Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help 
INN-RADIUS.CONF(5)	  InterNetNews Documentation	    INN-RADIUS.CONF(5)

NAME
       inn-radius.conf - Configuration for nnrpd RADIUS	authenticator

DESCRIPTION
       This describes the format and attributes	of the configuration file for
       the nnrpd RADIUS	authenticator.	See radius(8) for more information
       about the authenticator program.	 The default location for this file is
       inn-radius.conf in pathetc.

       Blank lines and lines beginning with "#"	are ignored, as	is anything
       after a "#" on a	line.  All other lines should begin with a parameter
       name followed by	a colon	and the	value of that key, except that each
       section of configuration	for a particular server	should be enclosed in:

	   server <name> {
	       # parameters...
	   }

       where <name> is just some convenient label for that server.

SERVER GROUP PARAMETERS
       The available parameters	are:

       radhost
	   The	hostname of the	RADIUS server to use for authentication.  This
	   parameter must be set.

       radport
	   The port to query on	the RADIUS server.  Defaults to	 1645  if  not
	   set.

       lochost
	   The	hostname  or IP	address	making the request.  The RADIUS	server
	   expects an IP address; a hostname will be  translated  into	an  IP
	   address with	gethostbyname().  If not given,	this information isn't
	   included  in	 the  request  (not  all  RADIUS  setups  require this
	   information).

       locport
	   The port the	client being authenticated is connecting to.   If  not
	   given, defaults to 119.  This doesn't need to be set	unless readers
	   are connecting to a non-standard port.

       secret
	   The	shared secret with the RADIUS server.  If your secret includes
	   spaces, tabs, or "#", be sure to include it in double quotes.  This
	   parameter must be set.

       prefix
	   Prepend the value of	this parameter to all usernames	before passing
	   them	to the RADIUS server.  Can be used to prepend  something  like
	   "news-"  to	all  usernames	in  order  to  put  news  users	into a
	   different namespace from other accounts served by the same  server.
	   If not set, nothing is prepended.

       suffix
	   Append  the value of	this parameter to all usernames	before passing
	   them	 to  the  RADIUS  server.   This  is  often   something	  like
	   "@example.com",  depending on how your RADIUS server	is set up.  If
	   not set, nothing is appended.

       ignore-source
	   Can be set to "true", "yes",	"on", "false", "no" or "off".  If  set
	   to  false,  the  RADIUS authenticator will check to ensure that the
	   response it receives	is from	the same IP address  as	 it  sent  the
	   request to (for some	added security).  If set to true, it will skip
	   this	 verification  check  (if  your	 RADIUS	server has multiple IP
	   addresses or	if other odd things are	going on, it may be  perfectly
	   normal for the response to come from	a different IP address).

EXAMPLE
       Here  is	 a  configuration  for	a  news	server named news.example.com,
       authenticating	users	against	  radius.example.com   and   appending
       "@example.com"  to all client-supplied usernames	before passing them to
       the RADIUS server:

	   server example {
	       radhost:	radius.example.com
	       lochost:	news.example.com
	       secret: IamARADIUSsecRET
	       suffix: @example.com
	   }

       The shared secret with the RADIUS server	is "IamARADIUSsecRET".

HISTORY
       This documentation was written by Russ Allbery <eagle@eyrie.org>	 based
       on the comments in the sample inn-radius.conf file by Yury B. Razbegin.

SEE ALSO
       radius(8).

INN 2.8.0			  2024-02-11		    INN-RADIUS.CONF(5)

Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=inn-radius.conf&sektion=5&manpath=FreeBSD+Ports+14.3.quarterly>

home | help