1# General settings
2
3# specify which authentication comes first respectively which
4# authentication is used. possible values are: "radius" and "local".
5# if you specify "radius,local" then the RADIUS server is asked
6# first then the local one. if only one keyword is specified only
7# this server is asked.
8auth_order	radius
9
10# maximum login tries a user has (default 4)
11login_tries	4
12
13# timeout for all login tries (default 60)
14# if this time is exceeded the user is kicked out 
15login_timeout	60
16
17# name of the nologin file which when it exists disables logins.
18# it may be extended by the ttyname which will result in
19# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
20# logins on /dev/ttyS2)   (default /etc/nologin)
21nologin /etc/nologin
22
23# name of the issue file. it's only display when no username is passed
24# on the radlogin command line  (default /etc/radiusclient/issue)
25issue	/usr/local/etc/radiusclient/issue
26
27# RADIUS settings
28
29# RADIUS server to use for authentication requests. this config
30# item can appear more then one time. if multiple servers are
31# defined they are tried in a round robin fashion if one
32# server is not answering.
33# optionally you can specify a the port number on which is remote
34# RADIUS listens separated by a colon from the hostname. if
35# no port is specified /etc/services is consulted of the radius
36# service. if this fails also a compiled in default is used.
37authserver 	localhost:1812
38
39# RADIUS server to use for accouting requests. All that I
40# said for authserver applies, too. 
41#
42acctserver 	localhost:1813
43
44# file holding shared secrets used for the communication
45# between the RADIUS client and server
46servers		/usr/local/etc/radiusclient/servers
47
48# dictionary of allowed attributes and values
49# just like in the normal RADIUS distributions
50dictionary 	/usr/local/etc/radiusclient/dictionary
51
52# program to call for a RADIUS authenticated login 
53# (default /usr/sbin/login.radius)
54login_radius	/usr/local/sbin/login.radius
55
56# file which holds sequence number for communication with the
57# RADIUS server
58seqfile		/var/run/radius.seq
59
60# file which specifies mapping between ttyname and NAS-Port attribute
61mapfile		/usr/local/etc/radiusclient/port-id-map
62
63# default authentication realm to append to all usernames if no
64# realm was explicitly specified by the user
65# the radiusd directly form Livingston doesnt use any realms, so leave
66# it blank then
67default_realm
68
69# time to wait for a reply from the RADIUS server
70radius_timeout	10
71
72# resend request this many times before trying the next server
73radius_retries	3
74
75# NAS-Identifier
76#
77# If supplied, this option will cause the client to send the given string
78# as the contents of the NAS-Identifier attribute in RADIUS requests.  No
79# NAS-IP-Address attribute will be sent in this case.
80#
81# The default behavior is to send a NAS-IP-Address option and not send
82# a NAS-Identifier.  The value of the NAS-IP-Address option is chosen
83# by resolving the system hostname.
84
85# nas_identifier MyUniqueNASName
86
87# LOCAL settings
88
89# program to execute for local login
90# it must support the -f flag for preauthenticated login
91login_local	/bin/login
92