/etc/strongswan.d/charon/eap-radius.conf is in libcharon-extra-plugins 5.5.1-4+deb9u4.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | eap-radius {
# Send RADIUS accounting information to RADIUS servers.
# accounting = no
# Close the IKE_SA if there is a timeout during interim RADIUS accounting
# updates.
# accounting_close_on_timeout = yes
# Interval in seconds for interim RADIUS accounting updates, if not
# specified by the RADIUS server in the Access-Accept message.
# accounting_interval = 0
# If enabled, accounting is disabled unless an IKE_SA has at least one
# virtual IP. Only for IKEv2, for IKEv1 a virtual IP is strictly necessary.
# accounting_requires_vip = no
# Use class attributes in Access-Accept messages as group membership
# information.
# class_group = no
# Closes all IKE_SAs if communication with the RADIUS server times out. If
# it is not set only the current IKE_SA is closed.
# close_all_on_timeout = no
# Send EAP-Start instead of EAP-Identity to start RADIUS conversation.
# eap_start = no
# Use filter_id attribute as group membership information.
# filter_id = no
# Prefix to EAP-Identity, some AAA servers use a IMSI prefix to select the
# EAP method.
# id_prefix =
# Whether to load the plugin. Can also be an integer to increase the
# priority of this plugin.
load = yes
# NAS-Identifier to include in RADIUS messages.
# nas_identifier = strongSwan
# Port of RADIUS server (authentication).
# port = 1812
# Base to use for calculating exponential back off.
# retransmit_base = 1.4
# Timeout in seconds before sending first retransmit.
# retransmit_timeout = 2.0
# Number of times to retransmit a packet before giving up.
# retransmit_tries = 4
# Shared secret between RADIUS and NAS. If set, make sure to adjust the
# permissions of the config file accordingly.
# secret =
# IP/Hostname of RADIUS server.
# server =
# Number of sockets (ports) to use, increase for high load.
# sockets = 1
dae {
# Enables support for the Dynamic Authorization Extension (RFC 5176).
# enable = no
# Address to listen for DAE messages from the RADIUS server.
# listen = 0.0.0.0
# Port to listen for DAE requests.
# port = 3799
# Shared secret used to verify/sign DAE messages. If set, make sure to
# adjust the permissions of the config file accordingly.
# secret =
}
forward {
# RADIUS attributes to be forwarded from IKEv2 to RADIUS.
# ike_to_radius =
# Same as ike_to_radius but from RADIUS to IKEv2.
# radius_to_ike =
}
# Section to specify multiple RADIUS servers.
servers {
}
# Section to configure multiple XAuth authentication rounds via RADIUS.
xauth {
}
}
|