|Clients||Config for RADIUS clients|
|Addresses||The IP addresses and UDP ports we listen on. Must also specify which addresses will do accounting, which will do authentication, and which (if any) will do both.|
|Accounting||How accounting entries are processed. Controls accounting proxies as well as regular accounting. An accounting proxy will store the records to disk and then forward them to the master accounting server when it's online. This also controls managing a db2.6 database of when each user logged on last and how much time they have used. May use this database for setting session limits.|
|Control||Server control files. These will determine how often (if ever) the server checks for changed config files and anything else of a global scope that doesn't fit into other categories.|
|Flag||For flag files and other transient files|
|DataSources||When looking up a user the server will
search through sub-directories of this directory in alphabetical order, with
each sub-directory specifying a source of user data.|
I recommend that the directory name start with a number to make the order unambiguous for all (the server will use strcasecmp() and not be case sensitive, so you must start the names with digits to avoid any possible ambiguity. Think of this as being similar to the contents of /etc/rc?.d/ directories. Each directory will contain at least one file specifying a source of information to be used in validating user accounts.
For each lookup the server will go through the directories in order, and in each directory it will use a round-robin selection method to determine which file is used. The idea is that you may have multiple files in a directory to support load-balancing or failover.
Inside each directory a file named control will specify how the selection of the different data sources will be performed. This will make it possible to specify that one source can be used primarily and the next will only be used if it fails and until it recovers. Or it could be configured to use a service until it fails and then use the next listed service exclusively until an error occurs. Or full round-robin for best performance. It will also specify what to do if all the sources listed in the directory fail. Should it go to the next directory or just reject the RADIUS request.
|Logging||Configure the logging of RADIUS requests.|
|bin||This directory name is reserved in case the administrator
wants to use scripts to configure the system (IE scripts to generate the
config files). This is just so that the one tree can have all the RADIUS
server configuration-related files. In future versions I may suggest putting
certain files in this directory, and I may add support for the server to
run scripts from this directory. But I will not make any changes that force
anyone to change their "bin" directory.|
This directory does not have to exist.
|lib||Same as the above but for libraries.|
NB If you store the server configuration under /etc (as you would in a Debian Linux system) then "bin" and "lib" should be sym-links to somewhere more appropriate for binaries.
|Others||For future use in configuring functionality outside the core RADIUS functions. This could be used for configuring TACACS is support for that protocol is added.|