Next: , Up: Run-Time Configuration Options — raddb/config   [Contents][Index]

4.1.1 option block

Syntax:

option {
        source-ip number ;
        max-requests number ;
        radiusd-user string ;
        exec-program-user string ;
        username-chars string ;
        log-dir string ;
        acct-dir string ;
        resolve bool ;
        max-processes number ;
        process-idle-timeout number ;
        master-read-timeout number ;
        master-write-timeout number ;
} ;

Usage

The option block defines the global options to be used by radiusd.

Boolean statements

resolve

Determines whether radius should resolve the IP addresses for diagnostic output. Specifying resolve no speeds up the server and reduces the network traffic.

Numeric statements

source-ip

Sets the source IP address. When this statement is not present, the IP address of the first available network interface on the machine will be used as source.

max-requests

Sets the maximum number of the requests in queue.

max-processes

Sets the maximum number of child processes. The default value is 16. If you plan to raise this value, make sure you have enough file descriptors available, as each child occupies four descriptors for its input/output channels.

process-idle-timeout

Sets the maximum idle time for child processes. A child terminates if it does not receive any requests from the main process within this number of seconds. By default, this parameter is 3600 seconds (one hour).

master-read-timeout
master-write-timeout

These two values set the timeout values for the interprocess input/output operations in the main server process. More specifically, master-read-timeout sets the maximum number of seconds the main process will wait for the answer from the subprocess, and master-write-timeout sets the maximum number of seconds the main process will wait for the subprocess’s communication channel to become ready for input. By default, no timeouts are imposed.

String statements

radiusd-user

Instructs radiusd to drop root privileges and to switch to the real user and group IDs of the given user after becoming daemon. Notice the following implications of this statement:

  1. All configuration files must be readable for this user.
  2. Authentication type System (see System Authentication Type) requires root privileges, so it cannot be used with radiusd-user. Any raddb/users profiles using this authentication type will be discarded.
  3. Authentication type PAM (see PAM Authentication Type) may require root privileges. It is reported to always require root privileges on some systems (notably on Solaris).
  4. exec-program-user statement (see below) is ignored when used with radiusd-user.
exec-program-user

Sets the privileges for the programs executed as a result of Exec-Program and Exec-Program-Wait. The real user and group ids will be retrieved from the /etc/passwd entry for the given user.

username-chars

Determines characters that are valid within a username. The alphanumeric characters are always allowed in a username, it is not necessary to specify them in this statement. By default the following characters are allowed in a username: ‘.-_!@#$%^&\/"’. The username-chars statement overrides this default, thus setting: 

username-chars ":"

will restrict the set of allowed characters to the alphanumeric characters and colon. If you wish to expand the default character set, you will have to explicitly specify it in the username-chars argument, as shown in the example below: 

username-chars ".-_!@#$%^&\\/\":"

(Notice the use of escape character ‘\’).

log-dir

Specifies the logging directory.

acct-dir

Specifies the accounting directory.

Next: logging block, Up: Run-Time Configuration Options — raddb/config   [Contents][Index]