Mercurial > hg > freeDiameter

view doc/app_radgw.conf.sample @ 1327:82b386714795

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Set callback data also when only setting expire callback (and not answer callback as well). It is used when calling the expire callback, so not setting it makes no sense.
author Thomas Klausner <tk@giga.or.at>
date Mon, 27 Nov 2017 15:21:20 +0100
parents 6fe3e5cf9fb2
children
line wrap: on
line source

# This file contains information for configuring the app_radgw extension.
# To find how to have freeDiameter load this extension, please refer to the freeDiameter documentation.
#
# The app_radgw extension allows a freeDiameter agent to serve as a
# RADIUS/Diameter gateway. Typically, a RADIUS client (e.g. a NAS) will connect to
# this agent, and the message will be converted to Diameter and sent to a Diameter server.
#
# Note that this extension does not provide a fully functionnal RADIUS/Diameter gateway.
# You need to load plugins to handle specific RADIUS messages and convert them to 
# Diameter apps such as NASREQ, EAP, ... See the next section for information.


###########
# PLUGINS #
###########

# Additional plugins must be loaded to support specific RADIUS messages and attributes.

# Plugins are registered either for every message, or by port (auth or acct), or by port and code.
# The general format is:
# RGWX = plugin [: conf_file] [: port] [: code(s)] ;
#  Where:
#    plugin is the quoted file name (relative or absolute) of the plugin to load (.rgwx files).
#    conf_file (optional) is the quoted name of the configuration file.
#    port (optional), either auth or acct. 
#       If not specified, extension is called for messages incoming on both ports
#    code(s): space-separated list of command codes for which this extension must be called.
#       If not specified, the extension is called for all incoming messages.
#       The values are interpreted as hexadecimal.
#
# The plugins are called in the order they appear in this file.
# Here are some explained examples:
#  RGWX = "3579.rgwx";   Load this extension and call it for all messages. No configuration file.
#  RGWX = "3579.rgwx" : "3579.conf";  Same as previous but with a configuration file specified.
#  RGWX = "3579.rgwx" : auth; No configuration file, but called only for RADIUS messages received on authentication port.
#  RGWX = "3579.rgwx" : 4 8 b;  Called for messages with command code 4, 8, or 11 only.
#  RGWX = "3579.rgwx" : "3579.conf" : auth : 4 8 b;  All parameters combined.

# Once the list of extensions for an incoming message has been called (or if the list is empty), 
# an error is logged if some RADIUS attributes of the message have not been handled.

RGWX = "extensions/echodrop.rgwx" : "echodrop.rgwx.conf"; # See echodrop.rgwx.conf.sample file
RGWX = "extensions/auth.rgwx" : auth; 
RGWX = "extensions/acct.rgwx" : acct;
# RGWX = "extensions/debug.rgwx"; # Uncomment to see the result of the translation plugins.

# For some extensions (auth, acct), a false configuration file name 
# can be passed to specify flags, such as "nonai" to ignore NAI-based routing.

##################
# RADIUS Clients #
##################

# Each RADIUS client must be declared in the form: 
#   nas = IP / shared-secret ;
# IP can be ipv4 or ipv6
# port can be additionaly restricted with brackets: IP[port] (ex: 192.168.0.1[1812])
# shared-secret can be a quoted string, or a list of hexadecimal values.
# examples:
# nas = 192.168.100.1 / "secret key" ; # the shared secret buffer is 0x736563726574206b6579 (length 10 bytes)
# nas = fe00::1 / 73 65 63 72 65 74 20 6b 65 79; # same shared secret as previously
# When a packet is received from an IP not declared here, it is discarded.

# If the RADIUS client is a Proxy that forwards messages from different peers, it must be
# declared instead as follow:
#   pxy = IP / shared-secret ;
# Note that it is not recommended to use this gateway implementation with a proxy currently,
# since the management of duplicate messages might be insufficient.

# The old notation cli = ... is equivalent to nas = ... and kept for backward compatibility.


####################
#  Authentication  #
#  Authorization   #
####################

# Enable the RADIUS/Diameter authentication/authorization gateway?
# auth_server_enable = 1;

# The port on which the accounting server listens
# auth_server_port = 1812;

# The IPv4 on which to bind the server, or "disable" if IPv4 must not be used.
# auth_server_ip4 = 0.0.0.0;

# The IPv6 address to which the server is bound, or "disable"
# auth_server_ip6 = :: ;


################
#  Accounting  #
################

# Enable the RADIUS/Diameter accounting gateway?
# acct_server_enable = 1;

# The port on which the accounting server listens
# acct_server_port = 1813;

# The IPv4 on which to bind the server, or "disable" if no IPv4 is wanted.
# acct_server_ip4 = 0.0.0.0;

# The IPv6 address to which the server is bound, or "disable"
# acct_server_ip6 = :: ;
"Welcome to our mercurial repository"