Scroll to navigation

radiusd.conf(5) FreeRADIUS configuration file radiusd.conf(5)

NAME

radiusd.conf - configuration file for the FreeRADIUS server

DESCRIPTION

The radiusd.conf file resides in the radius database directory, by default /etc/raddb. It defines the global configuration for the FreeRADIUS RADIUS server.

CONTENTS

There are a large number of configuration parameters for the server. Most are documented in the file itself as comments. This page documents only the format of the file. Please read the radiusd.conf file itself for more information.

The configuration file parser is independent of the server configuration. This means that you can put almost anything into the configuration file. So long as it is properly formatted, the server will start.

When the server parses the configuration file, it looks only for those configurations it understands. Extra configuration items are ignored. This "feature" can be (ab)used in certain interesting ways.

FILE FORMAT

The file format is line-based, like many other Unix configuration files. Each entry in the file must be placed on a line by itself, although continuations are supported.

The file consists of configuration items (variable = value pairs), sections, and comments.

Variables can be set via:

	name = value

Single and double-quoted strings are permitted:

	string1 = "hello world"

string2 = 'hello mom'

A section begins with a section name, followed on the same line by an open bracket '{'. Section may contain other sections, comments, or variables. Sections may be nested to any depth, limited only by available memory. A section ends with a close bracket ´}', on a line by itself.

	section {

...
}

Sections can sometimes have a second name following the first one. The situations where this is legal depend on the context. See the examples and comments in the radiusd.conf file for more information.

	section foo {

...
}

Any line beginning with a (#) is deemed to be a comment, and is ignored. Comments can appear after a variable or section definitions.

	# comment

foo = bar # set variable 'foo' to value 'bar'
section { # start of section
...
} # end of section

Long lines can be broken up via continuations, using '\' as the last character of the line. For example, the following entry:

	foo = "blah \

blah \
blah"

will set the value of the variable "foo" to "blah blah blah". Any CR or LF is not turned into a space, but all other whitespace is preserved in the final value.

REFERENCES

The value of a variable can reference another variable. These references are evaluated when the configuration file is loaded, which means that there is no run-time cost associated with them. This feature is most useful for turning long, repeated pieces of text into short ones.

Variables are referenced by ${variable_name}, as in the following examples.

	foo = bar       # set variable 'foo' to value 'bar'

who = ${foo} # sets variable 'who' to value of variable 'foo'
my = "${foo} a" # sets variable 'my' to "bar a"

If the variable exists in a section or subsection, it can be referenced as ${section.subsection.variable}. Forward references are not allowed. Relative references are allowed, by pre-pending the name with one or more period.

	blogs = ${.foo}

Will set variable blogs to the value of variable foo, from the current section.

	blogs = ${..foo}

Will set variable blogs to the value of variable foo, from the section which contains the current section.

	blogs = ${modules.detail.filename}

Will set variable blogs to the value of variable filename, of the detail module, which is in the modules section of the configuration file.

Properties of anonymous parent sections may also be referenced, currently name and instance are supported.

	modules {
		example foo {
			file = ${.:name}
		}
	}
	

Will set variable file to the name of the containing section (example).

	modules {
		example foo {
			file = ${.:instance}
		}
	}
	

Will set variable file to the instance name of the containing section (foo).

	modules {
		example foo {
			file = ${..:name}
		}
	}
	

Will set variable file to the name of the parent of the containing section (modules).

FILES

/etc/raddb/radiusd.conf

SEE ALSO

radiusd(8) unlang(5)

AUTHOR

Alan DeKok <aland@freeradius.org>

28 Jun 2013