| rest { |
| # |
| # This subsection configures the tls related items |
| # that control how FreeRADIUS connects to a HTTPS |
| # server. |
| # |
| tls { |
| # ca_file = ${certdir}/cacert.pem |
| # ca_path = ${certdir} |
| |
| # certificate_file = /path/to/radius.crt |
| # private_key_file = /path/to/radius.key |
| # private_key_password = "supersecret" |
| # random_file = ${certdir}/random |
| |
| # Server certificate verification requirements. Can be: |
| # "no" (don't even bother trying) |
| # "yes" (verify the cert was issued by one of the |
| # trusted CAs) |
| # |
| # The default is "yes" |
| # check_cert = "yes" |
| |
| # Server certificate CN verification requirements. Can be: |
| # "no" (don't even bother trying) |
| # "yes" (verify the CN in the certificate matches the host |
| # in the URI) |
| # |
| # The default is "yes" |
| # check_cert_cn = "yes" |
| } |
| |
| # rlm_rest will open a connection to the server specified in connect_uri |
| # to populate the connection cache, ready for the first request. |
| # The server will not start if the server specified is unreachable. |
| # |
| # If you wish to disable this pre-caching and reachability check, |
| # comment out the configuration item below. |
| connect_uri = "http://127.0.0.1/" |
| |
| # |
| # The following config items can be used in each of the sections. |
| # The sections themselves reflect the sections in the server. |
| # For example if you list rest in the authorize section of a virtual server, |
| # the settings from the authorize section here will be used. |
| # |
| # The following config items may be listed in any of the sections: |
| # uri - to send the request to. |
| # method - HTTP method to use, one of 'get', 'post', 'put', 'delete'. |
| # body - The format of the HTTP body sent to the remote server. |
| # May be 'none', 'post' or 'json', defaults to 'none'. |
| # tls - TLS settings for HTTPS. |
| # auth - HTTP auth method to use, one of 'none', 'srp', 'basic', |
| # 'digest', 'digest-ie', 'gss-negotiate', 'ntlm', |
| # 'ntlm-winbind', 'any', 'safe'. defaults to 'none'. |
| # username - User to authenticate as, will be expanded. |
| # password - Password to use for authentication, will be expanded. |
| # require_auth - Require HTTP authentication. |
| # timeout - HTTP request timeout in seconds, defaults to 4. |
| # |
| authorize { |
| uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?section=authorize" |
| method = "get" |
| tls = ${..tls} |
| } |
| authenticate { |
| uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?section=authenticate" |
| method = "get" |
| tls = ${..tls} |
| } |
| accounting { |
| uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?section=accounting" |
| method = "post" |
| tls = ${..tls} |
| } |
| session { |
| uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?section=checksimul" |
| method = "post" |
| tls = ${..tls} |
| } |
| post-auth { |
| uri = "${..connect_uri}/user/%{User-Name}/mac/%{Called-Station-ID}?section=post-auth" |
| method = "post" |
| tls = ${..tls} |
| } |
| |
| # |
| # The connection pool is new for 3.0, and will be used in many |
| # modules, for all kinds of connection-related activity. |
| # |
| pool { |
| # Number of connections to start |
| start = 5 |
| |
| # Minimum number of connections to keep open |
| min = 4 |
| |
| # Maximum number of connections |
| # |
| # If these connections are all in use and a new one |
| # is requested, the request will NOT get a connection. |
| max = 10 |
| |
| # Spare connections to be left idle |
| # |
| # NOTE: Idle connections WILL be closed if "idle_timeout" |
| # is set. |
| spare = 3 |
| |
| # Number of uses before the connection is closed |
| # |
| # 0 means "infinite" |
| uses = 0 |
| |
| # The lifetime (in seconds) of the connection |
| lifetime = 0 |
| |
| # idle timeout (in seconds). A connection which is |
| # unused for this length of time will be closed. |
| idle_timeout = 60 |
| |
| # NOTE: All configuration settings are enforced. If a |
| # connection is closed because of "idle_timeout", |
| # "uses", or "lifetime", then the total number of |
| # connections MAY fall below "min". When that |
| # happens, it will open a new connection. It will |
| # also log a WARNING message. |
| # |
| # The solution is to either lower the "min" connections, |
| # or increase lifetime/idle_timeout. |
| } |
| } |