OUR SITES NetworkRADIUS FreeRADIUS

You will want to edit this to your local needs. We suggest copying the text from the "default" file here, and then editing the text. That way, any changes to the "default" file will not affect this virtual server, and vice-versa.

When this virtual server receives the request, the original attributes can be accessed as "outer.request", "outer.control", etc. See "man unlang" for more details.

This example virtual server will listen on alternate ports and perform basic authentication and accounting. Consult the default file for information on the syntax and available options.

In v4, all "server" sections MUST start with a "namespace" parameter. This tells the server which protocol is being used. Consult the sites-available/default for more information and documentation.

Define our listeners and the types of application packets we expect.

Our listener for Accounting

Now we define our policy framework for how this virtual server will handle various application packets. Consult the default file for information on the syntax and available options. insert policies here

In this example we simply validate locally

insert policies here

insert policies here

Ensure that we have a semi-unique identifier for every request, and many NAS boxes are broken.

Read the 'acct_users' file

Create a 'detail’ed log of the packets. Note that accounting requests which are proxied are also logged in the detail file.

Filter attributes from the accounting response.

Allow for PAP in our example

etc.

Default Configuration

#	Sample virtual server for internally proxied requests.
server virtual.example.com {
	namespace = radius
	listen {
		type = Access-Request
		transport = udp
		udp {
			ipaddr = *
			port = 11812
		}
	}
	listen {
		type = Accounting-Request
		transport = udp
		udp {
			ipaddr = *
			port = 11813
		}
	}
	recv Access-Request {
		filter_username
		auth_log
		files
		pap
	}
	send Access-Accept {
	}
	recv Accounting-Request {
		acct_unique
		files
	}
	send Accounting-Response {
		detail
		attr_filter.accounting_response
	}
	authenticate pap {
		pap
	}
}