Subversion Repositories configs

Rev

Rev 4 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
4 - 1
# -*- text -*-
2
######################################################################
3
#
4
#	A virtual server to handle ONLY Status-Server packets.
5
#
6
#	Server statistics can be queried with a properly formatted
7
#	Status-Server request.  See dictionary.freeradius for comments.
8
#
9
#	If radiusd.conf has "status_server = yes", then any client
10
#	will be able to send a Status-Server packet to any port
11
#	(listen section type "auth", "acct", or "status"), and the
12
#	server will respond.
13
#
14
#	If radiusd.conf has "status_server = no", then the server will
15
#	ignore Status-Server packets to "auth" and "acct" ports.  It
16
#	will respond only if the Status-Server packet is sent to a
17
#	"status" port.
18
#
19
#	The server statistics are available ONLY on socket of type
20
#	"status".  Qeuries for statistics sent to any other port
21
#	are ignored.
22
#
23
#	Similarly, a socket of type "status" will not process
24
#	authentication or accounting packets.  This is for security.
25
#
34 - 26
#	$Id: 4e4f4179911adf96ca375a860d65903b86becade $
4 - 27
#
28
######################################################################
29
 
30
server status {
31
	listen {
32
		#  ONLY Status-Server is allowed to this port.
33
		#  ALL other packets are ignored.
34
		type = status
35
 
36
		ipaddr = 127.0.0.1
34 - 37
		port = 18121
4 - 38
	}
39
 
40
	#
41
	#  We recommend that you list ONLY management clients here.
42
	#  i.e. NOT your NASes or Access Points, and for an ISP,
43
	#  DEFINITELY not any RADIUS servers that are proxying packets
44
	#  to you.
45
	#
46
	#  If you do NOT list a client here, then any client that is
47
	#  globally defined (i.e. all of them) will be able to query
48
	#  these statistics.
49
	#
50
	#  Do you really want your partners seeing the internal details
51
	#  of what your RADIUS server is doing?
52
	#
53
	client admin {
54
		ipaddr = 127.0.0.1
55
		secret = adminsecret
56
	}
57
 
58
	#
59
	#  Simple authorize section.  The "Autz-Type Status-Server"
60
	#  section will work here, too.  See "raddb/sites-available/default".
61
	authorize {
62
		ok
63
 
64
		# respond to the Status-Server request.
65
		Autz-Type Status-Server {
66
			ok
67
		}
68
	}
69
}
70
 
71
#	Statistics can be queried via a number of methods:
72
#
73
#	All packets received/sent by the server (1 = auth, 2 = acct)
74
#		FreeRADIUS-Statistics-Type = 3
75
#
76
#	All packets proxied by the server (4 = proxy-auth, 8 = proxy-acct)
77
#		FreeRADIUS-Statistics-Type = 12
78
#
79
#	All packets sent && received:
80
#		FreeRADIUS-Statistics-Type = 15
81
#
82
#	Internal server statistics:
83
#		FreeRADIUS-Statistics-Type = 16
84
#
85
#	All packets for a particular client (globally defined)
86
#		FreeRADIUS-Statistics-Type = 35
87
#		FreeRADIUS-Stats-Client-IP-Address = 192.168.1.1
88
#
89
#	All packets for a client attached to a "listen" ip/port
90
#		FreeRADIUS-Statistics-Type = 35
91
#		FreeRADIUS-Stats-Client-IP-Address = 192.168.1.1
92
#		FreeRADIUS-Stats-Server-IP-Address = 127.0.0.1
93
#		FreeRADIUS-Stats-Server-Port = 1812
94
#
95
#	All packets for a "listen" IP/port
96
#		FreeRADIUS-Statistics-Type = 67
97
#		FreeRADIUS-Stats-Server-IP-Address = 127.0.0.1
98
#		FreeRADIUS-Stats-Server-Port = 1812
99
#
100
#	All packets for a home server IP / port
101
#		FreeRADIUS-Statistics-Type = 131
102
#		FreeRADIUS-Stats-Server-IP-Address = 192.168.1.2
103
#		FreeRADIUS-Stats-Server-Port = 1812
104
 
105
#
106
#  You can also get exponentially weighted moving averages of
107
#  response times (in usec) of home servers.  Just set the config
108
#  item "historic_average_window" in a home_server section.
109
#
110
#  By default it is zero (don't calculate it).  Useful values
111
#  are between 100, and 10,000.  The server will calculate and
112
#  remember the moving average for this window, and for 10 times
113
#  that window.
114
#
115
 
116
#
117
#  Some of this could have been simplified.  e.g. the proxy-auth and
118
#  proxy-acct bits aren't completely necessary.  But using them permits
119
#  the server to be queried for ALL inbound && outbound packets at once.
120
#  This gives a good snapshot of what the server is doing.
121
#
122
#  Due to internal limitations, the statistics might not be exactly up
123
#  to date.  Do not expect all of the numbers to add up perfectly.
124
#  The Status-Server packets are also counted in the total requests &&
125
#  responses.  The responses are counted only AFTER the response has
126
#  been sent.
127
#