# radiusd.conf `radiusd.conf` is the main configuration file for the FreeRADIUS server, which is an open-source implementation of the RADIUS (Remote Authentication Dial-In User Service) protocol. This file contains essential settings that define how the FreeRADIUS server operates, including authentication, authorization, accounting, and other network access policies. ### Key Components in `radiusd.conf` 1. **Global Settings**: These include parameters that affect the overall behavior of the FreeRADIUS server, such as server ports, logging configuration, and paths to various directories. 2. **Module Configuration**: FreeRADIUS operates using various modules that handle different aspects of the RADIUS protocol and server functionality. Each module can be configured within `radiusd.conf` to specify its behavior and settings. 3. **Authentication Settings**: Configuration related to how users are authenticated, including supported authentication methods (e.g., PAP, CHAP, EAP), authentication realms, and authentication policies. 4. **Authorization Settings**: Defines policies and rules for authorizing access to network resources based on user credentials and other attributes. 5. **Accounting Settings**: Specifies how accounting information is logged and stored, including accounting methods (e.g., SQL, LDAP) and retention policies. 6. **Logging Configuration**: Controls the level and destination of log messages generated by the FreeRADIUS server, crucial for monitoring server activity and diagnosing issues. 7. **TLS/SSL Configuration**: If RADIUS communication is secured using TLS/SSL, configuration parameters for certificates, private keys, and cipher suites are defined here. ### Example Sections in `radiusd.conf` #### Global Configuration ```plaintext listen { type = auth ipaddr = 127.0.0.1 port = 1812 } listen { type = acct ipaddr = 127.0.0.1 port = 1813 } log { destination = files file = /var/log/radius/radius.log syslog_facility = daemon stripped_names = no auth_badpass = yes auth_goodpass = yes } ``` #### Module Configuration ```plaintext modules { ... ldap { server = "ldap.example.com" identity = "cn=admin,dc=example,dc=com" password = "admin_password" base_dn = "dc=example,dc=com" filter = "(uid=%{%{Stripped-User-Name}:-%{User-Name}})" tls { start_tls = yes tls_cacertfile = /etc/radius/ldap-ca.pem tls_certfile = /etc/radius/ldap-cert.pem tls_keyfile = /etc/radius/ldap-key.pem } } ... } ``` #### Authentication Configuration ```plaintext authorize { ... pap chap mschap ... } authenticate { ... Auth-Type PAP { pap } Auth-Type CHAP { chap } ... } ``` ### Location of `radiusd.conf` The `radiusd.conf` file is typically located in the following directory: * **Debian/Ubuntu**: `/etc/freeradius/` * **Red Hat/CentOS**: `/etc/raddb/` ### Editing `radiusd.conf` When editing `radiusd.conf`, it's crucial to follow these best practices: * Make backups before making changes. * Ensure proper syntax and formatting to avoid configuration errors. * Test changes in a controlled environment before applying them in a production environment. * Monitor server logs (`radius.log`) for any error messages or warnings after making changes. ### Conclusion `radiusd.conf` is the central configuration file for the FreeRADIUS server, governing its operation and behavior. Understanding and properly configuring `radiusd.conf` is essential for maintaining a secure and efficient RADIUS authentication and authorization service. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://linux-tutorial-cli.gitbook.io/linux-cli-tutorial/txt-files/file-systems-cocepts/lpic3-303/radiusd.conf.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.