Nigel Kukard's avatar
Nigel Kukard committed
96

97 98 99 100 101 102 103
# Radius server abuse prevention
#
# Abuse prevention will drop packets which flood the radius server,
# or are duplicated in a short timeframe. You probably want this if
# you are not being fed by a radius proxy.
#
# Defaults to "no"
Nigel Kukard's avatar
Nigel Kukard committed
104
#use_abuse_prevention=yes
105 106 107 108 109 110 111 112 113 114

# How fast can a NAS spam the same type of request
#
# Access-Request defaults to 10s
#access_request_abuse_threshold=10
#
# Accounting-Request defaults to 5s
#accounting_request_abuse_threshold=5


Nigel Kukard's avatar
Nigel Kukard committed
115
[database]
Nigel Kukard's avatar
Nigel Kukard committed
116 117
#DSN=DBI:SQLite:dbname=smradius.sqlite
DSN=DBI:mysql:database=smradius;host=localhost
Nigel Kukard's avatar
Nigel Kukard committed
118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135
Username=root
Password=


# What do we do when we have a database connection problem
# tempfail	- Return temporary failure
# pass		- Return success
bypass_mode=tempfail

# How many seconds before we retry a DB connection
bypass_timeout=5


[dictionary]
load=<<EOT
dicts/dictionary
dicts/dictionary.microsoft
dicts/dictionary.mikrotik
Nigel Kukard's avatar
Nigel Kukard committed
136
dicts/dictionary.wispr
Nigel Kukard's avatar
Nigel Kukard committed
137 138 139 140
EOT


[authentication]
141 142

mechanisms=<<EOT
Nigel Kukard's avatar
Nigel Kukard committed
143 144 145 146 147
mod_auth_pap
mod_auth_chap
mod_auth_mschap
EOT

148
users=<<EOT
149
mod_userdb_sql
150 151 152
EOT


153
[system]
154
modules=<<EOT
155
mod_config_sql
156
mod_config_sql_topups
157 158 159
EOT


160
[features]
161
modules=<<EOT
162
mod_feature_capping
163
mod_feature_user_stats
Nigel Kukard's avatar
Nigel Kukard committed
164
mod_feature_update_user_stats_sql
Nigel Kukard's avatar
Nigel Kukard committed
165
mod_feature_validity
Nigel Kukard's avatar
Nigel Kukard committed
166
mod_feature_fup
167 168 169
EOT


Nigel Kukard's avatar
Nigel Kukard committed
170 171

[accounting]
172
modules=<<EOT
173
mod_accounting_sql
Nigel Kukard's avatar
Nigel Kukard committed
174 175 176 177
EOT



178 179 180
# MOD_CONFIG_SQL
[mod_config_sql]

181
get_config_realm_id_query=<<EOT
182
	SELECT
183 184 185 186 187 188 189 190 191 192 193 194
		ID
	FROM
		@TP@realms
	WHERE
		Name = ?
EOT

get_config_realm_attributes_query=<<EOT
	SELECT
		Name,
		Operator,
		Value
195 196
	FROM
		@TP@realm_attributes
197 198
	WHERE
		RealmID = ?
199 200
EOT

201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224
get_config_accesslist_query=<<EOT
	SELECT
		@TP@clients.AccessList,
		@TP@clients.ID
	FROM
		@TP@clients,
		@TP@clients_to_realms
	WHERE
		@TP@clients.ID = @TP@clients_to_realms.ClientID
		AND @TP@clients_to_realms.RealmID = ?
EOT

get_config_client_attributes_query=<<EOT
	SELECT
		Name,
		Operator,
		Value
	FROM
		@TP@client_attributes
	WHERE
		ClientID = ?
EOT


Nigel Kukard's avatar
Nigel Kukard committed
225

226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255
# MOD_CONFIG_SQL_TOPUPS
[mod_config_sql_topups]

get_topups_summary_query=<<EOT
	SELECT
		@TP@topups_summary.Balance,
		@TP@topups.Type,
		@TP@topups.ID
	FROM
		@TP@topups_summary,
		@TP@topups,
		@TP@users
	WHERE
		@TP@topups.ID = @TP@topups_summary.TopupID
		AND @TP@topups.UserID = @TP@users.ID
		AND @TP@topups_summary.PeriodKey = ?
		AND @TP@topups.Depleted = 0
		AND @TP@users.Username = ?
EOT

get_topups_query=<<EOT
	SELECT
		@TP@topups.ID,
		@TP@topups.Type,
		@TP@topups.Value
	FROM
		@TP@topups,
		@TP@users
	WHERE
		@TP@topups.UserID = @TP@users.ID
256
		AND @TP@topups.ValidFrom = ?
257 258 259 260 261
		AND @TP@topups.ValidTo >= ?
		AND @TP@topups.Depleted = 0
		AND @TP@users.Username = ?
EOT

Nigel Kukard's avatar
Nigel Kukard committed
262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283
topups_add_query=<<EOT
	INSERT INTO @TP@topups (
		UserID,
		Timestamp,
		ValidFrom,
		ValidTo,
		Type,
		Value,
		Depleted
	) VALUES (
		%{user.ID},
		%{query.Timestamp},
		%{query.ValidFrom},
		%{query.ValidTo},
		%{query.Type},
		%{query.Value},
		%{query.Depleted}
	)
EOT



284

285
# MOD_ACCOUNTING_SQL
Nigel Kukard's avatar
Nigel Kukard committed
286 287
[mod_accounting_sql]

288
accounting_start_query=<<EOT
289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306
	INSERT INTO
		@TP@accounting
	(
		Username,
		ServiceType,
		FramedProtocol,
		NASPort,
		NASPortType,
		CallingStationID,
		CalledStationID,
		NASPortID,
		AcctSessionID,
		FramedIPAddress,
		AcctAuthentic,
		EventTimestamp,
		AcctStatusType,
		NASIdentifier,
		NASIPAddress,
307
		AcctDelayTime,
Robert Anderson's avatar
Robert Anderson committed
308 309 310 311 312 313 314
		AcctSessionTime,
		AcctInputOctets,
		AcctInputGigawords,
		AcctInputPackets,
		AcctOutputOctets,
		AcctOutputGigawords,
		AcctOutputPackets,
315
		PeriodKey
316 317 318
	)
	VALUES
	(
319
		%{user.Username},
320 321 322 323 324 325
		%{request.Service-Type},
		%{request.Framed-Protocol},
		%{request.NAS-Port},
		%{request.NAS-Port-Type},
		%{request.Calling-Station-Id},
		%{request.Called-Station-Id},
326
		%{request.NAS-Port-Id},
327 328 329 330 331 332 333
		%{request.Acct-Session-Id},
		%{request.Framed-IP-Address},
		%{request.Acct-Authentic},
		%{request.Timestamp},
		%{request.Acct-Status-Type},
		%{request.NAS-Identifier},
		%{request.NAS-IP-Address},
334
		%{request.Acct-Delay-Time},
335 336 337 338 339 340 341
		%{request.Acct-Session-Time},
		%{request.Acct-Input-Octets},
		%{request.Acct-Input-Gigawords},
		%{request.Acct-Input-Packets},
		%{request.Acct-Output-Octets},
		%{request.Acct-Output-Gigawords},
		%{request.Acct-Output-Packets},
342
		%{query.PeriodKey}
343
	)
Nigel Kukard's avatar
Nigel Kukard committed
344 345
EOT

346 347
accounting_update_get_records_query=<<EOT
	SELECT
348 349 350 351 352 353 354
		SUM(AcctInputOctets) AS AcctInputOctets,
		SUM(AcctInputPackets) AS AcctInputPackets,
		SUM(AcctOutputOctets) AS AcctOutputOctets,
		SUM(AcctOutputPackets) AS AcctOutputPackets,
		SUM(AcctInputGigawords) AS AcctInputGigawords,
		SUM(AcctOutputGigawords) AS AcctOutputGigawords,
		SUM(AcctSessionTime) AS AcctSessionTime,
355 356 357 358
		PeriodKey
	FROM
		@TP@accounting
	WHERE
359
		Username = %{user.Username}
360 361
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
362
		AND NASPort = %{request.NAS-Port}
363 364 365 366 367 368
	GROUP BY
		PeriodKey
	ORDER BY
		ID ASC
EOT

369
accounting_update_query=<<EOT
370 371 372
	UPDATE
		@TP@accounting
	SET
373 374 375 376
		AcctSessionTime = %{query.Acct-Session-Time},
		AcctInputOctets = %{query.Acct-Input-Octets},
		AcctInputGigawords = %{query.Acct-Input-Gigawords},
		AcctInputPackets = %{query.Acct-Input-Packets},
377 378 379
		AcctOutputOctets = %{query.Acct-Output-Octets},
		AcctOutputGigawords = %{query.Acct-Output-Gigawords},
		AcctOutputPackets = %{query.Acct-Output-Packets},
380 381
		AcctStatusType = %{request.Acct-Status-Type}
	WHERE
382
		Username = %{user.Username}
383 384
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
385
		AND NASPort = %{request.NAS-Port}
386
		AND PeriodKey = %{query.PeriodKey}
Nigel Kukard's avatar
Nigel Kukard committed
387 388
EOT

389 390 391 392
accounting_stop_status_query=<<EOT
	UPDATE
		@TP@accounting
	SET
393 394 395
		AcctStatusType = %{request.Acct-Status-Type},
		AcctTerminateCause = %{request.Acct-Terminate-Cause}
	WHERE
396
		Username = %{user.Username}
397 398
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
399
		AND NASPort = %{request.NAS-Port}
Nigel Kukard's avatar
Nigel Kukard committed
400 401
EOT

402
accounting_usage_query=<<EOT
403
	SELECT
404 405 406 407 408
		SUM(AcctInputOctets) AS AcctInputOctets,
		SUM(AcctOutputOctets) AS AcctOutputOctets,
		SUM(AcctInputGigawords) AS AcctInputGigawords,
		SUM(AcctOutputGigawords) AS AcctOutputGigawords,
		SUM(AcctSessionTime) AS AcctSessionTime
409 410 411
	FROM
		@TP@accounting
	WHERE
412
		Username = %{user.Username}
413
		AND PeriodKey = %{query.PeriodKey}
414 415
EOT

416 417 418 419 420 421
accounting_select_duplicates_query=<<EOT
	SELECT
		ID
	FROM
		@TP@accounting
	WHERE
422
		Username = %{user.Username}
423 424
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
425
		AND NASPort = %{request.NAS-Port}
426 427
		AND PeriodKey = %{query.PeriodKey}
	ORDER BY
428
		ID DESC
429 430
		LIMIT 99 OFFSET 1
EOT
431

432 433 434 435 436 437
accounting_delete_duplicates_query=<<EOT
	DELETE FROM
		@TP@accounting
	WHERE
		ID = %{query.DuplicateID}
EOT
438

439 440 441
# This is how long we going to cache the usage query for
# Default: 300 (seconds)
#
442
# You can use  "no", "0", "false"  to disable, specify a number > 1, or use
443 444 445
# "yes", "1", "true" to enable with the default value
accounting_usage_cache_time=300

Nigel Kukard's avatar
Nigel Kukard committed
446

447
# MOD_USERDB_SQL
448
[mod_userdb_sql]
Nigel Kukard's avatar
Nigel Kukard committed
449

450
userdb_find_query=<<EOT
451
	SELECT
Robert Anderson's avatar
Robert Anderson committed
452
		ID, Disabled
453 454 455
	FROM
		@TP@users
	WHERE
456
		Username = %{user.Username}
457 458
EOT

459
userdb_get_group_attributes_query=<<EOT
460 461 462 463 464
	SELECT
		group_attributes.Name, group_attributes.Operator, group_attributes.Value
	FROM
		@TP@group_attributes, @TP@users_to_groups
	WHERE
465
		users_to_groups.UserID = %{user.ID}
466
		AND group_attributes.GroupID = users_to_groups.GroupID
467
		AND group_attributes.Disabled = 0
468
EOT
469

470
userdb_get_user_attributes_query=<<EOT
471 472 473 474 475
	SELECT
		Name, Operator, Value
	FROM
		@TP@user_attributes
	WHERE
476
		UserID = %{user.ID}
477
		AND Disabled = 0
478 479
EOT

480 481 482 483 484
users_data_set_query=<<EOT
	INSERT INTO
		@TP@users_data (UserID, LastUpdated, Name, Value)
	VALUES
		(
485
			%{user.ID},
486 487 488 489 490 491 492 493 494 495 496 497 498
			%{query.LastUpdated},
			%{query.Name},
			%{query.Value}
		)
EOT

users_data_update_query=<<EOT
	UPDATE
		@TP@users_data
	SET
		LastUpdated = %{query.LastUpdated},
		Value = %{query.Value}
	WHERE
499
		UserID = %{user.ID}
500 501 502 503 504 505 506 507 508
		AND Name = %{query.Name}
EOT

users_data_get_query=<<EOT
	SELECT
		LastUpdated, Name, Value
	FROM
		@TP@users_data
	WHERE
509
		UserID = %{user.ID}
510
		AND Name = %{query.Name}
511 512 513 514 515 516
EOT

users_data_delete_query=<<EOT
	DELETE FROM
		@TP@users_data
	WHERE
517
		UserID = %{user.ID}
518 519 520 521 522 523 524 525 526 527
		AND Name = %{query.Name}
EOT

# This is how long we going to cache the data query for
# Default: 300 (seconds)
#
# You can use  "no", "0", "false"  to disable, specify a number > 1, or use 
# "yes", "1", "true" to enable with the default value
userdb_data_cache_time=300

528

Robert Anderson's avatar
Robert Anderson committed
529 530
# MOD_FEATURE_UPDATE_USER_STATS_SQL
[mod_feature_update_user_stats_sql]
531

Robert Anderson's avatar
Robert Anderson committed
532 533 534 535 536 537 538
update_user_stats_query=<<EOT
	UPDATE
		@TP@users
	SET
		PeriodKey = %{query.PeriodKey},
		TotalTraffic = %{query.TotalTraffic},
		TotalUptime = %{query.TotalUptime},
539 540
		NASIdentifier = %{request.NAS-Identifier},
		LastAcctUpdate = now()
Robert Anderson's avatar
Robert Anderson committed
541
	WHERE
542
		Username = %{user.Username}
Robert Anderson's avatar
Robert Anderson committed
543
EOT
544 545 546 547


# MOD_FEATURE_CAPPING
[mod_feature_capping]
548

549 550 551
# Enable Mikrotik-specific return vattributes
#enable_mikrotik=1

552 553 554
# Enable caveat for SMRadius-Capping-Traffic-Limit having the meaning of 0 and -undef- swapped up to v1.0.x
#caveat_captrafzero=1