forked from FreeRADIUS/mod_auth_radius
-
Notifications
You must be signed in to change notification settings - Fork 0
/
httpd.conf
151 lines (131 loc) · 4.16 KB
/
httpd.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
######################################################################
# Modifications to the httpd.conf file for mod_auth_radius.c
# written by Alan DeKok <[email protected]>
#
# Version: $Id$
#
######################################################################
#
# These configuration options should be ADDED to the httpd.conf file
# for your site.
#
######################################################################
######################################################################
#
# Tell Apache to load the module.
#
LoadModule radius_auth_module libexec/mod_auth_radius.so
# the path to the module file will depend on your Apache installation, e.g.
#LoadModule radius_auth_module /usr/lib/apache2/modules/mod_auth_radius.so
######################################################################
#
# With Apache 1.x, it is necessary to add an 'AddModule' statement.
# The order of the modules listed by 'AddModule' can be important.
# This seems to work:
# just AFTER 'AddModule mod_auth.c' add:
# AddModule mod_auth_radius.c
######################################################################
#
# Add the general configuration of mod_auth_radius
# either to the BOTTOM of httpd.conf
# or into <VirtualHost> configuration before per-directory settings
#
<IfModule mod_auth_radius.c>
#
# AddRadiusAuth server[:port] <shared-secret> [ timeout [ : retries ]]
#
# Use localhost, the standard RADIUS port, secret 'testing123',
# time out after 5 seconds, and retry 3 times.
AddRadiusAuth localhost:1812 testing123 5:3
#
# AuthRadiusBindAddress <hostname/ip-address>
#
# Bind client (local) socket to this local IP address.
# The server will then see RADIUS client requests will come from
# the given IP address.
#
# By default, the module does not bind to any particular address,
# and the operating system chooses the address to use.
#
#
# AddRadiusCookieValid <minutes-for-which-cookie-is-valid>
#
# the special value of 0 (zero) means the cookie is valid forever.
#
AddRadiusCookieValid 5
</IfModule>
######################################################################
#
# A sample per-directory access-control configuration.
#
# This may go into httpd.conf, either the general section or <VirtualHost>
# When used in an '.htaccess' file, the text BETWEEN the
# <Location /secure/> </Location> directives
# should go into the .htaccess file.
#
# You can also use <Directory /var/www/secure/> </Directory> or similar.
#
# If you want to be sure it only applies when mod_auth_radius is used,
# you can also wrap it in an <IfModule> directive, as above.
#
<Location /secure/>
#
# Use basic password authentication.
# AuthType Digest won't work with RADIUS authentication.
#
AuthType Basic
#
# Tell the user the realm to which they're authenticating.
# This string should be configured for your site.
#
AuthName "RADIUS authentication for localhost"
# Apache 1.x specific settings:
#
# don't use 'mod_auth'.
# You might want to disable other authentication types here.
# You can get a similar effect by commenting out the
# 'AddModule mod_auth_*' lines, previously in httpd.conf
#
#AuthAuthoritative off
#
# Use mod_auth_radius for all authentication, and make the responses
# from it authoritative.
#
#AuthRadiusAuthoritative on
# Apache 2.x specific setting:
#
# Set RADIUS to be the provider for this basic authentication
#
AuthBasicProvider radius
#
# Make a local variation of AddRadiusCookieValid. The server will choose
# the MINIMUM of the two values.
#
# AuthRadiusCookieValid <minutes-for-which-cookie-is-valid>
#
AuthRadiusCookieValid 5
#
# Set the use of RADIUS authentication at this <Location>"
#
# Globally set the RADIUS authentication active.
#
#
# If there is a directory which you do NOT want to have RADIUS
# authentication for, then use a <Directory> or <Location> directive,
# and set "AuthRadiusActive Off". The default is "On".
#
AuthRadiusActive On
#
# require that mod_auth_radius return a valid user, otherwise
# access is denied.
#
require valid-user
#
# Force the calling station ID to 'MyServiceName' for location /secure/
# AddRadiusCallingStationID <string 1..255 bytes>
#
AddRadiusCallingStationID MyServiceName
#
# end of the per-location directives
#
</Location>