Property | Value |
---|
authentication.listenport | <Port number>
The port number that the radius server should use for listening to authentication requests. Example is 1812
Default value is 1812 |
authentication.listenaddress | <IP address>
The address that the radius server should use to listen for authentication requests. Example is 10.10.1.120
No default value |
accounting.listenport | <Port number>
The port number that the radius server should use for listening to accounting requests. Example is 1813
Default value is 1813 |
accounting.listenaddress | <IP address>
The address that the radius server should use to listen for accounting requests. Example is 10.10.1.120
No default value |
sockettimeout | <timeout in ms>
The socket timeout while listening for radius packages. This timeout value works on both accounting and authentication sockets
Default value is 3000 |
duplicatetimer | <time value in ms>
The number of milliseconds that received packages should be stored so they can be checked for duplicate packages
Default value is 30000 |
duplicatecount | <number of packages>
The number of received packages to store that are checked for duplicate packages.
Default value is 5000 |
authtype.pap | <authentication plugin ID>
The value of the authentication plugin used to verify pap authentication requests. Example value is 9 (typically user administration authentication plugin) or 43 (Ceptor user administration login providing SMS OTP codes as well)
9 - Ceptor user administration login |
authtype.chap | <authentication plugin ID> Note: CHAP login has not yet been verified with Ceptor. The value of the authentication plugin used to verify chap authentication requests. Example value is 9 (typically user administration authentication plugin)
9 - Ceptor user administration login |
authtype.challenge | <authentication plugin ID>
The value of the authentication plugin used to verify the challenge for two factor logins. An example value could be 43 (SMS OTP using Ceptor user administration server for password validation)
No default value |
authentication.challenge | <String> The challenge text to be shown to the user in the event of a two factor login. This challenge can also be set through the authentication plugin and if it is set from there this value will not be used. Default value is: "Please enter a valid challenge: " |
authentication.twofactor | true / false Set this value to true if the authentication primary authentication plugin (PAP or CHAP) does not support validating the password but instead can issue a new token through the "newToken" method (for example the google authenticator plugin). The password will then be validated together with the challenge token. Default value is false |
sharedsecret.x | <shared secret for IP addresses>
X is a number between 1 and 512
This value defines a shared secret for a series of IP addresses (those sending the authentication packages). One or more IP addresses can be given per entry. Examples are:
10.1.32.100,10.2.64.100=super123secret 127.0.0.1=another22super33secret
An IP address with the value * can be given, this secret will be used if the sending IP address is not defined. If this is not defined, the package will be ignored!
Secrets can be encrypted using PortalProtect PasswordUtil (see documentation elsewhere). These are then stored here in encoded form, RSA, AES or 3DES form.
No default value |
packet.debug | true / false If set to true all received and send packages will be logged as info logging to the log file. Default value is false |
username.sessionid | <true | false>
Set this value to tell the Radius server to append the PP session ID in the USER field on reply packages of type ACCEPT. This is not supported by all radius clients but those that do support it will in turn either send the session ID back in upcoming accounting requests (allowing for better logging!) or just ignor the field altogether.
Default value is false |
clientsessions.maxcount | <number of sessions>
Number of client sessions to store in the radius server. Since radius clients are allowed to present their own "session identifier" to the radius server, these are stored with their corresponding PP sessions ID in the radius server. This defines how many will be stored.
Default value is 100000 |
clientsessions.timetolive | <Time to live in seconds>
Defines the time to live for client sessions from radius clients. After this time they will be removed if there is not enough space for more client sessions
Default value is 5 |
clientsessions.forcetimeout | <Force timeout in seconds>
Defines the force timeout for client sessions from radius clients. After this time they will be removed if not heard from
Default value is 30 |
ppsessions.maxcount | <number of sessions>
Number of pp sessions to store in the radius server which are used for STATE packages send to clients when doing two factor logins. This defines how many will be stored awaiting the second part of the login message from the client
Default value is 100000 |
ppsessions.timetolive | <Time to live in seconds>
Defines the time to live for pp sessions for STATE packages. After this time they will be removed if there is not enough space for more pp sessions
Default value is 5 |
ppsessions.forcetimeout | <Force timeout in seconds>
Defines the force timeout for pp sessions for STATE packages. After this time they will be removed if not heard from
Default value is 30 |
threadpool.size | <number, between 1 and 4096> Defines number of threads in the threadpool that can handle packages received from clients - this is also the maximum amount of concurrent authentications that can be done at a time. Default value is 100. |
accounting.script | <Script - javascript, python or groovy> Script code that is run to process a received accounting request package. |
authentication.script | <Script - javascript, python or groovy> Authentication script that is run when an access request package is received from a client - seeĀ Ceptor RADIUS Server for more information. If a script is specified, it overrides the other options for authtype.pap, authtype.challenge etc. |