1 .\" Copyright 1998 Juniper Networks, Inc.
2 .\" All rights reserved.
4 .\" Redistribution and use in source and binary forms, with or without
5 .\" modification, are permitted provided that the following conditions
7 .\" 1. Redistributions of source code must retain the above copyright
8 .\" notice, this list of conditions and the following disclaimer.
9 .\" 2. Redistributions in binary form must reproduce the above copyright
10 .\" notice, this list of conditions and the following disclaimer in the
11 .\" documentation and/or other materials provided with the distribution.
13 .\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14 .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15 .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 .\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17 .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19 .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20 .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21 .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
25 .\" $FreeBSD: src/lib/libradius/radius.conf.5,v 1.4.2.3 2001/08/17 15:43:06 ru Exp $
32 .Nd RADIUS client configuration file
37 contains the information necessary to configure the RADIUS client
38 library. It is parsed by
40 The file contains one or more lines of text, each describing a
41 single RADIUS server which will be used by the library. Leading
42 white space is ignored, as are empty lines and lines containing
45 A RADIUS server is described by three to five fields on a line:
47 .Bl -item -offset indent -compact
60 The fields are separated by white space. The
62 character at the beginning of a field begins a comment, which extends
63 to the end of the line. A field may be enclosed in double quotes,
64 in which case it may contain white space and/or begin with the
66 character. Within a quoted string, the double quote character can
69 and the backslash can be represented by
71 No other escape sequences are supported.
73 The first field gives the service type, either
75 for RADIUS authentication or
77 for RADIUS accounting. If a single server provides both services, two
78 lines are required in the file. Earlier versions of this file did
79 not include a service type. For backward compatibility, if the first
84 the library behaves as if
86 were specified, and interprets the fields in the line as if they
87 were fields two through five.
89 The second field specifies
90 the server host, either as a fully qualified domain name or as a
91 dotted-quad IP address. The host may optionally be followed by a
93 and a numeric port number, without intervening white space. If the
94 port specification is omitted, it defaults to the
100 file for service types
105 If no such entry is present, the standard ports 1812 and 1813 are
108 The third field contains the shared secret, which should be known
109 only to the client and server hosts. It is an arbitrary string of
110 characters, though it must be enclosed in double quotes if it
111 contains white space. The shared secret may be
112 any length, but the RADIUS protocol uses only the first 128
113 characters. N.B., some popular RADIUS servers have bugs which
114 prevent them from working properly with secrets longer than 16
117 The fourth field contains a decimal integer specifying the timeout in
118 seconds for receiving a valid reply from the server. If this field
119 is omitted, it defaults to 3 seconds.
121 The fifth field contains a decimal integer specifying the maximum
122 number of attempts that will be made to authenticate with the server
123 before giving up. If omitted, it defaults to 3 attempts. Note,
124 this is the total number of attempts and not the number of retries.
126 Up to 10 RADIUS servers may be specified for each service type.
127 The servers are tried in
128 round-robin fashion, until a valid response is received or the
129 maximum number of tries has been reached for all servers.
131 The standard location for this file is
132 .Pa /etc/radius.conf .
133 But an alternate pathname may be specified in the call to
135 Since the file contains sensitive information in the form of the
136 shared secrets, it should not be readable except by root.
141 # A simple entry using all the defaults:
142 acct radius1.domain.com OurLittleSecret
144 # A server still using the obsolete RADIUS port, with increased
145 # timeout and maximum tries:
146 auth auth.domain.com:1645 "I can't see you" 5 4
148 # A server specified by its IP address:
149 auth 192.168.27.81 $X*#..38947ax-+=
155 .%T "Remote Authentication Dial In User Service (RADIUS)"
160 .%T RADIUS Accounting
164 This documentation was written by
168 project by Juniper Networks, Inc.