blob: 09442f0f8ac52c76cffbed30eea5868f34652a57 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
|
ldap {
$(printf " server = '%s'\n" ${ldap_hosts})
base_dn = '${users_basedn}'
sasl {
mech = 'GSSAPI'
realm = '${realm}'
}
update {
control:Password-With-Header += 'userPassword'
control: += 'radiusControlAttribute'
request: += 'radiusRequestAttribute'
reply: += 'radiusReplyAttribute'
}
user_dn = "LDAP-UserDn"
user {
base_dn = "\${..base_dn}"
filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})"
}
group {
base_dn = '${groups_basedn}'
filter = '(objectClass=groupOfMembers)'
name_attribute = cn
membership_filter = "(member=%{control:\${..user_dn}})"
membership_attribute = 'memberOf'
cacheable_name = 'yes'
cacheable_dn = 'yes'
allow_dangling_group_ref = 'yes'
}
profile { }
client {
base_dn = "\${..base_dn}"
filter = '(objectClass=radiusClient)'
template { }
attribute {
ipaddr = 'radiusClientIdentifier'
secret = 'radiusClientSecret'
}
}
read_clients = no
accounting {
reference = "%{tolower:type.%{Acct-Status-Type}}"
type {
start {
update {
description := "Online at %S"
}
}
interim-update {
update {
description := "Last seen at %S"
}
}
stop {
update {
description := "Offline at %S"
}
}
}
}
post-auth {
update {
description := "Authenticated at %S"
}
}
options {
chase_referrals = yes
rebind = yes
res_timeout = 10
srv_timelimit = 3
net_timeout = 1
idle = 60
probes = 3
interval = 3
ldap_debug = 0x0000
}
tls { }
pool {
start = \${thread[pool].start_servers}
min = \${thread[pool].min_spare_servers}
max = \${thread[pool].max_servers}
spare = \${thread[pool].max_spare_servers}
uses = 0
retry_delay = 30
lifetime = 0
idle_timeout = 60
}
}
|
