From 049bb269e67f52b55eaaf5ce8b1003925709060d Mon Sep 17 00:00:00 2001 From: Charlie Root Date: Sat, 10 Dec 2011 23:43:34 +0000 Subject: additional options in freeradiussettings --- config/freeradius2/freeradius.inc | 43 ++++++++++++++---------- config/freeradius2/freeradiussettings.xml | 56 +++++++++++++++++++++++++++++++ 2 files changed, 82 insertions(+), 17 deletions(-) (limited to 'config') diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index d5e49883..762a2200 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -25,8 +25,6 @@ function freeradius_install_command() { exec("chown -R root:wheel /usr/local/etc/raddb"); exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12"); - exec("chown -R root:wheel /var/log/raddb"); - exec("chown -R root:wheel /var/log/radacct"); closedir($handle); @@ -60,6 +58,17 @@ function freeradius_settings_resync() { $varsettingsallowcoredumps = $varsettings['varsettingsallowcoredumps']; $varsettingsregularexpressions = $varsettings['varsettingsregularexpressions']; $varsettingsextendedexpressions = $varsettings['varsettingsextendedexpressions']; + + $varsettingsmaxattributes = $varsettings['varsettingsmaxattributes']; + $varsettingsrejectdelay = $varsettings['varsettingsrejectdelay']; + $varsettingsstartservers = $varsettings['varsettingsstartservers']; + $varsettingsmaxservers = $varsettings['varsettingsmaxservers']; + $varsettingsminspareservers = $varsettings['varsettingsminspareservers']; + $varsettingsmaxspareservers = $varsettings['varsettingsmaxspareservers']; + $varsettingsmaxqueuesize = $varsettings['varsettingsmaxqueuesize']; + $varsettingsmaxrequestsperserver = $varsettings['varsettingsmaxrequestsperserver']; + + $conf = <<Disableno + + + Maximum Number of Attributes + varsettingsmaxattributes + The maximum number of attributes permitted in a RADIUS packet. Packets which have more than this number of attributes in them will be dropped. (Default: 200) + input + 200 + + + Access-Reject Delay + varsettingsrejectdelay + When sending an Access-Reject it can be delayed for a few seconds. This may help slow down a DoS attack. It also helps to slow down people trying to brute-force crack a users password. (Default: 1)(Immediately: 0) + input + 1 + + + Number of Threads After Start + varsettingsstartservers + The thread pool is a long-lived group of threads which take turns (round-robin) handling any incoming requests. (Default: 5) + input + 5 + + + Maximum Number of Threads + varsettingsmaxservers + If this limit is ever reached, clients will be locked out so it should not be set to low. (Default: 32) + input + 32 + + + Min Spare Servers + varsettingsminspareservers + This dynamically adjusts the "Number of Threads After Start". If the RADIUS server has to handle MANY requests and LESS than "Min Spare Servers" are left than the RADIUS server will INCREASE the number of running threads. (Default: 3) + input + 3 + + + Max Spare Servers + varsettingsmaxspareservers + This dynamically adjusts the "Number of Threads After Start". If the RADIUS server has to handle FEW requests and MORE than "Max Spare Servers" are left than the RADIUS server will DECREASE the number of running threads. (Default: 10) + input + 10 + + + Server Packet Queue Size + varsettingsmaxqueuesize + This is the queue size where the server stores packets before processing them. (Default: 65536) + input + 65536 + + + Maximum Requests per Server + varsettingsmaxrequestsperserver + You should only change this if you encounter memory leaks while running RADIUS. (Default: 0) + input + 0 -- cgit v1.2.3