radius — format of radius component configuration


General syntax rules of Kernun Firewall configuration files are described in configuration(7). This man page describes types, sections and items specific for the radius component configuration.

Repeatable sections/items are marked by the '*' before section/item name.


Configuration directives have attributes of several value-types. For the basic types description, see configuration(7).

Enumeration is a list of words (names) representing integer values. Some enumerations accept both names and direct integer values; in this case, enumeration description contains values for every name (in parenthesis next to name). For other enumerations, using of names is obligatory.

The following enumerations are used in radius configuration directives:

radius-attr (name-usage optional)

RADIUS attribute names

reply-message (18), state (24), class (25), vendor-specific (26)


Configuration of radius library component consists of following prototypes:

* radius-client name { ... }


radius-client name {

  nas ... ;
  groups ... ;
* server ... ;


RADIUS Client Attributes.

Client identification and list of servers used for authentication.


Item NAS required.

Item SERVER required.

Items & subsections:

nas id;

RADIUS NAS identification (identification of the RADIUS client)

id (type: str)

groups [attr];

Attribute containing list of groups in RAD_ACCESS_ACCEPT (default is Reply-Message)

attr (type: radius-attr, optional, default: reply-message=18)

server host [port port] secret [timeout [tries]];

Definition of RADIUS server

host (type: host)

Server host name

port port (type: port, optional, default: 0)

Server port (0 means take from /etc/services)

secret (type: str)

Shared secret

timeout (type: uint16, optional, default: 5)

Timeout for receiving replies (seconds)

tries (type: uint16, optional, default: 5)

Maximum number of repeated requests before giving up

[End of section radius-client description.]