5. Radius Configuration Files

At startup, GNU Radius obtains the information vital for its functioning from a number of configuration files. These are normally found in /usr/local/etc/raddb directory, which is defined at configuration time, although their location can be specified at runtime. In the discussion below we will refer to this directory by `raddb'. See section 2. Naming Conventions.

Each configuration file is responsible for a certain part of the GNU Radius functionality. The following table lists all configuration files along with a brief description of their purposes.

`config'

Determines the runtime defaults for radiusd, such as the IP address and ports to listen on, the sizes of the request queues, configuration of the SNMP subsystem, fine-tuning of the extension languages, etc.

`clients'

Lists the shared secret belonging to each NAS. It is crucial for the normal request processing that each NAS have an entry in this file. The requests from NASes that are not listed in `clients' will be ignored, as well as those from the NASes that have a wrong value for the shared secret configured in this file.

`naslist'

Defines the types for the known NASes. Its information is used mainly when performing multiple login checking (see section 7.9 Multiple Login Checking).

`nastypes'

Declares the known NAS types. The symbolic type names, declared in this file can be used in `naslist'.

`dictionary'

Defines the symbolic names for radius attributes and attribute values. Only the names declared in this file may be used in the files `users', `hints' and `huntgroups'.

`huntgroups'

Contains special rules that process the incoming requests basing on the NAS IP and port number they come from. These can also be used as a kind of access control list.

`hints'

Defines the matching rules that modify the incoming request depending on the user name and its credentials.

`users'

Contains the individual users' profiles.

`realms'

Defines the Radius realms and the servers that are responsible for them.

`access.deny'

A list of usernames that should not be allowed access via Radius.

`sqlserver'

Contains the configuration for the SQL system. This includes the type of SQL interface used, the IP and port number of the server and the definition of the SQL requests used by radiusd.

`rewrite'

Contains the source code of functions in Rewrite extension language.

`menus'

A subdirectory containing the authentication menus.

The rest of this chapter describes each of these files in detail.

5.1 Run-Time Configuration Options -- `raddb/config'		Run-time configuration options.
5.2 Dictionary of Attributes -- `raddb/dictionary'		Radius dictionary.
5.3 Clients List -- `raddb/clients'		Clients lists the NASes that are allowed to communicate with radius.
5.4 NAS List -- `raddb/naslist'		The naslist file keeps general information about the NASes.
5.5 NAS Types -- `raddb/nastypes'		Information about how to query the NASes about active user sessions.
5.6 Request Processing Hints -- `raddb/hints'		Important user information that is common for the users whose names match some pattern.
5.7 Huntgroups -- `raddb/huntgroups'		Group users by the NAS (and, possibly, a port number) they come from.
5.8 List of Proxy Realms -- `raddb/realms'		Communication with remote radius servers
5.9 User Profiles -- `raddb/users'		User profile.
5.10 List of Blocked Users -- `raddb/access.deny'		List of users which are denied access.
5.11 SQL Configuration -- `raddb/sqlserver'		SQL server configuration.
5.12 Rewrite functions -- `raddb/rewrite'		Rewrite functions allow to change the input packets.
5.13 Login Menus -- `raddb/menus'		Menus allow user to select the type of service.
5.14 Macro Substitution		Macros which are expanded by the actual attribute values.