[Openswan Users] xl2tpd + freeradius

alet at librelogiciel.com alet at librelogiciel.com
Thu Nov 15 14:59:51 EST 2012


On Thu, Nov 15, 2012 at 09:32:58PM +0200, Dmitry Korzhevin wrote:
> >Can anyone please share working configs for freeradius + xl2tpd? Radius
> >server is already configured, and works with mysql backend + strongSwan
> >ipsec (dirrect connection). But, i try several xl2tpd configurations,
> >and suddenly they doesn't work..

What I've got here, which works with an old freeradius server.

There's no change to xl2tpd's configuration, the meat is in the ppp config.


Jerome Alet
-------------- next part --------------
idle 1800
mtu 1280
mru 1280
connect-delay 5000
plugin radius.so
plugin radattr.so
-------------- next part --------------
# Make sure that this file is mode 600 (readable only to owner)!
#Server Name or Client/Server pair		Key
#----------------				---------------
#portmaster.elemental.net			hardlyasecret
#portmaster2.elemental.net	    		donttellanyone
radius.univ-nc.nc                               IARjx7223
-------------- next part --------------
# General settings

# specify which authentication comes first respectively which
# authentication is used. possible values are: "radius" and "local".
# if you specify "radius,local" then the RADIUS server is asked
# first then the local one. if only one keyword is specified only
# this server is asked.
auth_order	radius,local

# maximum login tries a user has
login_tries	4

# timeout for all login tries
# if this time is exceeded the user is kicked out
login_timeout	60

# name of the nologin file which when it exists disables logins.
# it may be extended by the ttyname which will result in
# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable
# logins on /dev/ttyS2)
nologin /etc/nologin

# name of the issue file. it's only display when no username is passed
# on the radlogin command line
issue	/etc/radiusclient/issue

# RADIUS settings

# RADIUS server to use for authentication requests. this config
# item can appear more then one time. if multiple servers are
# defined they are tried in a round robin fashion if one
# server is not answering.
# optionally you can specify a the port number on which is remote
# RADIUS listens separated by a colon from the hostname. if
# no port is specified /etc/services is consulted of the radius
# service. if this fails also a compiled in default is used.
authserver 	radius.univ-nc.nc

# RADIUS server to use for accouting requests. All that I
# said for authserver applies, too.
acctserver 	radius.univ-nc.nc

# file holding shared secrets used for the communication
# between the RADIUS client and server
servers		/etc/radiusclient/servers

# dictionary of allowed attributes and values
# just like in the normal RADIUS distributions
dictionary 	/etc/radiusclient/dictionary

# program to call for a RADIUS authenticated login
login_radius	/usr/sbin/login.radius

# file which holds sequence number for communication with the
# RADIUS server
seqfile		/var/run/radius.seq

# file which specifies mapping between ttyname and NAS-Port attribute
mapfile		/etc/radiusclient/port-id-map

# default authentication realm to append to all usernames if no
# realm was explicitly specified by the user
# the radiusd directly form Livingston doesnt use any realms, so leave
# it blank then

# time to wait for a reply from the RADIUS server
radius_timeout	10

# resend request this many times before trying the next server
radius_retries	3

# LOCAL settings

# program to execute for local login
# it must support the -f flag for preauthenticated login
login_local	/bin/login
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.openswan.org/pipermail/users/attachments/20121115/3c1c0b4b/attachment.sig>

More information about the Users mailing list