NAME

       inn-radius.conf - Configuration for nnrpd RADIUS authenticator

DESCRIPTION

       This describes the format and attributes of the configuration file for the nnrpd RADIUS authenticator.
       See radius(8) for more information about the authenticator program.  The default location for this file
       is inn-radius.conf in pathetc.

       Blank lines and lines beginning with "#" are ignored, as is anything after a "#" on a line.  All other
       lines should begin with a parameter name followed by a colon and the value of that key, except that each
       section of configuration for a particular server should be enclosed in:

           server <name> {
               # parameters...
           }

       where <name> is just some convenient label for that server.

SERVER GROUP PARAMETERS

       The available parameters are:

       radhost
           The hostname of the RADIUS server to use for authentication.  This parameter must be set.

       radport
           The port to query on the RADIUS server.  Defaults to 1645 if not set.

       lochost
           The  hostname  or IP address making the request.  The RADIUS server expects an IP address; a hostname
           will be translated into an IP address with gethostbyname().  If not  given,  this  information  isn't
           included in the request (not all RADIUS setups require this information).

       locport
           The  port  the  client  being  authenticated  is connecting to.  If not given, defaults to 119.  This
           doesn't need to be set unless readers are connecting to a non-standard port.

       secret
           The shared secret with the RADIUS server.  If your secret includes spaces, tabs, or "#", be  sure  to
           include it in double quotes.  This parameter must be set.

       prefix
           Prepend  the  value of this parameter to all usernames before passing them to the RADIUS server.  Can
           be used to prepend something like "news-" to all  usernames  in  order  to  put  news  users  into  a
           different namespace from other accounts served by the same server.  If not set, nothing is prepended.

       suffix
           Append  the  value of this parameter to all usernames before passing them to the RADIUS server.  This
           is often something like "@example.com", depending on how your RADIUS server is set up.  If  not  set,
           nothing is appended.

       ignore-source
           Can be set to "true", "yes", "on", "false", "no" or "off".  If set to false, the RADIUS authenticator
           will check to ensure that the response it receives is from the same IP address as it sent the request
           to  (for  some added security).  If set to true, it will skip this verification check (if your RADIUS
           server has multiple IP addresses or if other odd things are going on, it may be perfectly normal  for
           the response to come from a different IP address).

EXAMPLE

       Here  is  a  configuration  for  a  news  server  named  news.example.com,  authenticating  users against
       radius.example.com and appending "@example.com" to all client-supplied usernames before passing  them  to
       the RADIUS server:

           server example {
               radhost: radius.example.com
               lochost: news.example.com
               secret: IamARADIUSsecRET
               suffix: @example.com
           }

       The shared secret with the RADIUS server is "IamARADIUSsecRET".

HISTORY

       This  documentation  was  written  by  Russ Allbery <eagle@eyrie.org> based on the comments in the sample
       inn-radius.conf file by Yury B. Razbegin.

SEE ALSO

       radius(8).

INN 2.7.3                                          2025-02-21                                 INN-RADIUS.CONF(5)