Internet Express for Tru64 UNIX Version 6.8 Administration Guide (14233)

ManualsBrandsHP ManualsSoftwareTru64 UNIX 5.1

191

192

193

194

195

196

197

198

199

200

HP recommends that you run the server with as few permissions as possible. That is, if you

are not using shadow passwords, the user and group items below should be set to nobody.

On SCO (ODT 3) use user = nouser and group = nogroup. Note that some kernels

refuse to setgid(group) when the value of (unsigned)group is above 60000. Do not use group

nobody on these systems. On systems with shadow passwords, you might have to set group

= shadow for the server to be able to read the shadow password file. If you can authenticate

users while in debug mode, but not in daemon mode, it may be that the debugging mode

server is running as a user that can read the shadow info, and the user listed below cannot.

user = nobody group = nobody

4. max_request_time: The maximum time (in seconds) to handle a request.

Requests which take more time than this to process may be killed, and a REJECT message

is returned.

Warning:

If you notice that requests take a long time to be handled, then this may indicate a bug in

the server, in one of the modules used to handle a request, or in your local configuration.

This problem is most often seen when using an SQL database. If it takes more than a second

or two to receive an answer from the SQL database, then it probably means that you haven't

indexed the database. See your SQL server documentation for more information.

Useful range of values: 5 to 120

max_request_time = 30

5. bind_address: Make the server listen on a particular IP address, and send replies out from

that address. This directive is most useful for machines with multiple IP addresses on one

interface.

This directive can either contain *, or an IP address, or a fully qualified Internet domain

name. The default is *.

As of Version 1.0, you can also use the listen directive. See the following for more information.

bind_address = *.

6. port: Allows you to bind FreeRADIUS to a specific port.

The default port that most NAS boxes use is 1645, which is historical. RFC 2138 defines 1812

to be the new port. Many new servers and NAS boxes use 1812, which can create

interoperability problems.

The port is defined here to be 0 so that the server will use the machine's local configuration

for the radius port, as defined in /etc/services.

If you want to use the default RADIUS port as defined on your server, (usually through

grep radius /etc/services) set this to 0 (zero).

A port given on the command line using the -p option overrides this one.

As of Version 1.0, you can also use the listen directive. See the following for more information.

port = 0

Other modules in the radiud.conf include authorize, authenticate and instantiate. For

information, see /usr/local/etc/raddb/radiusd.conf.

9.4.4 Viewing FreeRADIUS Log File

The FreeRADIUS Server logs information in the /usr/local/var/log/radius/radius.log

file. View the contents of this log file from the Administration Utility, as follows:

9.4 FreeRADIUS Server Administration 193