4 |
- |
1 |
# -*- text -*-
|
|
|
2 |
######################################################################
|
|
|
3 |
#
|
|
|
4 |
# A virtual server to handle ONLY Status-Server packets.
|
|
|
5 |
#
|
|
|
6 |
# Server statistics can be queried with a properly formatted
|
|
|
7 |
# Status-Server request. See dictionary.freeradius for comments.
|
|
|
8 |
#
|
|
|
9 |
# If radiusd.conf has "status_server = yes", then any client
|
|
|
10 |
# will be able to send a Status-Server packet to any port
|
|
|
11 |
# (listen section type "auth", "acct", or "status"), and the
|
|
|
12 |
# server will respond.
|
|
|
13 |
#
|
|
|
14 |
# If radiusd.conf has "status_server = no", then the server will
|
|
|
15 |
# ignore Status-Server packets to "auth" and "acct" ports. It
|
|
|
16 |
# will respond only if the Status-Server packet is sent to a
|
|
|
17 |
# "status" port.
|
|
|
18 |
#
|
|
|
19 |
# The server statistics are available ONLY on socket of type
|
|
|
20 |
# "status". Qeuries for statistics sent to any other port
|
|
|
21 |
# are ignored.
|
|
|
22 |
#
|
|
|
23 |
# Similarly, a socket of type "status" will not process
|
|
|
24 |
# authentication or accounting packets. This is for security.
|
|
|
25 |
#
|
34 |
- |
26 |
# $Id: 4e4f4179911adf96ca375a860d65903b86becade $
|
4 |
- |
27 |
#
|
|
|
28 |
######################################################################
|
|
|
29 |
|
|
|
30 |
server status {
|
|
|
31 |
listen {
|
|
|
32 |
# ONLY Status-Server is allowed to this port.
|
|
|
33 |
# ALL other packets are ignored.
|
|
|
34 |
type = status
|
|
|
35 |
|
|
|
36 |
ipaddr = 127.0.0.1
|
34 |
- |
37 |
port = 18121
|
4 |
- |
38 |
}
|
|
|
39 |
|
|
|
40 |
#
|
|
|
41 |
# We recommend that you list ONLY management clients here.
|
|
|
42 |
# i.e. NOT your NASes or Access Points, and for an ISP,
|
|
|
43 |
# DEFINITELY not any RADIUS servers that are proxying packets
|
|
|
44 |
# to you.
|
|
|
45 |
#
|
|
|
46 |
# If you do NOT list a client here, then any client that is
|
|
|
47 |
# globally defined (i.e. all of them) will be able to query
|
|
|
48 |
# these statistics.
|
|
|
49 |
#
|
|
|
50 |
# Do you really want your partners seeing the internal details
|
|
|
51 |
# of what your RADIUS server is doing?
|
|
|
52 |
#
|
|
|
53 |
client admin {
|
|
|
54 |
ipaddr = 127.0.0.1
|
|
|
55 |
secret = adminsecret
|
|
|
56 |
}
|
|
|
57 |
|
|
|
58 |
#
|
|
|
59 |
# Simple authorize section. The "Autz-Type Status-Server"
|
|
|
60 |
# section will work here, too. See "raddb/sites-available/default".
|
|
|
61 |
authorize {
|
|
|
62 |
ok
|
|
|
63 |
|
|
|
64 |
# respond to the Status-Server request.
|
|
|
65 |
Autz-Type Status-Server {
|
|
|
66 |
ok
|
|
|
67 |
}
|
|
|
68 |
}
|
|
|
69 |
}
|
|
|
70 |
|
|
|
71 |
# Statistics can be queried via a number of methods:
|
|
|
72 |
#
|
|
|
73 |
# All packets received/sent by the server (1 = auth, 2 = acct)
|
|
|
74 |
# FreeRADIUS-Statistics-Type = 3
|
|
|
75 |
#
|
|
|
76 |
# All packets proxied by the server (4 = proxy-auth, 8 = proxy-acct)
|
|
|
77 |
# FreeRADIUS-Statistics-Type = 12
|
|
|
78 |
#
|
|
|
79 |
# All packets sent && received:
|
|
|
80 |
# FreeRADIUS-Statistics-Type = 15
|
|
|
81 |
#
|
|
|
82 |
# Internal server statistics:
|
|
|
83 |
# FreeRADIUS-Statistics-Type = 16
|
|
|
84 |
#
|
|
|
85 |
# All packets for a particular client (globally defined)
|
|
|
86 |
# FreeRADIUS-Statistics-Type = 35
|
|
|
87 |
# FreeRADIUS-Stats-Client-IP-Address = 192.168.1.1
|
|
|
88 |
#
|
|
|
89 |
# All packets for a client attached to a "listen" ip/port
|
|
|
90 |
# FreeRADIUS-Statistics-Type = 35
|
|
|
91 |
# FreeRADIUS-Stats-Client-IP-Address = 192.168.1.1
|
|
|
92 |
# FreeRADIUS-Stats-Server-IP-Address = 127.0.0.1
|
|
|
93 |
# FreeRADIUS-Stats-Server-Port = 1812
|
|
|
94 |
#
|
|
|
95 |
# All packets for a "listen" IP/port
|
|
|
96 |
# FreeRADIUS-Statistics-Type = 67
|
|
|
97 |
# FreeRADIUS-Stats-Server-IP-Address = 127.0.0.1
|
|
|
98 |
# FreeRADIUS-Stats-Server-Port = 1812
|
|
|
99 |
#
|
|
|
100 |
# All packets for a home server IP / port
|
|
|
101 |
# FreeRADIUS-Statistics-Type = 131
|
|
|
102 |
# FreeRADIUS-Stats-Server-IP-Address = 192.168.1.2
|
|
|
103 |
# FreeRADIUS-Stats-Server-Port = 1812
|
|
|
104 |
|
|
|
105 |
#
|
|
|
106 |
# You can also get exponentially weighted moving averages of
|
|
|
107 |
# response times (in usec) of home servers. Just set the config
|
|
|
108 |
# item "historic_average_window" in a home_server section.
|
|
|
109 |
#
|
|
|
110 |
# By default it is zero (don't calculate it). Useful values
|
|
|
111 |
# are between 100, and 10,000. The server will calculate and
|
|
|
112 |
# remember the moving average for this window, and for 10 times
|
|
|
113 |
# that window.
|
|
|
114 |
#
|
|
|
115 |
|
|
|
116 |
#
|
|
|
117 |
# Some of this could have been simplified. e.g. the proxy-auth and
|
|
|
118 |
# proxy-acct bits aren't completely necessary. But using them permits
|
|
|
119 |
# the server to be queried for ALL inbound && outbound packets at once.
|
|
|
120 |
# This gives a good snapshot of what the server is doing.
|
|
|
121 |
#
|
|
|
122 |
# Due to internal limitations, the statistics might not be exactly up
|
|
|
123 |
# to date. Do not expect all of the numbers to add up perfectly.
|
|
|
124 |
# The Status-Server packets are also counted in the total requests &&
|
|
|
125 |
# responses. The responses are counted only AFTER the response has
|
|
|
126 |
# been sent.
|
|
|
127 |
#
|