Templates are configurations that can be used in multiple places.
Use templates by adding a line in radiusd.conf:
$INCLUDE templates.conf
The goal of the templates is to have common configuration located
in this file, and to list only the differences in the individual
sections. This feature is most useful for sections like clients
where many may be defined, and each one has similar repeated
configuration.
Something similar to templates can be done by putting common
configuration into separate files, and using $INCLUDE file…
,
but templates are more flexible, and simpler to understand. It’s also
cheaper for the server, because $INCLUDE
makes a copy of the
configuration for inclusion, whereas templates are simply referenced.
The templates are defined in the templates
section so that
they do not affect the rest of the server configuration. The
actual contents of the templates section are other
configuration sections that would normally go into the main
configuration files.
Within the main server configuration, a section can reference a
template by using $template name
.
For now, you can use templates only for sections in
radiusd.conf, not sub-sections. So you still have to use the
$INCLUDE file…
method for things like defining multiple
"sql" modules, each with similar configuration.
Define the main template section:
Unlike v3, Access-Request log configuration is different
for each listen
section. Templates can be used to regain
a global configuration. Simply configure the following
section as you like, and then in every Access-Request
subsection, put:
Access-Request { $template Access-Request }
then enable templates.conf
as described above.
- stripped_names
-
Log the full User-Name attribute, as it was found in the request.
Allowed values: {no, yes}
- auth
-
Log authentication requests to the log file.
Allowed values: {no, yes}
Should we log passwords with the authentication requests?
- auth_badpass
-
logs password if it’s rejected
- auth_goodpass
-
logs password if it’s correct
Allowed values: {no, yes}
Log additional text at the end of the "Login OK" messages. for these to work, the "auth" and "auth_goodpass" or "auth_badpass" configurations above have to be set to "yes".
The strings below are dynamically expanded, which means that you can put anything you want in them. However, note that this expansion can be slow, and can negatively impact server performance.
- msg_goodpass
-
text to log after a correct password
- msg_badpass
-
text to log after an incorrect password
- msg_denied
-
The message when the user exceeds the Simultaneous-Use limit.