smradiusd.conf 10.6 KB
Newer Older
Nigel Kukard's avatar
Nigel Kukard committed
1 2 3 4 5 6 7 8 9 10
#
# Server configuration
#
[server]

# User to run this daemon as
#user=
#group=

# Filename to store pid of parent process
11 12 13 14 15
#pid_file=/var/run/smradius/smradiusd.pid

# Cache file
#cache_file=/var/run/smradius/cache

Nigel Kukard's avatar
Nigel Kukard committed
16 17 18 19 20 21 22

# Uncommenting the below option will prevent awradiusd going into the background
#background=no

# Preforking configuration
#
# min_server		- Minimum servers to keep around
23 24
# min_spare_servers	- Minimum spare servers to keep around ready to
# handle requests
Nigel Kukard's avatar
Nigel Kukard committed
25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46
# max_spare_servers	- Maximum spare servers to have around doing nothing
# max_servers		- Maximum servers alltogether
# max_requests		- Maximum number of requests each child will serve
#
# One may want to use the following as a rough guideline...
# Small : 2, 2,  4, 10, 1000
# Medium: 4, 4, 12, 25, 1000
# Large : 8, 8, 16, 64, 1000
#
#min_servers=4
#min_spare_servers=4
#max_spare_servers=12
#max_servers=25
#max_requests=1000



# Log level:
# 0 - Errors only
# 1 - Warnings and errors
# 2 - Notices, warnings, errors
# 3 - Info, notices, warnings, errors
47
# 4 - Debugging
Nigel Kukard's avatar
Nigel Kukard committed
48 49 50 51 52 53
#log_level=2

# File to log to instead of stdout
#log_file=/var/log/smradiusd.log

# Things to log in extreme detail
54
# modules - Log detailed module running information
Nigel Kukard's avatar
Nigel Kukard committed
55 56
#
# There is no default for this configuration option. Options can be
57
# separated by commas. ie. modules
Nigel Kukard's avatar
Nigel Kukard committed
58 59 60 61 62 63 64 65 66 67
#
#log_detail=

# IP to listen on, * for all
#host=*

# Timeout in communication with clients
#timeout=120

# cidr_allow/cidr_deny
68 69 70
# Comma, whitespace or semi-colon separated. Contains a CIDR block to
# compare the clients IP to.  If cidr_allow or cidr_deny options are
# given, the incoming client must match a cidr_allow and not match a
Nigel Kukard's avatar
Nigel Kukard committed
71 72 73 74
# cidr_deny or the client connection will be closed.
#cidr_allow=0.0.0.0/0
#cidr_deny=

75 76 77
# Event timestamp timezone, in "Continent/City" format
# Defaults to "GMT"
event_timezone=GMT
Nigel Kukard's avatar
Nigel Kukard committed
78

79 80

[radius]
81 82 83 84
# Use packet timestamp, if unset, the default is to use the server
# timestamp at the moment the packet is received.
#
# WARNING!!!!
85 86 87 88
# Not all routers keep time, it may occur that some routers depend on
# getting date & time apon reboot from an ntp server. The problem
# will arise when the router cannot get the date and time before the
# first user logs in .. BAM, you'll have sessions with a period key
89 90
# in current month but an event timestamp in 1970.
#
91
# Defaults to "no"
92
#use_packet_timestamp=yes
Nigel Kukard's avatar
Nigel Kukard committed
93

94 95 96 97 98 99 100
# Radius server abuse prevention
#
# Abuse prevention will drop packets which flood the radius server,
# or are duplicated in a short timeframe. You probably want this if
# you are not being fed by a radius proxy.
#
# Defaults to "no"
Nigel Kukard's avatar
Nigel Kukard committed
101
#use_abuse_prevention=yes
102 103 104 105 106 107 108 109 110 111

# How fast can a NAS spam the same type of request
#
# Access-Request defaults to 10s
#access_request_abuse_threshold=10
#
# Accounting-Request defaults to 5s
#accounting_request_abuse_threshold=5


Nigel Kukard's avatar
Nigel Kukard committed
112
[database]
113 114
#DSN=DBI:SQLite:dbname=smradius.sqlite
DSN=DBI:mysql:database=smradius;host=localhost
Nigel Kukard's avatar
Nigel Kukard committed
115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132
Username=root
Password=


# What do we do when we have a database connection problem
# tempfail	- Return temporary failure
# pass		- Return success
bypass_mode=tempfail

# How many seconds before we retry a DB connection
bypass_timeout=5


[dictionary]
load=<<EOT
dicts/dictionary
dicts/dictionary.microsoft
dicts/dictionary.mikrotik
133
dicts/dictionary.wispr
Nigel Kukard's avatar
Nigel Kukard committed
134 135 136 137
EOT


[authentication]
138 139

mechanisms=<<EOT
Nigel Kukard's avatar
Nigel Kukard committed
140 141 142 143 144
mod_auth_pap
mod_auth_chap
mod_auth_mschap
EOT

145
users=<<EOT
146
mod_userdb_sql
147 148 149
EOT


150
[system]
151
modules=<<EOT
152
mod_config_sql
153
mod_config_sql_topups
154 155 156
EOT


157
[features]
158
modules=<<EOT
159
mod_feature_capping
160
mod_feature_user_stats
161
mod_feature_update_user_stats_sql
162
mod_feature_validity
163 164 165
EOT


166 167

[accounting]
168
modules=<<EOT
169
mod_accounting_sql
170 171 172 173
EOT



174 175 176
# MOD_CONFIG_SQL
[mod_config_sql]

177
get_config_realm_id_query=<<EOT
178
	SELECT
179 180 181 182 183 184 185 186 187 188 189 190
		ID
	FROM
		@TP@realms
	WHERE
		Name = ?
EOT

get_config_realm_attributes_query=<<EOT
	SELECT
		Name,
		Operator,
		Value
191 192
	FROM
		@TP@realm_attributes
193 194
	WHERE
		RealmID = ?
195 196
EOT

197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220
get_config_accesslist_query=<<EOT
	SELECT
		@TP@clients.AccessList,
		@TP@clients.ID
	FROM
		@TP@clients,
		@TP@clients_to_realms
	WHERE
		@TP@clients.ID = @TP@clients_to_realms.ClientID
		AND @TP@clients_to_realms.RealmID = ?
EOT

get_config_client_attributes_query=<<EOT
	SELECT
		Name,
		Operator,
		Value
	FROM
		@TP@client_attributes
	WHERE
		ClientID = ?
EOT


221

222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251
# MOD_CONFIG_SQL_TOPUPS
[mod_config_sql_topups]

get_topups_summary_query=<<EOT
	SELECT
		@TP@topups_summary.Balance,
		@TP@topups.Type,
		@TP@topups.ID
	FROM
		@TP@topups_summary,
		@TP@topups,
		@TP@users
	WHERE
		@TP@topups.ID = @TP@topups_summary.TopupID
		AND @TP@topups.UserID = @TP@users.ID
		AND @TP@topups_summary.PeriodKey = ?
		AND @TP@topups.Depleted = 0
		AND @TP@users.Username = ?
EOT

get_topups_query=<<EOT
	SELECT
		@TP@topups.ID,
		@TP@topups.Type,
		@TP@topups.Value
	FROM
		@TP@topups,
		@TP@users
	WHERE
		@TP@topups.UserID = @TP@users.ID
252
		AND @TP@topups.ValidFrom = ?
253 254 255 256 257 258
		AND @TP@topups.ValidTo >= ?
		AND @TP@topups.Depleted = 0
		AND @TP@users.Username = ?
EOT


259
# MOD_ACCOUNTING_SQL
260 261
[mod_accounting_sql]

262
accounting_start_query=<<EOT
263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280
	INSERT INTO
		@TP@accounting
	(
		Username,
		ServiceType,
		FramedProtocol,
		NASPort,
		NASPortType,
		CallingStationID,
		CalledStationID,
		NASPortID,
		AcctSessionID,
		FramedIPAddress,
		AcctAuthentic,
		EventTimestamp,
		AcctStatusType,
		NASIdentifier,
		NASIPAddress,
281
		AcctDelayTime,
282 283 284 285 286 287 288
		AcctSessionTime,
		AcctInputOctets,
		AcctInputGigawords,
		AcctInputPackets,
		AcctOutputOctets,
		AcctOutputGigawords,
		AcctOutputPackets,
289
		PeriodKey
290 291 292
	)
	VALUES
	(
293
		%{user.Username},
294 295 296 297 298 299
		%{request.Service-Type},
		%{request.Framed-Protocol},
		%{request.NAS-Port},
		%{request.NAS-Port-Type},
		%{request.Calling-Station-Id},
		%{request.Called-Station-Id},
300
		%{request.NAS-Port-Id},
301 302 303 304 305 306 307
		%{request.Acct-Session-Id},
		%{request.Framed-IP-Address},
		%{request.Acct-Authentic},
		%{request.Timestamp},
		%{request.Acct-Status-Type},
		%{request.NAS-Identifier},
		%{request.NAS-IP-Address},
308
		%{request.Acct-Delay-Time},
309 310 311 312 313 314 315
		%{request.Acct-Session-Time},
		%{request.Acct-Input-Octets},
		%{request.Acct-Input-Gigawords},
		%{request.Acct-Input-Packets},
		%{request.Acct-Output-Octets},
		%{request.Acct-Output-Gigawords},
		%{request.Acct-Output-Packets},
316
		%{query.PeriodKey}
317
	)
318 319
EOT

320 321
accounting_update_get_records_query=<<EOT
	SELECT
322 323 324 325 326 327 328
		SUM(AcctInputOctets) AS AcctInputOctets,
		SUM(AcctInputPackets) AS AcctInputPackets,
		SUM(AcctOutputOctets) AS AcctOutputOctets,
		SUM(AcctOutputPackets) AS AcctOutputPackets,
		SUM(AcctInputGigawords) AS AcctInputGigawords,
		SUM(AcctOutputGigawords) AS AcctOutputGigawords,
		SUM(AcctSessionTime) AS AcctSessionTime,
329 330 331 332
		PeriodKey
	FROM
		@TP@accounting
	WHERE
333
		Username = %{user.Username}
334 335
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
336
		AND NASPort = %{request.NAS-Port}
337 338 339 340 341 342
	GROUP BY
		PeriodKey
	ORDER BY
		ID ASC
EOT

343
accounting_update_query=<<EOT
344 345 346
	UPDATE
		@TP@accounting
	SET
347 348 349 350
		AcctSessionTime = %{query.Acct-Session-Time},
		AcctInputOctets = %{query.Acct-Input-Octets},
		AcctInputGigawords = %{query.Acct-Input-Gigawords},
		AcctInputPackets = %{query.Acct-Input-Packets},
351 352 353
		AcctOutputOctets = %{query.Acct-Output-Octets},
		AcctOutputGigawords = %{query.Acct-Output-Gigawords},
		AcctOutputPackets = %{query.Acct-Output-Packets},
354 355
		AcctStatusType = %{request.Acct-Status-Type}
	WHERE
356
		Username = %{user.Username}
357 358
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
359
		AND NASPort = %{request.NAS-Port}
360
		AND PeriodKey = %{query.PeriodKey}
361 362
EOT

363 364 365 366
accounting_stop_status_query=<<EOT
	UPDATE
		@TP@accounting
	SET
367 368 369
		AcctStatusType = %{request.Acct-Status-Type},
		AcctTerminateCause = %{request.Acct-Terminate-Cause}
	WHERE
370
		Username = %{user.Username}
371 372
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
373
		AND NASPort = %{request.NAS-Port}
374 375
EOT

376
accounting_usage_query=<<EOT
377
	SELECT
378 379 380 381 382
		SUM(AcctInputOctets) AS AcctInputOctets,
		SUM(AcctOutputOctets) AS AcctOutputOctets,
		SUM(AcctInputGigawords) AS AcctInputGigawords,
		SUM(AcctOutputGigawords) AS AcctOutputGigawords,
		SUM(AcctSessionTime) AS AcctSessionTime
383 384 385
	FROM
		@TP@accounting
	WHERE
386
		Username = %{user.Username}
387
		AND PeriodKey = %{query.PeriodKey}
388 389
EOT

390 391 392 393 394 395
accounting_select_duplicates_query=<<EOT
	SELECT
		ID
	FROM
		@TP@accounting
	WHERE
396
		Username = %{user.Username}
397 398
		AND AcctSessionID = %{request.Acct-Session-Id}
		AND NASIPAddress = %{request.NAS-IP-Address}
399
		AND NASPort = %{request.NAS-Port}
400 401
		AND PeriodKey = %{query.PeriodKey}
	ORDER BY
402
		ID DESC
403 404
		LIMIT 99 OFFSET 1
EOT
405

406 407 408 409 410 411
accounting_delete_duplicates_query=<<EOT
	DELETE FROM
		@TP@accounting
	WHERE
		ID = %{query.DuplicateID}
EOT
412

413 414 415
# This is how long we going to cache the usage query for
# Default: 300 (seconds)
#
416
# You can use  "no", "0", "false"  to disable, specify a number > 1, or use
417 418 419
# "yes", "1", "true" to enable with the default value
accounting_usage_cache_time=300

420

421
# MOD_USERDB_SQL
422
[mod_userdb_sql]
Nigel Kukard's avatar
Nigel Kukard committed
423

424
userdb_find_query=<<EOT
425
	SELECT
426
		ID, Disabled
427 428 429
	FROM
		@TP@users
	WHERE
430
		Username = %{user.Username}
431 432
EOT

433
userdb_get_group_attributes_query=<<EOT
434 435 436 437 438
	SELECT
		group_attributes.Name, group_attributes.Operator, group_attributes.Value
	FROM
		@TP@group_attributes, @TP@users_to_groups
	WHERE
439
		users_to_groups.UserID = %{user.ID}
440
		AND group_attributes.GroupID = users_to_groups.GroupID
441
		AND group_attributes.Disabled = 0
442
EOT
443

444
userdb_get_user_attributes_query=<<EOT
445 446 447 448 449
	SELECT
		Name, Operator, Value
	FROM
		@TP@user_attributes
	WHERE
450
		UserID = %{user.ID}
451
		AND Disabled = 0
452 453
EOT

454 455 456 457 458
users_data_set_query=<<EOT
	INSERT INTO
		@TP@users_data (UserID, LastUpdated, Name, Value)
	VALUES
		(
459
			%{user.ID},
460 461 462 463 464 465 466 467 468 469 470 471 472
			%{query.LastUpdated},
			%{query.Name},
			%{query.Value}
		)
EOT

users_data_update_query=<<EOT
	UPDATE
		@TP@users_data
	SET
		LastUpdated = %{query.LastUpdated},
		Value = %{query.Value}
	WHERE
473
		UserID = %{user.ID}
474 475 476 477 478 479 480 481 482
		AND Name = %{query.Name}
EOT

users_data_get_query=<<EOT
	SELECT
		LastUpdated, Name, Value
	FROM
		@TP@users_data
	WHERE
483
		UserID = %{user.ID}
484
		AND Name = %{query.Name}
485 486 487 488 489 490
EOT

users_data_delete_query=<<EOT
	DELETE FROM
		@TP@users_data
	WHERE
491
		UserID = %{user.ID}
492 493 494 495 496 497 498 499 500 501
		AND Name = %{query.Name}
EOT

# This is how long we going to cache the data query for
# Default: 300 (seconds)
#
# You can use  "no", "0", "false"  to disable, specify a number > 1, or use 
# "yes", "1", "true" to enable with the default value
userdb_data_cache_time=300

502

503 504
# MOD_FEATURE_UPDATE_USER_STATS_SQL
[mod_feature_update_user_stats_sql]
505

506 507 508 509 510 511 512 513 514
update_user_stats_query=<<EOT
	UPDATE
		@TP@users
	SET
		PeriodKey = %{query.PeriodKey},
		TotalTraffic = %{query.TotalTraffic},
		TotalUptime = %{query.TotalUptime},
		NASIdentifier = %{request.NAS-Identifier}
	WHERE
515
		Username = %{user.Username}
516
EOT
517 518 519 520 521 522 523


# MOD_FEATURE_CAPPING
[mod_feature_capping]
# Enable Mikrotik-specific return vattributes
#enable_mikrotik=1