[Openswan Users] xl2tpd + freeradius
alet at librelogiciel.com
alet at librelogiciel.com
Thu Nov 15 14:59:51 EST 2012
Hi,
On Thu, Nov 15, 2012 at 09:32:58PM +0200, Dmitry Korzhevin wrote:
> >Can anyone please share working configs for freeradius + xl2tpd? Radius
> >server is already configured, and works with mysql backend + strongSwan
> >ipsec (dirrect connection). But, i try several xl2tpd configurations,
> >and suddenly they doesn't work..
What I've got here, which works with an old freeradius server.
There's no change to xl2tpd's configuration, the meat is in the ppp config.
hth
--
Jerome Alet
-------------- next part --------------
ms-dns 10.10.0.3
ms-dns 10.10.0.1
noccp
crtscts
idle 1800
mtu 1280
mru 1280
nodefaultroute
lock
proxyarp
connect-delay 5000
auth
require-pap
refuse-eap
refuse-chap
refuse-mschap
refuse-mschap-v2
plugin radius.so
plugin radattr.so
-------------- next part --------------
# Make sure that this file is mode 600 (readable only to owner)!
#
#Server Name or Client/Server pair Key
#---------------- ---------------
#portmaster.elemental.net hardlyasecret
#portmaster2.elemental.net donttellanyone
radius.univ-nc.nc IARjx7223
-------------- next part --------------
# General settings
# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order radius,local
# maximum login tries a user has
login_tries 4
# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout 60
# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin
# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue /etc/radiusclient/issue
# RADIUS settings
# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver radius.univ-nc.nc
# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
#
acctserver radius.univ-nc.nc
# file holding shared secrets used for the communication
# between the RADIUS client and server
servers /etc/radiusclient/servers
# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary /etc/radiusclient/dictionary
# program to call for a RADIUS authenticated login
login_radius /usr/sbin/login.radius
# file which holds sequence number for communication with the
# RADIUS server
seqfile /var/run/radius.seq
# file which specifies mapping between ttyname and NAS-Port attribute
mapfile /etc/radiusclient/port-id-map
# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then
default_realm
# time to wait for a reply from the RADIUS server
radius_timeout 10
# resend request this many times before trying the next server
radius_retries 3
# LOCAL settings
# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local /bin/login
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.openswan.org/pipermail/users/attachments/20121115/3c1c0b4b/attachment.sig>
More information about the Users
mailing list