From 4ae470172d0295e19806fb3e69b45fb2b581e312 Mon Sep 17 00:00:00 2001 From: venaas Date: Thu, 8 Feb 2007 09:46:12 +0000 Subject: config examples git-svn-id: https://svn.testnett.uninett.no/radsecproxy/trunk@50 e88ac4ed-0b26-0410-9574-a7f39faa03bf --- clients.conf-example | 9 +++++++++ radsecproxy.conf-example | 13 +++++++++++++ servers.conf-example | 13 +++++++++++++ 3 files changed, 35 insertions(+) create mode 100644 clients.conf-example create mode 100644 radsecproxy.conf-example create mode 100644 servers.conf-example diff --git a/clients.conf-example b/clients.conf-example new file mode 100644 index 0000000..e715770 --- /dev/null +++ b/clients.conf-example @@ -0,0 +1,9 @@ +#Here we list RADIUS clients that we are willing to serve +# +#First field is T or U for TLS or UDP +#Second is address or fqdn, and must match certificate cn for TLS +#Third field is the secret and is optional for TLS + +T 2001:db8::1 +U 127.0.0.1 secret +T radius.example.com verysecret diff --git a/radsecproxy.conf-example b/radsecproxy.conf-example new file mode 100644 index 0000000..be3dc95 --- /dev/null +++ b/radsecproxy.conf-example @@ -0,0 +1,13 @@ +#All possible config options are listed below +# +# You must specify at least one of TLSCACertificateFile or TLSCACertificatePath +# for TLS to work. We always verify peer certificate (both client and server) +#TLSCACertificateFile /etc/cacerts/CA.pem +TLSCACertificatePath /etc/cacerts + +# You must specify the below for TLS, we will always present our certificate +TLSCertificateFile /etc/hostcertkey/host.example.com.pem +TLSCertificateKeyFile /etc/hostcertkey/host.example.com.key.pem + +# You can optionally specify a non-standard UDP port to listen +#UDPServerPort 1814 diff --git a/servers.conf-example b/servers.conf-example new file mode 100644 index 0000000..6556cb5 --- /dev/null +++ b/servers.conf-example @@ -0,0 +1,13 @@ +#Here we list RADIUS servers we will use for different realms +# +#First field is T or U for TLS or UDP +#Second is address or fqdn and optional port, must match certificate cn for TLS +# port is specified using addr:port or domain:port +#Third field is ";" separated list of realms +# * can be used for matching anything (default route) +# realms will be matched in the order specified, using first match +#Fourth field is the secret and is optional for TLS + +T [2001:db8::1]:2283 example.com;com +U 127.0.0.1 eduroam.cc secret +T radius.example.com * verysecret -- cgit v1.1