|
|
发表于 2011-12-9 15:55:55
|
显示全部楼层
不懂,坐看高手出招原帖由 店小二 于 2011-12-9 15:42 发表
83行内容贴出来 [ol]# General settings# specify which authentication comes first respectively which# authentication is used. possible values are: "radius" and "local".# if you specify "radius,local" then the RADIUS server is asked# first then the local one. if only one keyword is specified only# this server is asked.auth_order radius,local# maximum login tries a user haslogin_tries 4# timeout for all login tries# if this time is exceeded the user is kicked outlogin_timeout 60# name of the nologin file which when it exists disables logins.# it may be extended by the ttyname which will result in# a terminal specific lock (e.g. /etc/nologin.ttyS2 will disable# logins on /dev/ttyS2)nologin /etc/nologin# name of the issue file. it's only display when no username is passed# on the radlogin command lineissue /usr/local/etc/radiusclient/issue# RADIUS settings# RADIUS server to use for authentication requests. this config# item can appear more then one time. if multiple servers are# defined they are tried in a round robin fashion if one# server is not answering.# optionally you can specify a the port number on which is remote# RADIUS listens separated by a colon from the hostname. if# no port is specified /etc/services is consulted of the radius# service. if this fails also a compiled in default is used.authserver 192.168.1.4:1812# RADIUS server to use for accouting requests. All that I# said for authserver applies, too. #acctserver 192.168.1.4:1813# file holding shared secrets used for the communication# between the RADIUS client and serverservers /usr/local/etc/radiusclient/servers# dictionary of allowed attributes and values# just like in the normal RADIUS distributionsdictionary /usr/local/etc/radiusclient/dictionary# program to call for a RADIUS authenticated loginlogin_radius /usr/local/sbin/login.radius# file which holds sequence number for communication with the# RADIUS serverseqfile /var/run/radius.seq# file which specifies mapping between ttyname and NAS-Port attributemapfile /usr/local/etc/radiusclient/port-id-map# default authentication realm to append to all usernames if no# realm was explicitly specified by the user# the radiusd directly form Livingston doesnt use any realms, so leave# it blank thendefault_realm# time to wait for a reply from the RADIUS serverradius_timeout 10# resend request this many times before trying the next serverradius_retries 3# The length of time in seconds that we skip a nonresponsive RADIUS# server for transaction requests. Server(s) being in the "dead" state# are tried only after all other non-dead servers have been tried and# failed or timeouted. The deadtime interval starts when the server# does not respond to an authentication/accounting request transmissions. # When the interval expires, the "dead" server would be re-tried again,# and if it's still down then it will be considered "dead" for another# such interval and so on. This option is no-op if there is only one# server in the list. Set to 0 in order to disable the feature.radius_deadtime 0# local address from which radius packets have to be sentbindaddr *# LOCAL settings# program to execute for local login# it must support the -f flag for preauthenticated loginlogin_local /bin/login[/ol]复制代码83 行是 radius_deadtime 0 |
|
