205 lines
6.5 KiB
Text
205 lines
6.5 KiB
Text
couchbase {
|
|
#
|
|
# List of Couchbase hosts (hosts may be space, tab, comma or semi-colon separated).
|
|
# Ports are optional if servers are listening on the standard port.
|
|
# Complete pool urls are preferred.
|
|
#
|
|
server = "http://cb01.blargs.com:8091/pools/ http://cb04.blargs.com:8091/pools/"
|
|
|
|
# Couchbase bucket name
|
|
bucket = "radius"
|
|
|
|
# Couchbase bucket password (optional)
|
|
#password = "password"
|
|
|
|
# Couchbase accounting document key (unlang supported)
|
|
acct_key = "radacct_%{%{Acct-Unique-Session-Id}:-%{Acct-Session-Id}}"
|
|
|
|
# Value for the 'docType' element in the json body for accounting documents
|
|
doctype = "radacct"
|
|
|
|
## Accounting document expire time in seconds (0 = never)
|
|
expire = 2592000
|
|
|
|
#
|
|
# Map attribute names to json element names for accounting.
|
|
#
|
|
# Configuration items are in the format:
|
|
# <radius attribute> = '<element name>'
|
|
#
|
|
# Element names should be single quoted.
|
|
#
|
|
# Note: Attributes not in this map will not be recorded.
|
|
#
|
|
update {
|
|
Acct-Session-Id = 'sessionId'
|
|
Acct-Unique-Session-Id = 'uniqueId'
|
|
Acct-Status-Type = 'lastStatus'
|
|
Acct-Authentic = 'authentic'
|
|
User-Name = 'userName'
|
|
Stripped-User-Name = 'strippedUserName'
|
|
Stripped-User-Domain = 'strippedUserDomain'
|
|
Realm = 'realm'
|
|
NAS-IP-Address = 'nasIpAddress'
|
|
NAS-Identifier = 'nasIdentifier'
|
|
NAS-Port = 'nasPort'
|
|
Called-Station-Id = 'calledStationId'
|
|
Called-Station-SSID = 'calledStationSSID'
|
|
Calling-Station-Id = 'callingStationId'
|
|
Framed-Protocol = 'framedProtocol'
|
|
Framed-IP-Address = 'framedIpAddress'
|
|
NAS-Port-Type = 'nasPortType'
|
|
Connect-Info = 'connectInfo'
|
|
Acct-Session-Time = 'sessionTime'
|
|
Acct-Input-Packets = 'inputPackets'
|
|
Acct-Output-Packets = 'outputPackets'
|
|
Acct-Input-Octets = 'inputOctets'
|
|
Acct-Output-Octets = 'outputOctets'
|
|
Acct-Input-Gigawords = 'inputGigawords'
|
|
Acct-Output-Gigawords = 'outputGigawords'
|
|
Event-Timestamp = 'lastUpdated'
|
|
}
|
|
|
|
# Couchbase document key for user documents (unlang supported)
|
|
user_key = "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}"
|
|
|
|
# Set to 'yes' to read radius clients from the Couchbase view specified below.
|
|
# NOTE: Clients will ONLY be read on server startup.
|
|
#read_clients = no
|
|
|
|
#
|
|
# Map attribute names to json element names when loading clients.
|
|
#
|
|
# Configuration follows the same rules as the accounting map above.
|
|
#
|
|
client {
|
|
# Couchbase view that should return all available client documents.
|
|
view = "_design/client/_view/by_id"
|
|
|
|
#
|
|
# Sets default values (not obtained from couchbase) for new client entries
|
|
#
|
|
template {
|
|
# login = 'test'
|
|
# password = 'test'
|
|
# proto = tcp
|
|
# require_message_authenticator = yes
|
|
|
|
# Uncomment to add a home_server with the same
|
|
# attributes as the client.
|
|
# coa_server {
|
|
# response_window = 2.0
|
|
# }
|
|
}
|
|
|
|
#
|
|
# Client mappings are in the format:
|
|
# <client attribute> = '<element name>'
|
|
#
|
|
# Element names should be single quoted.
|
|
#
|
|
# The following attributes are required:
|
|
# * ipaddr | ipv4addr | ipv6addr - Client IP Address.
|
|
# * secret - RADIUS shared secret.
|
|
#
|
|
# All attributes usually supported in a client
|
|
# definition are also supported here.
|
|
#
|
|
attribute {
|
|
ipaddr = 'clientIdentifier'
|
|
secret = 'clientSecret'
|
|
shortname = 'clientShortname'
|
|
nas_type = 'nasType'
|
|
virtual_server = 'virtualServer'
|
|
require_message_authenticator = 'requireMessageAuthenticator'
|
|
limit {
|
|
max_connections = 'maxConnections'
|
|
lifetime = 'clientLifetime'
|
|
idle_timeout = 'idleTimeout'
|
|
}
|
|
}
|
|
}
|
|
|
|
# Set to 'yes' to enable simultaneous use checking (multiple logins).
|
|
# NOTE: This will cause the execution of a view request on every check
|
|
# and may be a performance penalty.
|
|
# check_simul = no
|
|
|
|
# Couchbase view that should return all account documents keyed by username.
|
|
# simul_view = "_design/acct/_view/by_user"
|
|
|
|
# The key to the above view.
|
|
# NOTE: This will need to match EXACTLY what you emit from your view.
|
|
# simul_vkey = "%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}"
|
|
|
|
# Set to 'yes' to enable verification of the results returned from the above view.
|
|
# NOTE: This may be an additional performance penalty to the actual check and
|
|
# should be avoided unless absolutely neccessary.
|
|
# verify_simul = no
|
|
|
|
# Remove stale session if checkrad does not see a double login.
|
|
# NOTE: This will only be executed if both check_simul and verify_simul
|
|
# are set to 'yes' above.
|
|
# delete_stale_sessions = yes
|
|
|
|
#
|
|
# The connection pool is new for 3.0, and will be used in many
|
|
# modules, for all kinds of connection-related activity.
|
|
#
|
|
pool {
|
|
# Connections to create during module instantiation.
|
|
# If the server cannot create specified number of
|
|
# connections during instantiation it will exit.
|
|
# Set to 0 to allow the server to start without the
|
|
# couchbase being available.
|
|
start = ${thread[pool].start_servers}
|
|
|
|
# Minimum number of connections to keep open
|
|
min = ${thread[pool].min_spare_servers}
|
|
|
|
# Maximum number of connections
|
|
#
|
|
# If these connections are all in use and a new one
|
|
# is requested, the request will NOT get a connection.
|
|
#
|
|
# Setting 'max' to LESS than the number of threads means
|
|
# that some threads may starve, and you will see errors
|
|
# like 'No connections available and at max connection limit'
|
|
#
|
|
# Setting 'max' to MORE than the number of threads means
|
|
# that there are more connections than necessary.
|
|
max = ${thread[pool].max_servers}
|
|
|
|
# Spare connections to be left idle
|
|
#
|
|
# NOTE: Idle connections WILL be closed if "idle_timeout"
|
|
# is set. This should be less than or equal to "max" above.
|
|
spare = ${thread[pool].max_spare_servers}
|
|
|
|
# Number of uses before the connection is closed
|
|
#
|
|
# 0 means "infinite"
|
|
uses = 0
|
|
|
|
# The lifetime (in seconds) of the connection
|
|
#
|
|
# NOTE: A setting of 0 means infinite (no limit).
|
|
lifetime = 0
|
|
|
|
# The idle timeout (in seconds). A connection which is
|
|
# unused for this length of time will be closed.
|
|
#
|
|
# NOTE: A setting of 0 means infinite (no timeout).
|
|
idle_timeout = 1200
|
|
|
|
# NOTE: All configuration settings are enforced. If a
|
|
# connection is closed because of "idle_timeout",
|
|
# "uses", or "lifetime", then the total number of
|
|
# connections MAY fall below "min". When that
|
|
# happens, it will open a new connection. It will
|
|
# also log a WARNING message.
|
|
#
|
|
# The solution is to either lower the "min" connections,
|
|
# or increase lifetime/idle_timeout.
|
|
}
|
|
}
|