# radmin.cfg
#
# Example Radiator configuration file to interface to the
# Radmin user management package from Open System Consultants
# (http://www.open.com.au/radmin)
#
# You can add extra items to your RADUSERS table and make 
# Radiator take note of them with, for example:
# AuthSelect select PASS_WORD,STATICADDRESS,TIMELEFT,\
#            MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO,\
#            FRAMED_NETMASK,FRAMED_FILTER_ID,MAXIDLETIME \
#            from RADUSERS where \
#            USERNAME='%n' and BADLOGINS < 5 and \
#            VALIDFROM < %t and VALIDTO > %t
# AuthColumnDef   0,Framed-IP-Netmask,reply
# AuthColumnDef   1,Filter-Id,reply
# AuthColumnDef   2,Idle-Timeout,reply
# note that the numbering of AuthColumnDef starts with the
# field following the first 4 minumum and required fields.
#
# You should consider this file to be a starting point only
# $Id $

Foreground
LogStdout
LogDir		.
DbDir		.

AcctPort 1646
AuthPort 1645
BindAddress 0.0.0.0
DictionaryFile /etc/radiator/dictionary

<ServerHTTP >
	BindAddress 0.0.0.0
	DefaultPrivilegeLevel 15
	LogMaxLines 500
	MaxBufferSize 100000
	Password aaa
	Port 9048
	Protocol tcp
	SessionTimeout 3600
	TLS_ExpectedPeerName .+
	Trace 0
	Username aaa
</ServerHTTP>

# Dont turn this up too high, since all log messages are logged
# to the RADMESSAGES table in the database. 3 will give you everything
# except debugging messages
Trace 5

# You will probably want to change this to suit your site.
# You should list all the clients you have, and their secrets
# If you are using the Radmin Clients table, you wil probably
# want to disable this.
<Client DEFAULT>
Secret	mysecret
DupInterval 0
</Client>

# You can put additonal (or all) client details in your Radmin
# database table
# and get their details from there with something like this:
# You can then use the Radmin 'Add Radius Client' to add new clients.
<ClientListSQL>
	DBSource	dbi:mysql:radmin:localhost
	DBUsername	radmin
	DBAuth		radminpw

	# If RefreshPeriod is set to non-zero, it specifies the period in seconds that the client list will
	# be refreshed by rereading the database. Each RefreshPeriod,
	# any Clients previously created by this ClientList are cleared
	# and a new set of clients read from the database.
	# Clients defined in the configuration file will not be clobbered.
	# The same effect can be got by signalling the process with with SIGHUP
	RefreshPeriod 60
</ClientListSQL>

# Handle everyone with RADMIN
<Realm DEFAULT>
	<AuthBy RADMIN>
	
		AutoMPPEKeys

	
		# Change DBSource, DBUsername, DBAuth for your database
		# See the reference manual. You will also have to 
		# change the one in <SessionDatabse SQL> below
		# so its the same
		DBSource	dbi:mysql:radmin:localhost
		DBUsername	radmin
		DBAuth		radminpw

		# Never look up the DEFAULT user 
		NoDefault


		# You can add to or change these if you want, but you
		# will probably want to change the database schema first
		AccountingTable	RADUSAGE
		AcctColumnDef	USERNAME,User-Name
		AcctColumnDef	TIME_STAMP,Timestamp,integer
		AcctColumnDef	ACCTSTATUSTYPE,Acct-Status-Type,integer
		AcctColumnDef	ACCTDELAYTIME,Acct-Delay-Time,integer
		AcctColumnDef	ACCTINPUTOCTETS,Acct-Input-Octets,integer
		AcctColumnDef	ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
		AcctColumnDef	ACCTSESSIONID,Acct-Session-Id
		AcctColumnDef	ACCTSESSIONTIME,Acct-Session-Time,integer
		AcctColumnDef	ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
		AcctColumnDef	FRAMEDIPADDRESS,Framed-IP-Address
		AcctColumnDef	NASIDENTIFIER,NAS-IP-Address
		AcctColumnDef	NASIDENTIFIER,NAS-Identifier
		AcctColumnDef	NASPORT,NAS-Port,integer
		AcctColumnDef	DNIS,Called-Station-Id
#		AcctColumnDef	CALLINGSTATIONID,Calling-Station-Id

		# This updates the time and octets left
		# for this user
		AcctSQLStatement update RADUSERS set TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where USERNAME='%n'

		# These are the classic things to add to each users 
		# reply to allow a PPP dialup session. It may be 
		# different for your NAS. This will add some 
		# reply items to everyone's reply
		# 		AddToReply Framed-Protocol = PPP,\
		#         		Framed-IP-Netmask = 255.255.255.255,\
		#         		Framed-Routing = None,\
		#         		Framed-MTU = 1500,\
		# 			Framed-Compression = Van-Jacobson-TCP-IP

		# If you intend to use rcrypt reversible encryption
		# for passwords in your Radmin database, you must 
		# RcryptKey here to be the same secret key you
		# defined in your Radmin Site.pm, and also set 
		# PasswordFormat in your Site.pm.
		# RcryptKey mysecret

		# If you intend to use Unix encryption in your database,
		# you will need to set EncryptedPasssword here,
		# as well as setting PasswordFormat in your Site.pm
		# EncryptedPassword

		# You can change the max bad login count from the default
		# of 5 with something like
		# MaxBadLogins 10

		# To improve user lookup performance on databases that support
		# placeholders, you can use AuthSelectParam and ? like this:
		# AuthSelect select PASS_WORD, STATICADDRESS, TIMELEFT,MAXLOGINS, SERVICENAME, BADLOGINS, VALIDFROM, VALIDTO from	RADUSERS where USERNAME=?
		# AuthSelectParam %0
		# ServiceAttrQuery select ATTR_ID, VENDOR_ID, IVALUE, SVALUE, ITEM_TYPE from RADSTCONFIG where NAME=? order by ITEM_TYPE
		# AttrQueryParam %0

	</AuthBy>

	# This clause logs all authentication successes and failures to the RADAUTHLOG table
	# Suitable for use with RAdmin version 1.6 or later
	<AuthLog SQL>
		# This database spec usually should be exactly the same
		# as in <AuthBy RADMIN> above
		DBSource	dbi:mysql:radmin:localhost
		DBUsername	radmin
		DBAuth		radminpw

		LogSuccess
		SuccessQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE) values (%t, '%n', 1)
		LogFailure
		FailureQuery insert into RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON) values (%t, '%n', 0, %1)
	</AuthLog>



</Realm>

<SessionDatabase SQL>
	AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) values ('%u', '%1', %2, %3, %{Timestamp}, '%{Framed-IP-Address}', '%{NAS-Port-Type}', '%{Service-Type}')
	ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%0'
	ClearNasSessionQuery delete from RADONLINE where NASIDENTIFIER='%0' and ACCTSESSIONID = '%1'
	ConnectionAttemptFailedHook sub {my $self = shift;my $dbsource = shift;my $dbusername = shift;my $dbauth = shift;$self->log($main::LOG_ERR, "Could not connect to SQL database with DBI->connect $dbsource, $dbusername, $dbauth: $@ $DBI::errstr");}
	CountNasSessionsQuery select ACCTSESSIONID from RADONLINE where NASIDENTIFIER='%0'
	CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='%u'
	DBAuth radminpw
	DBSource dbi:mysql:radmin:localhost
	DBUsername radmin
	DateFormat %b %e, %Y %H:%M
	DeleteQuery delete from RADONLINE where NASIDENTIFIER='%1' and NASPORT=0%2
	FailureBackoffTime 600
	NoConnectionsHook sub { my $self = shift;$self->log($main::LOG_ERR, "Could not connect to any SQL database. Request is ignored. Backing off for $self->{FailureBackoffTime} seconds");}
	Timeout 60
</SessionDatabase>
# You can also set up an address pool for Radiator to manage.
# The standard Radmin tables include a RADPOOL address pool table.
# see the example in addressallocator.cfg


<Handler ConvertedFromPEAP=1>
<Handler ConvertedFromLEAP=1>