Created
June 28, 2016 09:08
-
-
Save dzinevich/cd7d8510093293f4b9fab49f60535918 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# cat proxy.conf | |
proxy server { | |
default_fallback = no | |
} | |
realm example.com { | |
pool = acct_pool.example.com | |
nostrip | |
} | |
# cat sites-enabled/robust-proxy-accounting | |
home_server home1.example.com { | |
type = auth+acct | |
ipaddr = 192.168.1.1 | |
port = 1812 | |
secret = s3cret | |
status_check = status-server | |
response_window = 6 | |
} | |
home_server home2.example.com { | |
type = auth+acct | |
ipaddr = 192.0.2.20 | |
port = 1812 | |
secret = testing123 | |
status_check = status-server | |
response_window = 6 | |
} | |
home_server acct_detail.example.com { | |
virtual_server = acct_detail.example.com | |
} | |
home_server_pool acct_pool.example.com { | |
type = fail-over | |
home_server = home1.example.com | |
home_server = home2.example.com | |
fallback = acct_detail.example.com | |
virtual_server = home.example.com | |
} | |
realm acct_realm.example.com { | |
acct_pool = acct_pool.example.com | |
} | |
server acct_detail.example.com { | |
accounting { | |
detail.example.com | |
} | |
} | |
server home.example.com { | |
pre-proxy { | |
} | |
post-proxy { | |
Post-Proxy-Type Fail { | |
detail.example.com | |
} | |
} | |
listen { | |
type = detail | |
filename = "${radacctdir}/detail.example.com/detail-*:*" | |
load_factor = 10 | |
} | |
accounting { | |
update control { | |
Proxy-To-Realm := "acct_realm.example.com" | |
} | |
} | |
} | |
# cat sites-enabled/default | |
server default { | |
listen { | |
type = auth | |
ipaddr = * | |
port = 0 | |
limit { | |
max_connections = 16 | |
lifetime = 0 | |
idle_timeout = 30 | |
} | |
} | |
listen { | |
ipaddr = * | |
port = 0 | |
type = acct | |
limit { | |
} | |
} | |
listen { | |
type = auth | |
ipv6addr = :: # any. ::1 == localhost | |
port = 0 | |
limit { | |
max_connections = 16 | |
lifetime = 0 | |
idle_timeout = 30 | |
} | |
} | |
listen { | |
ipv6addr = :: | |
port = 0 | |
type = acct | |
limit { | |
} | |
} | |
authorize { | |
filter_username | |
preprocess | |
chap | |
mschap | |
digest | |
suffix | |
eap { | |
ok = return | |
} | |
files | |
-sql | |
-ldap | |
expiration | |
logintime | |
pap | |
} | |
authenticate { | |
Auth-Type PAP { | |
pap | |
} | |
Auth-Type CHAP { | |
chap | |
} | |
Auth-Type MS-CHAP { | |
mschap | |
} | |
digest | |
eap | |
} | |
preacct { | |
preprocess | |
acct_unique | |
suffix | |
files | |
} | |
accounting { | |
unix | |
update control { | |
Proxy-To-Realm := acct_realm.example.com | |
Tmp-String-0 := "%{exec:/etc/freeradius/disconnect.sh}" | |
} | |
attr_filter.accounting_response | |
} | |
session { | |
} | |
post-auth { | |
-sql | |
exec | |
remove_reply_message_if_eap | |
Post-Auth-Type REJECT { | |
-sql | |
attr_filter.access_reject | |
eap | |
remove_reply_message_if_eap | |
} | |
} | |
pre-proxy { | |
} | |
post-proxy { | |
eap | |
} | |
} | |
# cat users | |
DEFAULT Proxy-To-Realm := "example.com" | |
Acct-Interim-Interval = 1 | |
DEFAULT Framed-Protocol == PPP | |
Framed-Protocol = PPP, | |
Framed-Compression = Van-Jacobson-TCP-IP | |
DEFAULT Hint == "CSLIP" | |
Framed-Protocol = SLIP, | |
Framed-Compression = Van-Jacobson-TCP-IP | |
DEFAULT Hint == "SLIP" | |
Framed-Protocol = SLIP |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment