Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

radsecproxy(1) [debian man page]

radsecproxy(1)						      General Commands Manual						    radsecproxy(1)

NAME

       radsecproxy - a generic RADIUS proxy that provides both RADIUS UDP and TCP/TLS (RadSec) transport.

SYNOPSIS

       radsecproxy [-c configfile] [-d debuglevel] [-f] [-i pidfile] [-p] [-v]

DESCRIPTION

       radsecproxy  is	a  generic  RADIUS proxy that in addition to to usual RADIUS UDP transport, also supports TLS (RadSec). The aim is for the
       proxy to have sufficient features to be flexible, while at the same time to be small, efficient and easy to configure.  Currently the  exe-
       cutable on Linux is only about 48 KB, and it uses about 64 KB (depending on the number of peers) while running.

       The  proxy  was initially made to be able to deploy RadSec (RADIUS over TLS) so that all RADIUS communication across network links could be
       done using TLS, without modifying existing RADIUS software.  This can be done by running this proxy on the same host as an existing  RADIUS
       server or client, and configure the existing client/server to talk to localhost (the proxy) rather than other clients and servers directly.

       There  are  however  other  situations  where a RADIUS proxy might be useful. Some people deploy RADIUS topologies where they want to route
       RADIUS messages to the right server. The nodes that do purely routing could be using a proxy. Some people may also wish to deploy  a  proxy
       on  a  site  boundary. Since the proxy supports both IPv4 and IPv6, it could also be used to allow communication in cases where some RADIUS
       nodes use only IPv4 and some only IPv6.

OPTIONS

       -f

	      Run in foreground

	      By specifying this option, the proxy will run in foreground mode. That is, it won't detach. Also all logging will be done to stderr.

       -d <debug level>

	      Debug level

	      This specifies the debug level. It must be set to 1, 2, 3, 4 or 5, where 1 logs only serious errors,  and  5  logs  everything.  The
	      default is 2 which logs errors, warnings and a few informational messages.

       -p

	      Pretend

	      The  proxy  reads  configuration files and performs initialisation as usual, but exits prior to creating any sockets. It will return
	      different exit codes depending on whether the configuration files are okay. This may be used to verify configuration files, and  can
	      be done while another instance is running.

       -v

	      Print version

	      When this option is specified, the proxy will simply print version information and exit.

       -c <config file path>

	      Config file path

	      This  option  allows  you to specify which config file to use. This is useful if you want to use a config file that is not in any of
	      the default locations.

       -i <pid file path>

	      PID file path

	      This option tells the proxy to create a PID file with the specified path.

SIGNALS

       The proxy generally exits on all signals. The exceptions are listed below.

       SIGHUP

	      When logging to a file, this signal forces a reopen of the log file.

       SIGPIPE

	      This signal is ignored.

FILES

       /etc/radsecproxy.conf

	      The default configuration file.

SEE ALSO

       radsecproxy.conf(5), RadSec internet draft http://tools.ietf.org/html/draft-ietf-radext-radsec

								    1 Jun 2010							    radsecproxy(1)

Check Out this Related Man Page

squid_radius_auth(8)					      System Manager's Manual					      squid_radius_auth(8)

NAME

       squid_radius_auth - Squid RADIUS authentication helper

SYNOPSIS

       squid_radius_auth -f configfile
       squid_radius_auth -h "server" [-p port] [-i identifier] -w secret

DESCRIPTION

       This helper allows Squid to connect to a RADIUS server to validate the user name and password of Basic HTTP authentication.

       -f configfile
	      Specifies the path to a configuration file. See the CONFIGURATION section for details.

       -h server
	      Alternative method of specifying the server to connect to

       -p port
	      Specify  another	server	port where the RADIUS server listens for requests if different from the default RADIUS port.  Normally not
	      specified.

       -i identifier
	      Unique identifier identifying this Squid proxy to the RADIUS server.  If not specified the IP address is used  as  to  identify  the
	      proxy.

       -w secret
	      Alternative method of specifying the shared secret. Using the configuration file is generally more secure and recommended.

       -t timeout
	      RADIUS request timeout. Default 10 seconds.

CONFIGURATION

       The configuration specifies how the helper connects to RADIUS.  The file contains a list of directives (one per line). Lines beginning with
       a # is ignored.

       server radiusserver
	      specifies the name or address of the RADIUS server to connect to.

       secret somesecretstring
	      specifies the shared RADIUS secret.

       identifier nameofserver
	      specifies what the proxy should identify itsels as to the RADIUS server.	This directive is optional.

       port portnumber
	      Specifies the port number or service name where the helper should connect.

AUTHOR

       This manual page was written by Henrik Nordstrom <hno@squid-cache.org>

       squid_radius_auth is written by Marc van Selm <selm@cistron.nl> with contributions from Henrik  Nordstrom  <hno@squid-cache.org>  and  many
       others

QUESTIONS

       Any  questions on usage can be sent to Squid Users <squid-users@squid-cache.org>, or to your favorite RADIUS list/friend if the question is
       more related to RADIUS than Squid.

REPORTING BUGS

       Report bugs or bug-fixes to Squid Bugs <squid-bugs@squid-cache.org> or ideas for new improvements  to  Squid  Developers  <squid-dev@squid-
       cache.org>

SEE ALSO

       RFC2058 - Remote Authentication Dial In User Service (RADIUS)

Squid RADIUS Auth						   7 August 2004					      squid_radius_auth(8)
Man Page