smradiusd.conf 11.1 KB
Newer Older
Nigel Kukard's avatar
Nigel Kukard committed
1
2
3
4
5
6
7
8
9
10
#
# Server configuration
#
[server]

# User to run this daemon as
#user=
#group=

# Filename to store pid of parent process
11
12
13
14
15
#pid_file=/var/run/smradius/smradiusd.pid

# Cache file
#cache_file=/var/run/smradius/cache

Nigel Kukard's avatar
Nigel Kukard committed
16
17
18
19
20
21
22

# Uncommenting the below option will prevent awradiusd going into the background
#background=no

# Preforking configuration
#
# min_server		- Minimum servers to keep around
23
24
# min_spare_servers	- Minimum spare servers to keep around ready to
# handle requests
Nigel Kukard's avatar
Nigel Kukard committed
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# max_spare_servers	- Maximum spare servers to have around doing nothing
# max_servers		- Maximum servers alltogether
# max_requests		- Maximum number of requests each child will serve
#
# One may want to use the following as a rough guideline...
# Small : 2, 2,  4, 10, 1000
# Medium: 4, 4, 12, 25, 1000
# Large : 8, 8, 16, 64, 1000
#
#min_servers=4
#min_spare_servers=4
#max_spare_servers=12
#max_servers=25
#max_requests=1000



# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
47
# 4 - Debugging
Nigel Kukard's avatar
Nigel Kukard committed
48
49
50
51
52
53
#log_level=2

# File to log to instead of stdout
#log_file=/var/log/smradiusd.log

# Things to log in extreme detail
54
# modules - Log detailed module running information
Nigel Kukard's avatar
Nigel Kukard committed
55
56
#
# There is no default for this configuration option. Options can be
57
# separated by commas. ie. modules
Nigel Kukard's avatar
Nigel Kukard committed
58
59
60
61
62
63
64
65
66
67
#
#log_detail=

# IP to listen on, * for all
#host=*

# Timeout in communication with clients
#timeout=120

# cidr_allow/cidr_deny
68
69
70
# Comma, whitespace or semi-colon separated. Contains a CIDR block to
# compare the clients IP to.  If cidr_allow or cidr_deny options are
# given, the incoming client must match a cidr_allow and not match a
Nigel Kukard's avatar
Nigel Kukard committed
71
72
73
74
# cidr_deny or the client connection will be closed.
#cidr_allow=0.0.0.0/0
#cidr_deny=

75
76
77
# Event timestamp timezone, in "Continent/City" format
# Defaults to "GMT"
event_timezone=GMT
Nigel Kukard's avatar
Nigel Kukard committed
78

Nigel Kukard's avatar
Nigel Kukard committed
79
80
81
# SMTP server to use when sending email
#smtp_server=127.0.0.1

82
83

[radius]
84
85
86
87
# Use packet timestamp, if unset, the default is to use the server
# timestamp at the moment the packet is received.
#
# WARNING!!!!
88
89
90
91
# Not all routers keep time, it may occur that some routers depend on
# getting date & time apon reboot from an ntp server. The problem
# will arise when the router cannot get the date and time before the
# first user logs in .. BAM, you'll have sessions with a period key
92
93
# in current month but an event timestamp in 1970.
#
94
# Defaults to "no"
95
#use_packet_timestamp=yes
Nigel Kukard's avatar
Nigel Kukard committed
96

97
98
99
100
101
102
103
# Radius server abuse prevention
#
# Abuse prevention will drop packets which flood the radius server,
# or are duplicated in a short timeframe. You probably want this if
# you are not being fed by a radius proxy.
#
# Defaults to "no"
Nigel Kukard's avatar
Nigel Kukard committed
104
#use_abuse_prevention=yes
105
106
107
108
109
110
111
112
113
114

# How fast can a NAS spam the same type of request
#
# Access-Request defaults to 10s
#access_request_abuse_threshold=10
#
# Accounting-Request defaults to 5s
#accounting_request_abuse_threshold=5


Nigel Kukard's avatar
Nigel Kukard committed
115
[database]
Nigel Kukard's avatar
Nigel Kukard committed
116
117
#DSN=DBI:SQLite:dbname=smradius.sqlite
DSN=DBI:mysql:database=smradius;host=localhost
Nigel Kukard's avatar
Nigel Kukard committed
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
Username=root
Password=


# What do we do when we have a database connection problem
# tempfail	- Return temporary failure
# pass		- Return success
bypass_mode=tempfail

# How many seconds before we retry a DB connection
bypass_timeout=5


[dictionary]
load=<<EOT
dicts/dictionary
dicts/dictionary.microsoft
dicts/dictionary.mikrotik
Nigel Kukard's avatar
Nigel Kukard committed
136
dicts/dictionary.wispr
Nigel Kukard's avatar
Nigel Kukard committed
137
138
139
140
EOT


[authentication]
141
142

mechanisms=<<EOT
Nigel Kukard's avatar
Nigel Kukard committed
143
144
145
146
147
mod_auth_pap
mod_auth_chap
mod_auth_mschap
EOT

148
users=<<EOT
149
mod_userdb_sql
150
151
152
EOT


153
[system]
154
modules=<<EOT
155
mod_config_sql
156
mod_config_sql_topups
157
158
159
EOT


160
[features]
161
modules=<<EOT
162
mod_feature_capping
163
mod_feature_user_stats
Nigel Kukard's avatar
Nigel Kukard committed
164
mod_feature_update_user_stats_sql
Nigel Kukard's avatar
Nigel Kukard committed
165
mod_feature_validity
Nigel Kukard's avatar
Nigel Kukard committed
166
mod_feature_fup
167
168
169
EOT


Nigel Kukard's avatar
Nigel Kukard committed
170
171

[accounting]
172
modules=<<EOT
173
mod_accounting_sql
Nigel Kukard's avatar
Nigel Kukard committed
174
175
176
177
EOT



178
179
180
# MOD_CONFIG_SQL
[mod_config_sql]

181
get_config_realm_id_query=<<EOT
182
	SELECT
183
184
185
186
187
188
189
190
191
192
193
194
		ID
	FROM
		@TP@realms
	WHERE
		Name = ?
EOT

get_config_realm_attributes_query=<<EOT
	SELECT
		Name,
		Operator,
		Value
195
196
	FROM
		@TP@realm_attributes
197
198
	WHERE
		RealmID = ?
199
200
EOT

201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
get_config_accesslist_query=<<EOT
	SELECT
		@TP@clients.AccessList,
		@TP@clients.ID
	FROM
		@TP@clients,
		@TP@clients_to_realms
	WHERE
		@TP@clients.ID = @TP@clients_to_realms.ClientID
		AND @TP@clients_to_realms.RealmID = ?
EOT

get_config_client_attributes_query=<<EOT
	SELECT
		Name,
		Operator,
		Value
	FROM
		@TP@client_attributes
	WHERE
		ClientID = ?
EOT


Nigel Kukard's avatar
Nigel Kukard committed
225

226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
# MOD_CONFIG_SQL_TOPUPS
[mod_config_sql_topups]

get_topups_summary_query=<<EOT
	SELECT
		@TP@topups_summary.Balance,
		@TP@topups.Type,
		@TP@topups.ID
	FROM
		@TP@topups_summary,
		@TP@topups,
		@TP@users
	WHERE
		@TP@topups.ID = @TP@topups_summary.TopupID
		AND @TP@topups.UserID = @TP@users.ID
		AND @TP@topups_summary.PeriodKey = ?
		AND @TP@topups.Depleted = 0
		AND @TP@users.Username = ?
EOT

get_topups_query=<<EOT
	SELECT
		@TP@topups.ID,
		@TP@topups.Type,
		@TP@topups.Value
	FROM
		@TP@topups,
		@TP@users
	WHERE
		@TP@topups.UserID = @TP@users.ID
256
		AND @TP@topups.ValidFrom = ?
257
258
259
260
261
		AND @TP@topups.ValidTo >= ?
		AND @TP@topups.Depleted = 0
		AND @TP@users.Username = ?
EOT

Nigel Kukard's avatar
Nigel Kukard committed
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
topups_add_query=<<EOT
	INSERT INTO @TP@topups (
		UserID,
		Timestamp,
		ValidFrom,
		ValidTo,
		Type,
		Value,
		Depleted
	) VALUES (
		%{user.ID},
		%{query.Timestamp},
		%{query.ValidFrom},
		%{query.ValidTo},
		%{query.Type},
		%{query.Value},
		%{query.Depleted}
	)
EOT



284

285
# MOD_ACCOUNTING_SQL
Nigel Kukard's avatar
Nigel Kukard committed
286
287
[mod_accounting_sql]

288
accounting_start_query=<<EOT
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
	INSERT INTO
		@TP@accounting
	(
		Username,
		ServiceType,
		FramedProtocol,
		NASPort,
		NASPortType,
		CallingStationID,
		CalledStationID,
		NASPortID,
		AcctSessionID,
		FramedIPAddress,
		AcctAuthentic,
		EventTimestamp,
		AcctStatusType,
		NASIdentifier,
		NASIPAddress,
307
		AcctDelayTime,
Robert Anderson's avatar
Robert Anderson committed
308
309
310
311
312
313
314
		AcctSessionTime,
		AcctInputOctets,
		AcctInputGigawords,
		AcctInputPackets,
		AcctOutputOctets,
		AcctOutputGigawords,
		AcctOutputPackets,
315
		PeriodKey
316
317
318
	)
	VALUES
	(
319
		%{user.Username},
320
321
322
323
324
325
		%{request.Service-Type},
		%{request.Framed-Protocol},
		%{request.NAS-Port},
		%{request.NAS-Port-Type},
		%{request.Calling-Station-Id},
		%{request.Called-Station-Id},
326
		%{request.NAS-Port-Id},
327
328
329
330
331
332
333
		%{request.Acct-Session-Id},
		%{request.Framed-IP-Address},
		%{request.Acct-Authentic},
		%{request.Timestamp},
		%{request.Acct-Status-Type},
		%{request.NAS-Identifier},
		%{request.NAS-IP-Address},
334
		%{request.Acct-Delay-Time},
335
336
337
338
339
340
341
		%{request.Acct-Session-Time},
		%{request.Acct-Input-Octets},
		%{request.Acct-Input-Gigawords},
		%{request.Acct-Input-Packets},
		%{request.Acct-Output-Octets},
		%{request.Acct-Output-Gigawords},
		%{request.Acct-Output-Packets},
342
		%{query.PeriodKey}
343
	)
Nigel Kukard's avatar
Nigel Kukard committed
344
345
EOT

346
347
accounting_update_get_records_query=<<EOT
	SELECT
348
349
350
351
352
353
354
		SUM(AcctInputOctets) AS AcctInputOctets,
		SUM(AcctInputPackets) AS AcctInputPackets,
		SUM(AcctOutputOctets) AS AcctOutputOctets,
		SUM(AcctOutputPackets) AS AcctOutputPackets,
		SUM(AcctInputGigawords) AS AcctInputGigawords,
		SUM(AcctOutputGigawords) AS AcctOutputGigawords,
		SUM(AcctSessionTime) AS AcctSessionTime,
355
356
357
358
		PeriodKey
	FROM
		@TP@accounting
	WHERE
359
		Username = %{user.Username}
360
361
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
362
		AND NASPort = %{request.NAS-Port}
363
364
365
366
367
368
	GROUP BY
		PeriodKey
	ORDER BY
		ID ASC
EOT

369
accounting_update_query=<<EOT
370
371
372
	UPDATE
		@TP@accounting
	SET
373
374
375
376
		AcctSessionTime = %{query.Acct-Session-Time},
		AcctInputOctets = %{query.Acct-Input-Octets},
		AcctInputGigawords = %{query.Acct-Input-Gigawords},
		AcctInputPackets = %{query.Acct-Input-Packets},
377
378
379
		AcctOutputOctets = %{query.Acct-Output-Octets},
		AcctOutputGigawords = %{query.Acct-Output-Gigawords},
		AcctOutputPackets = %{query.Acct-Output-Packets},
380
381
		AcctStatusType = %{request.Acct-Status-Type}
	WHERE
382
		Username = %{user.Username}
383
384
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
385
		AND NASPort = %{request.NAS-Port}
386
		AND PeriodKey = %{query.PeriodKey}
Nigel Kukard's avatar
Nigel Kukard committed
387
388
EOT

389
390
391
392
accounting_stop_status_query=<<EOT
	UPDATE
		@TP@accounting
	SET
393
394
395
		AcctStatusType = %{request.Acct-Status-Type},
		AcctTerminateCause = %{request.Acct-Terminate-Cause}
	WHERE
396
		Username = %{user.Username}
397
398
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
399
		AND NASPort = %{request.NAS-Port}
Nigel Kukard's avatar
Nigel Kukard committed
400
401
EOT

402
accounting_usage_query=<<EOT
403
	SELECT
404
405
406
407
408
		SUM(AcctInputOctets) AS AcctInputOctets,
		SUM(AcctOutputOctets) AS AcctOutputOctets,
		SUM(AcctInputGigawords) AS AcctInputGigawords,
		SUM(AcctOutputGigawords) AS AcctOutputGigawords,
		SUM(AcctSessionTime) AS AcctSessionTime
409
410
411
	FROM
		@TP@accounting
	WHERE
412
		Username = %{user.Username}
413
		AND PeriodKey = %{query.PeriodKey}
414
415
EOT

416
417
418
419
420
421
accounting_select_duplicates_query=<<EOT
	SELECT
		ID
	FROM
		@TP@accounting
	WHERE
422
		Username = %{user.Username}
423
424
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
425
		AND NASPort = %{request.NAS-Port}
426
427
		AND PeriodKey = %{query.PeriodKey}
	ORDER BY
428
		ID DESC
429
430
		LIMIT 99 OFFSET 1
EOT
431

432
433
434
435
436
437
accounting_delete_duplicates_query=<<EOT
	DELETE FROM
		@TP@accounting
	WHERE
		ID = %{query.DuplicateID}
EOT
438

439
440
441
# This is how long we going to cache the usage query for
# Default: 300 (seconds)
#
442
# You can use  "no", "0", "false"  to disable, specify a number > 1, or use
443
444
445
# "yes", "1", "true" to enable with the default value
accounting_usage_cache_time=300

Nigel Kukard's avatar
Nigel Kukard committed
446

447
# MOD_USERDB_SQL
448
[mod_userdb_sql]
Nigel Kukard's avatar
Nigel Kukard committed
449

450
userdb_find_query=<<EOT
451
	SELECT
Robert Anderson's avatar
Robert Anderson committed
452
		ID, Disabled
453
454
455
	FROM
		@TP@users
	WHERE
456
		Username = %{user.Username}
457
458
EOT

459
userdb_get_group_attributes_query=<<EOT
460
461
462
463
464
	SELECT
		group_attributes.Name, group_attributes.Operator, group_attributes.Value
	FROM
		@TP@group_attributes, @TP@users_to_groups
	WHERE
465
		users_to_groups.UserID = %{user.ID}
466
		AND group_attributes.GroupID = users_to_groups.GroupID
467
		AND group_attributes.Disabled = 0
468
EOT
469

470
userdb_get_user_attributes_query=<<EOT
471
472
473
474
475
	SELECT
		Name, Operator, Value
	FROM
		@TP@user_attributes
	WHERE
476
		UserID = %{user.ID}
477
		AND Disabled = 0
478
479
EOT

480
481
482
483
484
users_data_set_query=<<EOT
	INSERT INTO
		@TP@users_data (UserID, LastUpdated, Name, Value)
	VALUES
		(
485
			%{user.ID},
486
487
488
489
490
491
492
493
494
495
496
497
498
			%{query.LastUpdated},
			%{query.Name},
			%{query.Value}
		)
EOT

users_data_update_query=<<EOT
	UPDATE
		@TP@users_data
	SET
		LastUpdated = %{query.LastUpdated},
		Value = %{query.Value}
	WHERE
499
		UserID = %{user.ID}
500
501
502
503
504
505
506
507
508
		AND Name = %{query.Name}
EOT

users_data_get_query=<<EOT
	SELECT
		LastUpdated, Name, Value
	FROM
		@TP@users_data
	WHERE
509
		UserID = %{user.ID}
510
		AND Name = %{query.Name}
511
512
513
514
515
516
EOT

users_data_delete_query=<<EOT
	DELETE FROM
		@TP@users_data
	WHERE
517
		UserID = %{user.ID}
518
519
520
521
522
523
524
525
526
527
		AND Name = %{query.Name}
EOT

# This is how long we going to cache the data query for
# Default: 300 (seconds)
#
# You can use  "no", "0", "false"  to disable, specify a number > 1, or use 
# "yes", "1", "true" to enable with the default value
userdb_data_cache_time=300

528

Robert Anderson's avatar
Robert Anderson committed
529
530
# MOD_FEATURE_UPDATE_USER_STATS_SQL
[mod_feature_update_user_stats_sql]
531

Robert Anderson's avatar
Robert Anderson committed
532
533
534
535
536
537
538
update_user_stats_query=<<EOT
	UPDATE
		@TP@users
	SET
		PeriodKey = %{query.PeriodKey},
		TotalTraffic = %{query.TotalTraffic},
		TotalUptime = %{query.TotalUptime},
539
540
		NASIdentifier = %{request.NAS-Identifier},
		LastAcctUpdate = now()
Robert Anderson's avatar
Robert Anderson committed
541
	WHERE
542
		Username = %{user.Username}
Robert Anderson's avatar
Robert Anderson committed
543
EOT
544
545
546
547


# MOD_FEATURE_CAPPING
[mod_feature_capping]
548

549
550
551
# Enable Mikrotik-specific return vattributes
#enable_mikrotik=1

552
553
554
# Enable caveat for SMRadius-Capping-Traffic-Limit having the meaning of 0 and -undef- swapped up to v1.0.x
#caveat_captrafzero=1