Configuration Files - GNU Radius Reference Manual

Next: Request Comparison, Previous: Invocation, Up: Top

4 Radius Configuration Files

At startup, GNU Radius obtains the information vital for its functioning from a number of configuration files. These are normally found in /usr/local/etc/raddb directory, which is defined at configuration time, although their location can be specified at runtime. In the discussion below we will refer to this directory by raddb. See Naming Conventions.

Each configuration file is responsible for a certain part of the GNU Radius functionality. The following table lists all configuration files along with a brief description of their purposes.

config: Determines the runtime defaults for radiusd, such as the IP address and ports to listen on, the sizes of the request queues, configuration of the SNMP subsystem, fine-tuning of the extension languages, etc.
clients: Lists the shared secret belonging to each nas. It is crucial for the normal request processing that each nas have an entry in this file. The requests from nases that are not listed in clients will be ignored, as well as those from the nases that have a wrong value for the shared secret configured in this file.
naslist: Defines the types for the known nases. Its information is used mainly when performing multiple login checking (see Multiple Login Checking).
nastypes: Declares the known nas types. The symbolic type names, declared in this file can be used in naslist.
dictionary: Defines the symbolic names for radius attributes and attribute values. Only the names declared in this file may be used in the files users, hints and huntgroups.
huntgroups: Contains special rules that process the incoming requests basing on the nas IP and port number they come from. These can also be used as a kind of access control list.
hints: Defines the matching rules that modify the incoming request depending on the user name and its credentials.
users: Contains the individual users' profiles.
realms: Defines the Radius realms and the servers that are responsible for them.
access.deny: A list of usernames that should not be allowed access via Radius.
sqlserver: Contains the configuration for the sql system. This includes the type of sql interface used, the IP and port number of the server and the definition of the sql requests used by radiusd.
rewrite: Contains the source code of functions in Rewrite extension language.
menus: A subdirectory containing the authentication menus.

The rest of this chapter describes each of these files in detail.

config file: Run-time configuration options.
dictionary file: Radius dictionary.
clients file: Clients lists the nases that are allowed to communicate with radius.
naslist file: The naslist file keeps general information about the nases.
nastypes file: Information about how to query the nases about active user sessions.
hints file: Important user information that is common for the users whose names match some pattern.
huntgroups file: Group users by the nas (and, possibly, a port number) they come from.
realms file: Communication with remote radius servers
users file: User profile.
access.deny file: List of users which are denied access.
sqlserver file: SQL server configuration.
rewrite file: Rewrite functions allow to change the input packets.
menus directory: Menus allow user to select the type of service.
Macro Substitution: Macros which are expanded by the actual attribute values.