Internet Express for Tru64 UNIX Version 6.10 Administration Guide (5900-1418, March 2011)

ManualsBrandsHP ManualsSoftwareHP-UX Internet Express Software

181

182

183

184

185

186

187

188

189

190

clients.conf file

This file defines a RADIUS client (usually a NAS). The information given here over rides anything

given in the clients file, or in the naslist file. The configuration here contains all of the information

from those two files, and allows for more configuration items.

The shortname is be used for logging. The nastype, login and password fields are mainly used for

checkrad and are optional.

This defines a RADIUS client. The format is as follows:

client[hostname|ip-address]

127.0.0.1 is another name for localhost. It is enabled by default, to allow testing of the server

after an initial installation. If you are not going to be permitting RADIUS queries from localhost,

you need to comment it out.

Refer to /usr/local/etc/raddb/clients.conf for more information.

radiusd.conf file

This file contains values for multiple directives used by FreeRADIUS. Some of the directives are

explained in the following sections.

1. libdir – Specifies the location of rlm_* modules.

This should be automatically set at configuration time. If the server builds and installs, but fails

at execution time with an undefined symbol error, then you can use the libdir directive to work

around the problem.

The cause is usually that a library has been installed on your system in a place where the

dynamic linker cannot find it. When executing as root (or another user), your personal

environment may be set up to allow the dynamic linker to find the library. When executing

as a daemon, FreeRADIUS may not have the same personalized configuration.

To work around the problem, determine which library contains that symbol, and add the

directory containing that library to the end of libdir, with a colon separating the directory

names. No spaces are allowed. For example:

libdir = /usr/local/lib:/opt/package/lib

You can also try setting the LD_LIBRARY_PATH environment variable in a script which starts

the server.

If that does not work, then you can re-configure and re-build the server to not use shared

libraries, using the following:

./configure --disable-shared make make install

2. pidfile: Specifies where to place the PID of the RADIUS server.

The server may be signalled while it is running by using this file. This file is written when only

running in daemon mode. kill

-HUP 'cat /var/run/radiusd/radiusd.pid'

3. user/group: The name (or #number) of the user/group as which to run radiusd.

If these are commented out, the server will run as the user/group that started it. In order to

change to a different user/group, you must be root (or have root privleges ) to start the server.

HP recommends that you run the server with as few permissions as possible. That is, if you

are not using shadow passwords, the user and group items below should be set to nobody.

On SCO (ODT 3) use user = nouser and group = nogroup. Note that some kernels

refuse to setgid(group) when the value of (unsigned)group is above 60000. Do not use group

nobody on these systems. On systems with shadow passwords, you might have to set group

188 Network Security Administration