#################################################################
# Change the four values below to make this config file support #
# the authPort and acctPort you need. #
#################################################################
DefineGlobalVar auPort 1812
DefineGlobalVar acPort 1813
AuthPort 1812
AcctPort 1813
################################################
# Your Should Not Need To Edit Below This Line #
################################################
Foreground
LogStdout
SnmpgetProg /usr/bin/snmpget
LogDir /var/log/radius
PidFile /var/run/radiusd_au%{GlobalVar:auPort}-ac%{GlobalVar:acPort}-radiusd.pid
DbDir /usr/local/raddb
LogFile %L/%Y%m%d_au%{GlobalVar:auPort}-ac%{GlobalVar:acPort}.logfile
include %D/conf/clients.cfg
# User a lower trace level in production systems,
Trace 6
#Trace 3
# Handlers start here.
# Note: the order of Handlers matters. The first Handler
# that matches the request is chosen.
#
# Process keep-alive messages here to keep them separate from
# real wimax authentication
#
Identifier keep-alive-handler
Identifier keep-alive-authby
# *Result values can be tailored for required response
AuthResult REJECT
AcctResult ACCEPT
DefaultResult IGNORE
# Handle TTLS phase 2 (inner) authentication. This is where the real username
# and password/MSCHAP are available.
#
Identifier wimax-inner-handler
# If check attributes are needed from outer request, add them here.
#
AddToRequest Service-Type = %{OuterRequest:Service-Type}
#Indentifier wimax-inner-file-authby
Filename %D/users
# Never try to lookup user DEFAULT
NoDefault
NoDefaultIfFound
# Always lookup user without realm part
UsernameMatchesWithoutRealm
# Return the realm username as Chargeable-User-Identity
#AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT, MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO, USERNAME from RADUSERS where USERNAME=%0
#AuthColumnDef 0,Chargeable-User-Identity,reply
# This Handler matches the rest of the requests. The rest should be WiMAX.
# This Handler takes care of establishing TTLS TLS tunnel, phase 1 (outer)
# authentication, and returning WiMAX attributes. The user authentication
# is done by the phase 2 (inner) authentication Handler
#
Identifier wimax-outer-handler
Identifier wimax-outer-authby
EAPType TTLS
#EAPType PEAP
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
# The max lifetime of eack key, in seconds.
# Defaults to 3600 seconds (1 hour)
KeyLifetime 43200
# IF HAPassword is defined, the the HA must send this password
# in requests sent to this HAAA. The HA must be configured to
# send this password, otherwise its requests will be REJECTed
#HAPassword W1M@X#03!2011
HAPassword wimax123
# MSKInMPPEKeys Forces the MSK to be encoded in
# MS-MPPE-Send-Key and MS-MPPE-Recv-Key, as well as
# the usual WiMAX-MSK reply attributes. This is required
# by some non-compliant clients, such as some Alcatel-Lucent
# devices.
#MSKInMPPEKeys 1