# radiator.conf-radius-internal
#
# Sample Radiator configuration file for Linux and other Unix type
# platforms.
#
# Copy this file to Radiator configuration directory
# and name it as /etc/radiator/radiator.conf
#
# This configuration will accept or reject authentication attempts
# based on the RADIUS client IP address. All accounting messages will
# be accepted.
#
# Authentication requests received from IP address 127.0.0.1
# will be accepted. Requests from any other IP address will
# be rejected.
#
# The shared RADIUS secret is: mysecret
#
# See log file parameters below locations of different logs Radiator
# creates.
#
# You should consider this file to be a starting point only
# $Id$
# Use 4 for debug logging
###Trace 3
Trace 4
# Additional configuration files go to DbDir. LogDir sets the value of
# %L and contains log files for Radiator, authentication results and
# accounting messages
DbDir /etc/radiator
LogDir /var/log/radiator
LogFile %L/radiator.log
# Put additional information to Radiator log file
LogMicroseconds
LogTraceId
# Any custom dictionaries should go in DbDir
DictionaryFile /opt/radiator/radiator/dictionary
# No pidfile needed when started as systemd service
PidFile
# Make IPv6 and IPv4 listen sockets completely separate
# Bind only to IPv4 wildcard address
###BindV6Only
BindAddress 0.0.0.0
AuthPort 1645,1812
AcctPort 1646,1813
# Read possible license configuration parameters from this file
LicenseFile %D/license.conf
#####################################################################
# RADIUS request logging
#####################################################################
# This auth logger logs both success and failure to a file. Ignored
# attempts are also logged.
Identifier authlog-file
Filename %L/authentication.log
LogSuccess
LogFailure
LogIgnore
SuccessFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' \
handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' \
called-station='%{Called-Station-Id}' result='OK'
FailureFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' \
handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' \
called-station='%{Called-Station-Id}' reason='%1' result='FAIL'
IgnoreFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' \
handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' \
called-station='%{Called-Station-Id}' reason='%1' result='IGNORE'
# This acct logger logs accounting requests
Identifier acctlog-file
Filename %L/accounting.log
LogFormat %l trace_id='%2' user='%u' client='%c/%{Client:Identifier}' nas='%N/%{NAS-Identifier}' \
handler='%{Handler:Identifier}' calling-station='%{Request:Calling-Station-Id}' \
called-station='%{Called-Station-Id}' session-id=%'{Acct-Session-Id}' \
status='%{Acct-Status-Type}' duration='%{Acct-Session-Time}' octets-in='%{Acct-Input-Octets}' \
octets-out='%{Acct-Output-Octets}' framed-ip='%{Framed-IP-Address}'
#####################################################################
# Clients
#####################################################################
# Requests originating from the loopback IP address
Identifier loopback-client
Secret mysecret
# Match all the other IP addresses
###
### Identifier default-client
### Secret mysecret
###
#####################################################################
# Handlers
#####################################################################
# Handler to requests originating from the loopback IP address
#
# Identifier loopback-handler
#
#
# Identifier auth-internal-accept
# AuthResult ACCEPT
# AcctResult ACCEPT
#
#
# # Log result
# AuthLog authlog-file
# # Log accounting
# AcctLog acctlog-file
#
#
## Reject everything else
#
# Identifier default-handler
#
#
# Identifier auth-internal-reject
# AuthResult REJECT
# AcctResult ACCEPT
#
# # This sets reject reason for AuthLog
# RejectReason Handled and rejected by default-handler
#
#
# # Log result
# AuthLog authlog-file
# # Log accounting
# AcctLog acctlog-file
#
# # Pass the reject reason to the RADIUS client as Reply-Message
# RejectHasReason
#
Identifier Okta-Handler
AuthByPolicy ContinueWhileAccept
AuthByPolicy ContinueUntilAcceptOrChallenge
Identifier Auth-Radius
# Okta Agent
Secret xxxx
Asynchronous
AuthPort 1901
# AcctPort not existin but not able di disable it
AcctPort
RetryTimeout 15
# Return reply attributes based on user groups
Identifier Auth-FILE-groups
Filename %D/groups
AuthLog authlog-file
AcctLog acctlog-file