<?phpphp
  // Nom du fichier : /nomadisme/freeradius.php
  // Date de creation : 2006/05/24
  // Date d'update : ***
  //include $_SERVER["DOCUMENT_ROOT"]."/include/presentation.php";
  //headers("Configurations de FreeRadius");
?>
radiusd.conf
<pre>
# tous les commentaires ont ete supprimes :
#
prefix = /usr/local/freeradius
exec_prefix = ${prefix}
sysconfdir = ${prefix}/etc
localstatedir = ${prefix}/var
sbindir = ${exec_prefix}/sbin
logdir = ${localstatedir}/log/radius
raddbdir = ${sysconfdir}/raddb
radacctdir = ${logdir}/radacct
confdir = ${raddbdir}
run_dir = ${localstatedir}/run/radiusd
log_file = ${logdir}/radius.log
log_destination = files
libdir = ${exec_prefix}/lib
pidfile = ${run_dir}/radiusd.pid
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
listen {
	ipaddr = 147.173.1.26
	port = 0
	type = auth
}
listen {
	ipaddr = 147.173.1.26
	port = 0
	type = acct
}
hostname_lookups = no
allow_core_dumps = no
regular_expressions	= yes
extended_expressions	= yes
log {
	syslog_facility = daemon
}
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
checkrad = ${sbindir}/checkrad
security {
	max_attributes = 200
	reject_delay = 1
	status_server = no
}
proxy_requests  = yes
$INCLUDE  ${confdir}/proxy.conf
$INCLUDE  ${confdir}/clients.conf
snmp	= no
$INCLUDE  ${confdir}/snmp.conf
thread pool {
	start_servers = 5
	max_servers = 32
	min_spare_servers = 3
	max_spare_servers = 10
	max_requests_per_server = 0
}
modules {
	pap {
		auto_header = no
	}
	chap {
		authtype = CHAP
	}
	pam {
		pam_auth = radiusd
	}
	unix {
		radwtmp = ${logdir}/radwtmp
	}
$INCLUDE ${confdir}/eap.conf
	mschap {
	}
	ldap ldap {
		server = "ldap-neel.grenoble.cnrs.fr"
                identity = "cn=radius,dc=grenoble,dc=cnrs,dc=fr"
		password = admin-pwd
		basedn = "dc=grenoble,dc=cnrs,dc=fr"
                filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))"
		base_filter = "(objectclass=radiusprofile)"
		ldap_connections_number = 5
		timeout = 4
		timelimit = 3
		net_timeout = 1
		tls {
			start_tls = no
		}
		dictionary_mapping = ${raddbdir}/ldap.attrmap
		auto_header = yes
		groupname_attribute = radiusGroupName
                #groupmembership_filter = "(|(&(uid=%{Stripped-User-Name:-%{User-Name}}))(&(aliasMail=%{Stripped-User-Name:-%{User-Name}})))(objectclass=radiusProfile)"
                groupmembership_filter = "(|(|(uid=%{Stripped-User-Name:-%{User-Name}})(mail=%{Stripped-User-Name:-%{User-Name}}))(mail=%{Stripped-User-Name:-%{User-Name}}@grenoble.cnrs.fr))"
		groupmembership_attribute = radiusGroupName
	}
	realm IPASS {
		format = prefix
		delimiter = "/"
	}
	realm suffix {
		format = suffix
		delimiter = "@"
	}
	realm realmpercent {
		format = suffix
		delimiter = "%"
	}
	realm ntdomain {
		format = prefix
		delimiter = "\\"
	}	
	checkval {
		item-name = Calling-Station-Id
		check-name = Calling-Station-Id
		data-type = string
	}
	attr_rewrite addtunneltype {
		attribute = Tunnel-Type
                searchin = proxy_reply
                searchfor = "[+ ]"
                replacewith = "VLAN"
                new_attribute = yes
	}
	attr_rewrite  addtunnelmediumtype {
		attribute = Tunnel-Medium-Type
                searchin = proxy_reply
                searchfor = "[+ ]"
                replacewith = "IEEE-802"
                new_attribute = yes	
	}
	attr_rewrite addvlanmcbt {
	       attribute = Tunnel-Private-Group-ID
               searchin = proxy_reply
               searchfor = "[+ ]"
               replacewith = "244"
               new_attribute = yes
	}
	preprocess {
		huntgroups = ${confdir}/huntgroups
		hints = ${confdir}/hints
		with_ascend_hack = no
		ascend_channels_per_line = 23
		with_ntdomain_hack = no
		with_specialix_jetstream_hack = no
		with_cisco_vsa_hack = no
	}
	files {
		usersfile = ${confdir}/users
		acctusersfile = ${confdir}/acct_users
		preproxy_usersfile = ${confdir}/preproxy_users
		compat = no
	}
	detail {
		detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d
		detailperm = 0600
		header = "%t"
	}
	acct_unique {
		key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
	}
	$INCLUDE  ${confdir}/sql.conf
	radutmp {
		filename = ${logdir}/radutmp
		username = %{User-Name}
		case_sensitive = yes
		check_with_nas = yes		
		perm = 0600
		callerid = "yes"
	}
	radutmp sradutmp {
		filename = ${logdir}/sradutmp
		perm = 0644
		callerid = "no"
	}
	attr_filter attr_filter.post-proxy {
		attrsfile = ${confdir}/attrs
	}
	attr_filter attr_filter.pre-proxy {
		attrsfile = ${confdir}/attrs.pre-proxy
	}
	counter daily {
		filename = ${raddbdir}/db.daily
		key = User-Name
		count-attribute = Acct-Session-Time
		reset = daily
		counter-name = Daily-Session-Time
		check-name = Max-Daily-Session
		allowed-servicetype = Framed-User
		cache-size = 5000
	}
	sqlcounter dailycounter {
		counter-name = Daily-Session-Time
		check-name = Max-Daily-Session
		sqlmod-inst = sql
		key = User-Name
		reset = daily
		query = "SELECT SUM(AcctSessionTime - \
                 GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
                 FROM radacct WHERE UserName='%{%k}' AND \
                 UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
	}
	sqlcounter monthlycounter {
		counter-name = Monthly-Session-Time
		check-name = Max-Monthly-Session
		sqlmod-inst = sql
		key = User-Name
		reset = monthly
		query = "SELECT SUM(AcctSessionTime - \
                 GREATEST((%b - UNIX_TIMESTAMP(AcctStartTime)), 0)) \
                 FROM radacct WHERE UserName='%{%k}' AND \
                 UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '%b'"
	}
	always fail {
		rcode = fail
	}
	always reject {
		rcode = reject
	}
	always ok {
		rcode = ok
		simulcount = 0
		mpp = no
	}
	expr {
	}
	digest {
	}
	expiration {
		reply-message = "Password Has Expired\r\n" 
	}
	logintime {
		reply-message = "You are calling outside your allowed timespan\r\n"
		minimum-timeout = 60
	}
	exec {
		wait = yes
		input_pairs = request
		shell_escape = yes
		output = none
	}
	exec echo {
		wait = yes
		program = "/bin/echo %{User-Name}"
		input_pairs = request
		output_pairs = reply
		shell_escape = yes
	}
	logintime {
	}
}
instantiate {
	exec
	expr
	expiration
	logintime
}
authorize {
	preprocess
	chap
	mschap
	unix
	suffix
	eap
	files
Autz-Type LDAP {
		ldap
	}
	expiration
	logintime
	pap
}
authenticate {
	Auth-Type LDAP {
		ldap
	}
	eap
}
preacct {
	preprocess
	acct_unique
	suffix
	files
}
accounting {
	detail
	unix
	radutmp
	sql
}
session {
	radutmp
}
post-auth {
}
pre-proxy {
	files
}
post-proxy {
	Post-Proxy-Type post.proxy.mcbt {
		addtunneltype
		addtunnelmediumtype
		addvlanmcbt
        }
	eap
}
</pre>
  <!--//////////////// FIN PAGE CENTRALE //////////////-->
<?phpphp
  //footers();
?>