conf
libdir = /usr/lib/freeradius eap {
default_eap_type = ttls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
mschapv2 {
}
tls {
private_key_password = xxxxx
private_key_file = ${raddbdir}/ca/radius-req.pem
certificate_file = ${raddbdir}/ca/radius-cert.pem
CA_file = ${raddbdir}/ca/cacert.pem
dh_file = ${raddbdir}/ca/dh1024.pem
random_file = ${raddbdir}/ca/random
fragment_size = 1024
}
ttls {
default_eap_type = md5
copy_request_to_tunnel = yes
use_tunneled_reply = no
}
peap {
default_eap_type = mschapv2
}
}
proxy.conf
# # proxy.conf - proxy radius and realm configuration directives # # This file is included by default. To disable it, you will need # to modify the PROXY CONFIGURATION section of “radiusd.conf”. # # proxy server {
synchronous = no
retry_delay = 5
retry_count = 2
dead_time = 120
default_fallback = no
post_proxy_authorize = yes
}
realm wierenga.net {
type = radius
authhost = LOCAL
accthost = LOCAL
}
realm NULL { }
# For unknown realms, forward requests to upstream server realm DEFAULT { type = radius authhost = a.b.c.d:1812 accthost = a.b.c.d:1813 secret = xxx nostrip }
radiusd.conf
prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = /etc/freeradius radacctdir = ${logdir}/radacct
confdir = ${raddbdir} run_dir = ${localstatedir}/run
log_file = ${localstatedir}/log/radiusd.log libdir = /usr/lib/freeradius pidfile = ${run_dir}/radiusd.pid
max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no security {
max_attributes = 200
reject_delay = 1
status_server = no
} proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = no log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no security {
max_attributes = 200
reject_delay = 1
status_server = no
} proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no thread pool {
start_servers = 1
max_servers = 4
min_spare_servers = 1
max_spare_servers = 3
max_requests_per_server = 0
} modules {
pap {
encryption_scheme = clear
}
chap {
authtype = CHAP
}
mschap {
authtype = MS-CHAP
with_ntdomain_hack = yes
}
mschapv2 {
}
$INCLUDE ${confdir}/eap.conf
files {
usersfile = ${confdir}/users
compat = no
}
# 'username@realm'
#
realm suffix {
format = suffix
delimiter = "@"
ignore_default = no
ignore_null = no
}
preprocess {
huntgroups = ${confdir}/huntgroups
hints = ${confdir}/hints
with_ascend_hack = no
ascend_channels_per_line = 23
with_ntdomain = no
with_specialix_jetstream_hack = no
with_cisco_vsa_hack = no
}
} authorize {
preprocess
suffix
files
mschap
eap
} authenticate {
Auth-Type PAP {
pap
}
Auth-Type MS-CHAP {
mschap
}
eap
}
users
DEFAULT Group == “disabled”, Auth-Type := Reject
Reply-Message = "Your account has been disabled."
#
DEFAULT Realm == NULL, Auth-Type := Reject
# users wierenga User-Password == “xxx” klaas Realm == wierenga.net, User-Password == “xxx” licia Realm == wierenga.net, User-Password == “xxx”
# TLS Wierenga Auth-Type := EAP
WierengaWiki 
