configure.texi

gnu 的radius服务器很好用的

@subheading Syntax:
@smallexample
usedbm ( yes | no ) ;
@end smallexample

@subheading Usage
The @code{usedbm} statement determines whether the DBM support should
be enabled.

@table @code
@item no
Do not use DBM support at all.

@item yes
Use only the DBM database and ignore @file{raddb/users}.

@end table

@comment **L3***************************************************************
@node snmp
@subsection @code{snmp} statement 
@cindex SNMP service parameters
@cindex Customizing SNMP server
@kwindex snmp
@kwindex port 
@kwindex max-requests
@kwindex time-to-live
@kwindex request-cleanup-delay
@kwindex ident
@kwindex community
@kwindex network
@kwindex acl
@kwindex allow
@kwindex deny
@kwindex storage
@kwindex file
@kwindex perms
@kwindex max-nas-count
@kwindex max-port-count

@subheading Syntax:
@smallexample
snmp @{
        port @var{portno} ; 
        listen ( @var{addr-list} | no ); 
        max-requests @var{number} ; 
        time-to-live @var{number} ; 
        request-cleanup-delay @var{number} ; 
        ident @var{string} ; 
        community @var{name} ( rw | ro ) ; 
        network @var{name} @var{network} [ @var{network} ... ] ; 
        acl @{
                allow @var{network_name} @var{community_name} ; 
                deny @var{network_name} ; 
        @} ; 
        storage @{
                file @var{filename} ; 
                perms @var{number} ; 
                max-nas-count @var{number} ; 
                max-port-count @var{number} ; 
        @} ; 
@};
@end smallexample

@subheading Usage
The @code{snmp} statement configures the SNMP service.

@subheading @code{listen} statement

The @code{listen} statement determines on which addresses radiusd will
listen for incoming SNMP requests. The argument is a comma-separated
list of items in the form @var{ip}:@var{port-number}. The @var{ip} can
be either an IP address in familiar ``dotted-quad'' notation or a
hostname. The :@var{port-number} part may be omitted, in which case the
default SNMP port (161) is used.

If the @code{listen} statement is omitted, radiusd will accept incoming
requests from any interface on the machine.

The special value @code{no} disables listening for SNMP requests.

The following example configures radius to listen for the incoming
SNMP requests on the default SNMP port on the address 10.10.10.1
and on port 4500 on address 10.10.11.2.

@smallexample
listen 10.10.10.1, 10.10.11.2:4500;
@end smallexample


@subheading Numeric statements

@table @code
@item port
Sets the number of which port to listen for the SNMP requests.

@item max-requests
Sets the maximum number of SNMP requests in the queue. Any
surplus requests will be discarded.

@item time-to-live
Sets the request time-to-live in seconds. The time-to-live is the time
to wait for the completion of the request. If the request job isn't
completed within this interval of time it is cleared, the corresponding
child process killed and the request removed from the queue.

@item request-cleanup-delay 
Sets the request cleanup delay in seconds, i.e. determines how long will
the completed SNMP request reside in the queue.

@end table

@subheading String statements

@table @code
@item ident
Sets the SNMP server identification string.
@end table

@subheading Community and network definitions

@table @code
@item community @var{name} ( rw | ro )
Defines the community @var{name} as read-write (@code{rw}) or read-only
(@code{ro}).

@item network @var{name} @var{network} [ @var{network} ... ]
Groups several networks or hosts under one logical network name.

@end table

@subheading Access-Control List definitions

@table @code
@item allow @var{network_name} @var{community_name}
allow hosts from the group @var{network_name} access to community
@var{community_name}.

@item deny @var{NETWORK_NAME}
Deny access to SNMP service from any host in the group @var{network_name}.
@end table

@subheading Storage control

GNU Radius stores the SNMP monitoring data in an area of shared
memory mapped to an external file. This allows all subprocesses
to share this information and to accumulate the statistics across
invocations of the daemon.

The @code{storage} statement controls the usage of the storage for
the SNMP data.

@table @code
@item file
Sets the file name for the SNMP storage file. Unless the filename
begins with a @samp{/} it is taken as relative to the current
logging directory.

@item perms
Sets the access permissions for the storage file. @emph{Notice}, that
this statement does not interpret its argument as octal by default, so
be sure to prefix it with @samp{0} to use an octal value.

@item max-nas-count
Sets maximum number of NASes the storage file is able to handle. Default
is 512. Raise this number if you see the following message in your log
file:

@cartouche
@example
reached SNMP storage limit for the number of
monitored NASes: increase max-nas-count
@end example
@end cartouche

@item max-port-count
Sets maximum number of ports the storage file is able to handle. Default
is 1024. Raise this number if you see the following message in your log
file:

@cartouche
@example
reached SNMP storage limit for the number of
monitored ports: increase max-port-count
@end example
@end cartouche

@end table

@comment **L3***************************************************************
@node rewrite
@subsection @code{rewrite} statement.
@cindex Rewrite language settings
@kwindex rewrite
@UNREVISED{}

@subheading Syntax:
@smallexample
rewrite @{
        stack-size @var{number} ; 
        load-path @var{string} ; 
        load @var{string} ; 
@};
@end smallexample

@subheading Numeric statements

@table @code
@item stack-size
Configures runtime stack size for Rewrite. The @var{number} is the
size of stack in words. The default value is 4096.
@end table

@subheading String statements
@table @code
@item load-path
Add specified pathname to the list of directories searched for
rewrite files. 
@item load
Loads the specified source file on startup. Unless @var{string} is an
absolute pathname, it will be searched in directories set up by
@code{load-path} statement.
@end table 

@subheading Loading

The default load path is @code{@file{RADDB}:@file{DATADIR}/rewrite}. @FIXME{
Describe the loading process in detail. Also, some kind of
autoloading is necessary for Rewrite.}

@comment **L3***************************************************************
@node guile
@subsection @code{guile} statement
@cindex Guile interface configuration
@cindex Customizing Radiusd Guile interface
@kwindex guile 
@kwindex debug
@kwindex load-path
@kwindex load-module
@kwindex load
@kwindex gc-interval
@kwindex outfile
@kwindex eval
@UNREVISED{}

The @code{guile} statement allows to configure server interface with
Guile. 

@subheading Syntax

@smallexample
guile @{
        debug @var{bool} ; 
        load-path @var{string} ; 
        load @var{string} ; 
        load-module @var{string} [ @var{string} ... ] ; 
        eval @var{expression} [ @var{expression} ... ] ; 
        gc-interval @var{number} ; 
        outfile @var{string} ; 
@};
@end smallexample

@subheading Usage

@subheading Boolean statements

@table @code
@item debug
When set to yes, enables debugging evaluator and backtraces on Guile
scripts.
@end table

@subheading Numeric statements

@table @code
@item gc-interval
Configures the forced garbage collections. By default the invocation
of the garbage collector is run by the internal Guile mechanism.
However, you may force Radius to trigger the garbage collection
at fixed time intervals. The @code{gc-interval} statement sets
such interval in seconds.

For more information about Guile memory management system in general
and garbage collections in particular, see @ref{Memory Management,,Memory Management and Garbage Collection,guile,The Guile Reference Manual}.

@end table

@subheading String statements
@table @code
@item eval
Evaluates its argument as @code{Scheme} expression.

@item load-path
Adds specified pathname to @code{%load-path} variable.

@item load
Loads the specified source file on startup.

@item load-module
Loads the specified Scheme module on startup. This statement takes an
arbitrary number of arguments. The first argument specifies the name
of the module to load, the rest of arguments is passed to the
@dfn{module initialization} funtion. Module initialization function
is a function named @samp{@var{module}-init}, where @var{module} is
the module name. Arguments are converted using usual @code{Guile}
rules, except that the ones starting with a dash (@samp{-}) are
converted to keyword arguments.  @FIXME{Describe the
loading sequence in more detail. Why are modules preferred over plain
SCM programs, etc.}

@item outfile
Redirects the standard output and standard error streams of the @code{Guile}
functions to the given file. Unless the filename starts with @samp{/},
it is taken relative to the current logging directory.
@end table

@xref{Guile}, for a detailed description of Guile extensions interface.

@comment **L3***************************************************************
@node message
@subsection @code{message} statement
@cindex Messages: configuring
@cindex Customizing reply messages
@kwindex message
@kwindex account-closed 
@kwindex password-expired
@kwindex password-expire-warning 
@kwindex access-denied 
@kwindex realm-quota 
@kwindex multiple-login 
@kwindex second-login 
@kwindex timespan-violation 

The @code{message} statement allows to set up the messages that are
returned to the user with authentication-response packets.

@subheading Syntax

@smallexample
message @{
        account-closed @var{string} ; 
        password-expired @var{string} ; 
        password-expire-warning @var{string} ; 
        access-denied @var{string} ; 
        realm-quota @var{string} ; 
        multiple-login @var{string} ; 
        second-login @var{string} ; 
        timespan-violation @var{string} ; 
@};
@end smallexample

All variables in @code{message} block take a string argument. In
@var{string} you can use the usual C backslash notation to represent
non-printable characters. The use of %C@{@} and %R@{@} sequences
is also allowed (@pxref{Macro Substitution}).

@subheading String statements
@table @code
@item account-closed
This message will be returned to the user whose account is
administratively closed.
@item password-expired
This message will be returned to the user whose password has expired.
@item password-expire-warning
This is a warning message that will be returned along with an
authentication-acknowledge packet for the user whose password will
expire in less than @var{n} seconds. The value of @var{n} is set by
@code{password-expire-warning} variable in @code{auth} block.
@xref{auth}. In this string, you can use the %R@{Password-Expire-Days@}
substitution, to represent the actual number of @emph{days} left
to the expiration date. The default is

@smallexample
Password Will Expire in %R@{Password-Expire-Days@} Days\r\n
@end smallexample
@item access-denied
This message is returned to the user who supplies an incorrect password or
a not-existent user-name as his authentication credentials.
@item realm-quota
This message is returned when the user is trying to log in using a
realm, and number of users that are currently logged in from this realm
reaches maximum value. For a description of realms, see @ref{Realms}.
@item multiple-login
This message is returned to the user, who has logged in more than
allowed number of times. For description of how to set the maximum
number of concurrent logins, see @ref{Simultaneous-Use}.
@item second-login
This is a special case of @code{multiple-login}, which is used when
the user's login limit is 1.
@item timespan-violation
This message is returned to the user who is trying to login outside of
allowed time interval. For description of how to limit user's login
time, see @ref{Login-Time}.
@end table

@comment **L3***************************************************************
@node filters
@subsection @code{filters} statement
@kwindex filters
@kwindex filter
@kwindex auth