summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorvenaas <venaas>2007-05-15 09:18:46 +0000
committervenaas <venaas@e88ac4ed-0b26-0410-9574-a7f39faa03bf>2007-05-15 09:18:46 +0000
commit36f1a92cea2b74a44ba521701d6cb31df8ce3cd1 (patch)
tree4e749f85ae518265febd1fcafc96687c6af41910
parentcb9e63ae8d870e1b2ece83eb0d4b66f9c443cbfd (diff)
updated config examples and README
git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@86 e88ac4ed-0b26-0410-9574-a7f39faa03bf
-rw-r--r--README16
-rw-r--r--clients.conf-example10
-rw-r--r--radsecproxy.c8
-rw-r--r--radsecproxy.conf-example49
-rw-r--r--servers.conf-example14
5 files changed, 60 insertions, 37 deletions
diff --git a/README b/README
index 43be4c6..dce3195 100644
--- a/README
+++ b/README
@@ -2,14 +2,12 @@ This is a beta version of a generic RADIUS proxy that can support
various RADIUS clients over UDP or TLS (RadSec).
It should build on most Linux and BSD platforms by simply typing
-"make". To use it you need to create three config files. These
-are the main config file "radsecproxy.conf" and server and client
-files "servers.conf" and "clients.conf". See the enclosed example
-files for further instructions.
-
-The config files must be in either "/etc/radsecproxy" or the
-proxy's current work directory. You may alter the path near
-the top of radsecproxy.h if necessary.
+"make". To use it you need to create a config file called
+"radsecproxy.conf" which must be in /etc/radsecproxy (unless
+you alter it in the header file), the current directory, or
+you can specify the location with the "-c" command line
+option (see below). See the enclosed example file for further
+instructions.
There are three options that may be specified on the command line.
"-c configfile" to specify a non-default config file path;
@@ -20,4 +18,4 @@ log to syslog.
For more information, feedback etc. contact <venaas@uninett.no>.
-Stig Venaas, 2007.05.14
+Stig Venaas, 2007.05.15
diff --git a/clients.conf-example b/clients.conf-example
deleted file mode 100644
index 3d76ed0..0000000
--- a/clients.conf-example
+++ /dev/null
@@ -1,10 +0,0 @@
-#Here we list RADIUS clients that we are willing to serve
-# this file must be in /etc/radsecproxy or proxy's current directory
-#
-#First field is T or U for TLS or UDP
-#Second is address or fqdn, and must match certificate cn for TLS
-#Third field is the secret and is optional for TLS
-
-T 2001:db8::1
-U 127.0.0.1 secret
-T radius.example.com verysecret
diff --git a/radsecproxy.c b/radsecproxy.c
index 570a11f..779a1fa 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -448,12 +448,12 @@ void tlsconnect(struct server *server, struct timeval *when, char *text) {
sleep(10);
} else if (elapsed < 5)
sleep(10);
- else if (elapsed < 600) {
+ else if (elapsed < 300) {
debug(DBG_INFO, "tlsconnect: sleeping %lds", elapsed);
sleep(elapsed);
- } else if (elapsed < 1000) {
- debug(DBG_INFO, "tlsconnect: sleeping %ds", 900);
- sleep(900);
+ } else if (elapsed < 100000) {
+ debug(DBG_INFO, "tlsconnect: sleeping %ds", 600);
+ sleep(600);
} else
server->lastconnecttry.tv_sec = now.tv_sec; /* no sleep at startup */
debug(DBG_WARN, "tlsconnect: trying to open TLS connection to %s port %s", server->peer.host, server->peer.port);
diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example
index 0953709..62d5836 100644
--- a/radsecproxy.conf-example
+++ b/radsecproxy.conf-example
@@ -28,3 +28,52 @@ TLSCertificateKeyPassword follow the white rabbit
# LOG_LOCAL0, ..., LOG_LOCAL7
#LogDestination x-syslog://
#LogDestination x-syslog://log_local2
+
+#Now we configure clients, servers and realms. Note that these and
+#also the lines above may be in any order, except that a realm
+#can only be configured to use a server that is previously configured.
+
+client 2001:db8::1 {
+ type tls
+ secret verysecret
+}
+client 127.0.0.1 {
+ type udp
+ secret secret
+}
+client radius.example.com {
+ type TLS
+# secret is optional for TLS
+}
+
+server 127.0.0.1 {
+ type UDP
+ secret secret
+}
+realm eduroam.cc {
+ server 127.0.0.1
+}
+
+server 2001:db8::1 {
+ type TLS
+ port 2283
+# secret is optional for TLS
+}
+server radius.example.com {
+ type tls
+ secret verysecret
+}
+
+realm example.com {
+ server 2001:db8::1
+}
+realm com {
+ server 2001:db8::1
+}
+# Matching of realms is done in the order specified.
+# Except * which is a catch all that is used as a last resort
+# The matching is going to be changed to be regexp of the
+# entire username value
+realm * {
+ server radius.example.com
+}
diff --git a/servers.conf-example b/servers.conf-example
deleted file mode 100644
index 2657818..0000000
--- a/servers.conf-example
+++ /dev/null
@@ -1,14 +0,0 @@
-#Here we list RADIUS servers we will use for different realms
-# this file must be in /etc/radsecproxy or proxy's current directory
-#
-#First field is T or U for TLS or UDP
-#Second is address or fqdn and optional port, must match certificate cn for TLS
-# port is specified using addr:port or domain:port
-#Third field is ";" separated list of realms
-# * can be used for matching anything (default route)
-# realms will be matched in the order specified, using first match
-#Fourth field is the secret and is optional for TLS
-
-T [2001:db8::1]:2283 example.com;com
-U 127.0.0.1 eduroam.cc secret
-T radius.example.com * verysecret