3. Configuring Radiator Previous topic Parent topic Child topic Next topic

This section describes the Radiator configuration file and the statements that control the behaviour of the Radiator server, radiusd.
When radiusd starts, it reads the configuration file. The default file name for the configuration file depends on the operating system:
Specify an alternate configuration file with the -config_file flag. There is a test configuration file (radius.cfg) in the Radiator distribution that shows most of parameters and clauses that you can use in a configuration file, and examples of how to use them. There is also a very simple example (simple.cfg) in the goodies/ directory in the Radiator distribution. It is a good starting point for your own configuration file.
In general terms, the configuration file allows you control the following things:
The configuration file is an ASCII text file, it can be edited by any text editor. Leading white space in each line is ignored, so you can use indentation to make your configuration file easier to read. Case is important in all parameter names and clauses.
An alternative to editing the configuration file directly is to use the ServerHTTP clause (for more information, see Section 3.114. <ServerHTTP> and Section 5. Configuring Radiator with GUI) which allows you to connect to Radiator with standard web browser and examine, change and test the configuration with an easy to use point and click web interface.
Each line in the configuration file can be one of:
The configuration file will usually contain the shared secrets that allow your RADIUS clients to communicate with the Radiator RADIUS server. It might also contain passwords for access to databases etc. This means that for security reasons, you should keep the configuration file as secure as possible. On Unix, you should make sure that it is readable only by the user that radiusd runs as.
Parameters that are on/off flags, such as LogSuccess, or LogFailure can be enabled or disabled in a number of ways. Values of 0, ‘no’ or ‘false’ (case insensitive) will turn the flag off, whereas any other value (including the empty string) will turn the flag on:
These will all turn a flag parameter off:
IgnoreAcctSignature 0
IgnoreAcctSignature no
IgnoreAcctSignature NO
IgnoreAcctSignature false
IgnoreAcctSignature FALSE
These will all turn a flag parameter on:
IgnoreAcctSignature 1
IgnoreAcctSignature yes
IgnoreAcctSignature anythingatall
DefineGlobalVar myspecialflag yes
IgnoreAcctSignature %{GlobalVar:myspecialflag}
Long lines in your configuration file can be split over multiple lines by using the “\” character at the end of each line except the last:
AuthSelect select s.password, g.session_timeout \
      s.check_items s.reply_items \
      from subscribers s, groups g \
      where username='%n' and s.group \
      = g.name
Parameter values can contain escaped octal characters, for example, you could specify an AcctLogFileFormat with newline (octal 012) separated lines with something like:
AcctLogFileFormat %{Timestamp}\012%{Acct-Session-Id}\
The order of clauses in the Radiator configuration file is significant.All the clauses are parsed and internal data structures constructed during the initial parse of the configuration file. They are constructed in the order they appear in the configuration file. For example, if a <Log xxxxxx> clause is encountered, that logger will be created immediately and used to log all subsequent parsing and startup errors. This means for example that if a <Log xxxxxx> clause is encountered in the configuration file, only errors in clauses that appear after the Log clause will be logged using that method.