Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
INN-RADIUS.CONF(5)	  InterNetNews Documentation	    INN-RADIUS.CONF(5)

NAME
       inn-radius.conf - Configuration for nnrpd RADIUS	authenticator

DESCRIPTION
       This describes the format and attributes	of the configuration file for
       the nnrpd RADIUS	authenticator.	See radius(8) for more information
       about the authenticator program.	 The default location for this file is
       inn-radius.conf in pathetc.

       Blank lines and lines beginning with "#"	are ignored, as	is anything
       after a "#" on a	line.  All other lines should begin with a parameter
       name followed by	a colon	and the	value of that key, except that each
       section of configuration	for a particular server	should be enclosed in:

	   server <name> {
	       # parameters...
	   }

       where <name> is just some convenient label for that server.

SERVER GROUP PARAMETERS
       The available parameters	are:

       radhost
	   The hostname	of the RADIUS server to	use for	authentication.	 This
	   parameter must be set.

       radport
	   The port to query on	the RADIUS server.  Defaults to	1645 if	not
	   set.

       lochost
	   The hostname	or IP address making the request.  The RADIUS server
	   expects an IP address; a hostname will be translated	into an	IP
	   address with	gethostbyname().  If not given,	this information isn't
	   included in the request (not	all RADIUS setups require this
	   information).

       locport
	   The port the	client being authenticated is connecting to.  If not
	   given, defaults to 119.  This doesn't need to be set	unless readers
	   are connecting to a non-standard port.

       secret
	   The shared secret with the RADIUS server.  If your secret includes
	   spaces, tabs, or "#", be sure to include it in double quotes.  This
	   parameter must be set.

       prefix
	   Prepend the value of	this parameter to all usernames	before passing
	   them	to the RADIUS server.  Can be used to prepend something	like
	   "news-" to all usernames in order to	put news users into a
	   different namespace from other accounts served by the same server.
	   If not set, nothing is prepended.

       suffix
	   Append the value of this parameter to all usernames before passing
	   them	to the RADIUS server.  This is often something like
	   "@example.com", depending on	how your RADIUS	server is set up.  If
	   not set, nothing is appended.

       ignore-source
	   Can be set to "true"	or "false".  If	set to false, the RADIUS
	   authenticator will check to ensure that the response	it receives is
	   from	the same IP address as it sent the request to (for some	added
	   security).  If set to true, it will skip this verification check
	   (if your RADIUS server has multiple IP addresses or if other	odd
	   things are going on,	it may be perfectly normal for the response to
	   come	from a different IP address).

EXAMPLE
       Here is a configuration for a news server named news.example.com,
       authenticating users against radius.example.com and appending
       "@example.com" to all client-supplied usernames before passing them to
       the RADIUS server:

	   server example {
	       radhost:	radius.example.com
	       lochost:	news.example.com
	       secret: IamARADIUSsecRET
	       suffix: @example.com
	   }

       The shared secret with the RADIUS server	is "IamARADIUSsecRET".

HISTORY
       This documentation was written by Russ Allbery <eagle@eyrie.org>	based
       on the comments in the sample inn-radius.conf file by Yury B. Razbegin.

       $Id: inn-radius.conf.pod	9940 2015-09-04	12:58:15Z iulius $

SEE ALSO
       radius(8).

INN 2.6.1			  2015-09-12		    INN-RADIUS.CONF(5)

NAME | DESCRIPTION | SERVER GROUP PARAMETERS | EXAMPLE | HISTORY | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=inn-radius.conf&sektion=5&manpath=FreeBSD+12.1-RELEASE+and+Ports>

home | help