engine.config

RADIUS协议的认证计费服务

#   default_retry_limit=0

# default_seqch_limit	See above		Consider reply-vector and
#						reply-id changes when
#						counting retransmissions.
#						When the limit is exceeded,
#						cause a RETRY event to occur
#						on the request which should be
#						handled by the built-in
#						(default) FSM table.
#
# e.g.:
#   default_seqch_limit=3
#   default_seqch_limit=0

# dns_address_aging	none			(Default value: one hour)
#			See also		DNS entries in the "clients"
#			'dns_address_window'	file are refreshed periodically.
#						There is a designed in
#						randomness to the aging process
#						so that all clients don't
#						expire at once.  This sets the
#						base-value, to which zero,
#						15, 30, or 45 minutes is added.
# e.g.:
#   dns_address_aging=5400

# dns_address_window	none			(Default value: 60 seconds)
#			See also		When a DNS entry in the 
#			'dns_address_aging'	"clients" file expires (needs
#						refreshing), all other clients
#						that might be refreshed within
#						this window are refreshed, too.
#
#						DNS entries are refreshed by
#						forking a process that calls
#						gethostbyname(3) for all
#						entries that need refreshing,
#						and then passing the results
#						back via UDP datagrams.  This
#						serves to limit the amount of
#						forking that occurs to support
#						refreshing of the "clients"
#						entries.
#
#						Increasing this value means that
#						less forking will occur for the
#						same number of client entries in
#						the "clients" file.
#						This may be useful if DNS
#						updates can take a long time,
#						such as when the DNS server
#						for a particular client entry
#						has gone bad or missing, or if
#						there are a large number of
#						entries in a single "clients"
#						file.
# e.g.:
#  dns_address_window=300

# global_acct_q.limit	none			Set the maximum number of
#						simultaneous accounting requests
#						to be handled by the system.
#
#						When this limit is exceeded, the
#						requests are dropped with a
#						message in the logfile.
# e.g.:
#   global_acct_q.limit=2400

# global_acct_q.hold	none			For debugging purposes only.
#						Enables holding of old 
#						requests for a specific period
#						of time after they've otherwise
#						been freed from the system.  See
#						also 'reply_check'.  Specifies
#						a value in seconds.
# e.g.:
#  global_acct_q.hold=300

# global_auth_q.limit	none			Set the maximum number of
#						simultaneous authentication
#						requests to be handled by the
#						system.
#
#						When this limit is exceeded, an
#						Access-Reject reply is returned
#						and message added to the logfile.
#
#						Note that when the authentication
#						queue limit is exceeded, the
#						server stops responding to
#						radcheck(8).
# e.g.:
#   global_auth_q.limit=1800

# global_auth_q.hold	none			For debugging purposes only.
#						Enables holding of old 
#						requests for a specific period
#						of time after they've otherwise
#						been freed from the system.  See
#						also 'reply_check'.  Specifies
#						a value in seconds.
# e.g.:
#   global_auth_q.hold=600

# list_copy_limit	none			For certain kinds of custom
#						Merit AAA Servers that
#						accumuluate attribute/value
#						pairs or generate large
#						responses.  The default value
#						is 512.  See also
#						'send_buffer_size'.
#
#						When this limit is exceeded, the
#						Merit AAA Server will crash
#						with a message in the logfile
#						and a core-dump.
# e.g.:
#   list_copy_limit=1024

# log_forwarding	none			Turn on (or off) logging in the
#						"logfile" when packets are
#						forwarded via RADIUS to 
#						another RADIUS or Merit AAA
#						Server.  Also, turn on (or off)
#						logging of the forwarding
#						vector, reply vector or
#						dumping of the packet (in
#						hexadecimal) in the logfile of
#						the packet being forwarded.
#
#						This allows finer detail when
#						tracking problems, at the
#						expense of increased sizes of
#						logfiles.
# e.g.:
#   log_forwarding=on
#   log_forwarding=off
#   log_forwarding=+vector			(hexadecimal dump of vector)
#   log_forwarding=+digest			(hexadecimal dump of digest)
#   log_forwarding=+dump			(hexadecimal dump of packet)
#   log_forwarding=-vector
#   log_forwarding=-digest
#   log_forwarding=-dump
#   log_forwarding=clear

# log_generated_request	none			Turn on (or off) logging of
#						internally generated packets
#						when they are created and
#						when they reach their end-state.
#
#						This is used for certain
#						custom Merit AAA Servers that
#						produce accounting requests
#						based on internal state
#						transitions rather than on an
#						externally delivered request.
# e.g.:
#  log_generated_request=on
#  log_generated_request=off

# packet_log		none			When logging certain
#			See also 'reply_check'	attributes for a request log
#						(NAS-Identifier, NAS-Port,
#						User-Name, et. al.) a check
#						MAY be made to see if the
#						current request matches the
#						original request with a
#						crash and core-dump as a
#						possible action.
#
#						This is useful for tracking
#						situations where a remote
#						RADIUS or Merit AAA Server is
#						responding with incorrect
#						values.
#
#						Also, it may be used to
#						investigate if an AATV is
#						corrupting the current request.
# e.g.:
#   packet_log=default				Set only +current, +original
#   packet_log=clear (or none)
#   packet_log=+abort				Crash and core-dump if mismatch
#   packet_log=+both (or +comp)			
#   packet_log=+current (or +cur)		Report only from modified req.
#   packet_log=+original (or +orig)		Report only from original req.
#   packet_log=-abort				Crash and core-dump if mismatch
#   packet_log=-both (or -comp)			Turn off the appropriate
#   packet_log=-current (or -cur)			feature named above.
#   packet_log=-original (or -orig)		

# radcheck		none			Enable (or disable) certain
#						reports produced by radcheck(8).
#						New reports produced by
#						radcheck(8) may now be enbled
#						or disabled with this option.
#						Currently, only two classes of
#						reports are so affected.
#						+ enables the report, and
#						- disables the report:

#						+/-queues (default is +/enable)
#						shows queue information:
#						number of unique requests,
#						number of queue overflows,
#						number of duplicate requests,
#						for all of the queues in the
#						system (e.g., authentication
#						and accounting).  If the number
#						of accounting requests greatly
#						exceeds the number of
#						authentication requests, then
#						a NAS/network configuration
#						error is possible.

#						+/-packets (default -/disabled)
#						Show statistics about the number
#						of octets/packets received,
#						replied, forwarded, replies-
#						received, and redone.  These
#						counters are reset on an INT
#						or HUP signal.
# e.g.:
#   radcheck=+packets
#   radcheck=+queues				(Default)
#   radcheck=-packets				(Default)
#   radcheck=-queues

# radius_log_fmt	-l option		Override the -l option to
#						specify the logfile format
#						string used.

# reply_check		none			Specify which attributes
#						to check on a reply from a
#						forwarded request to insure
#						that they are the same as
#						the forwarded request.
#
#						Besides specifying which
#						attributes to check, it's
#						possible to specify the
#						action to take when a mismatch
#						occurs: ignore the reply,
#						ignore the mismatch, or crash
#						and core-dump.
#
#						Useful attributes to check are
#						Nas-Identifier, Acct-Session-Id,
#						Class and User-Name.
#
#						Note: This feature might not
#						work well in situations that
#						communicate with servers that
#						are not derived from the
#						Merit AAA Server.
# e.g.:
#  reply_check=first				(default) check only first match
#  reply_check=all				Check all for matches
#  reply_check=+abort				Crash and core-dump if fails
#  reply_check=+dump				Dump the offending packet
#  reply_check=+ignore
#  reply_check=+verbose				
#  reply_check=clear				Clears all attributes
#  reply_check=none					from the dictionary.
#  reply_check=Nas-Identifier

# send_buffer_size	none			Decrease the send buffer
#						size.  The current size is
#						16K (16536).  Limiting the
#						send_buffer_size to be the
#						UDP MTU for the network will
#						prevent excessively large
#						packets from being forwarded
#						(or replied to) in certain
#						circumstances.
#
#						This configuration item serves
#						only a debugging function for
#						certain custom Merit AAA
#						Servers which might transmit
#						very large packets, and helps
#						to debug code written to prevent
#						an excessively large packet from
#						corrupting the server.
# e.g.:
#   send_buffer_size=1472			1500 byte ethernet - headers.