Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
RADIUS.CONF(5)		  FreeBSD File Formats Manual		RADIUS.CONF(5)

NAME
     radius.conf -- RADIUS client configuration	file

SYNOPSIS
     /etc/radius.conf

DESCRIPTION
     radius.conf contains the information necessary to configure the RADIUS
     client library.  It is parsed by rad_config(3).  The file contains	one or
     more lines	of text, each describing a single RADIUS server	which will be
     used by the library.  Leading white space is ignored, as are empty	lines
     and lines containing only comments.

     A RADIUS server is	described by three to five fields on a line:

	   Service type
	   Server host
	   Shared secret
	   Timeout
	   Retries

     The fields	are separated by white space.  The `#' character at the	begin-
     ning of a field begins a comment, which extends to	the end	of the line.
     A field may be enclosed in	double quotes, in which	case it	may contain
     white space and/or	begin with the `#' character.  Within a	quoted string,
     the double	quote character	can be represented by `\"', and	the backslash
     can be represented	by `\\'.  No other escape sequences are	supported.

     The first field gives the service type, either `auth' for RADIUS authen-
     tication or `acct'	for RADIUS accounting.	If a single server provides
     both services, two	lines are required in the file.	 Earlier versions of
     this file did not include a service type.	For backward compatibility, if
     the first field is	not `auth' or `acct' the library behaves as if `auth'
     were specified, and interprets the	fields in the line as if they were
     fields two	through	five.

     The second	field specifies	the server host, either	as a fully qualified
     domain name or as a dotted-quad IP	address.  The host may optionally be
     followed by a `:' and a numeric port number, without intervening white
     space.  If	the port specification is omitted, it defaults to the `radius'
     or	`radacct' service in the /etc/services file for	service	types `auth'
     and `acct', respectively.	If no such entry is present, the standard
     ports 1812	and 1813 are used.

     The third field contains the shared secret, which should be known only to
     the client	and server hosts.  It is an arbitrary string of	characters,
     though it must be enclosed	in double quotes if it contains	white space.
     The shared	secret may be any length, but the RADIUS protocol uses only
     the first 128 characters.	N.B., some popular RADIUS servers have bugs
     which prevent them	from working properly with secrets longer than 16
     characters.

     The fourth	field contains a decimal integer specifying the	timeout	in
     seconds for receiving a valid reply from the server.  If this field is
     omitted, it defaults to 3 seconds.

     The fifth field contains a	decimal	integer	specifying the maximum number
     of	attempts that will be made to authenticate with	the server before giv-
     ing up.  If omitted, it defaults to 3 attempts.  Note, this is the	total
     number of attempts	and not	the number of retries.

     Up	to 10 RADIUS servers may be specified for each service type.  The
     servers are tried in round-robin fashion, until a valid response is
     received or the maximum number of tries has been reached for all servers.

     The standard location for this file is /etc/radius.conf.  But an alter-
     nate pathname may be specified in the call	to rad_config(3).  Since the
     file contains sensitive information in the	form of	the shared secrets, it
     should not	be readable except by root.

FILES
     /etc/radius.conf

EXAMPLES
     # A simple	entry using all	the defaults:
     acct  radius1.domain.com  OurLittleSecret

     # A server	still using the	obsolete RADIUS	port, with increased
     # timeout and maximum tries:
     auth  auth.domain.com:1645	 "I can't see you"  5  4

     # A server	specified by its IP address:
     auth  192.168.27.81  $X*#..38947ax-+=

SEE ALSO
     libradius(3)

     C.	Rigney,	et al, Remote Authentication Dial In User Service (RADIUS),
     RFC 2138.

     C.	Rigney,	RADIUS Accounting, RFC 2139.

AUTHORS
     This documentation	was written by John Polstra, and donated to the
     FreeBSD project by	Juniper	Networks, Inc.

FreeBSD	10.1		       October 30, 1999			  FreeBSD 10.1

NAME | SYNOPSIS | DESCRIPTION | FILES | EXAMPLES | SEE ALSO | AUTHORS

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=radius.conf&sektion=5&manpath=FreeBSD+8.3-RELEASE>

home | help