mailutils-doc 1:2.99.99-1ubuntu2 / usr / share / doc / mailutils-doc / mailutils.html / Radius-Statement.html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- Published by the Free Software Foundation,
51 Franklin Street, Fifth Floor
Boston, MA 02110-1301, USA

Copyright (C) 1999-2004, 2008-2012, 2014-2015 Free Software
Foundation, Inc.

Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.2 or
any later version published by the Free Software Foundation; with no
Invariant Sections, no Front-Cover, and no Back-Cover texts.
A copy of the license is included in the section entitled "GNU Free
Documentation License". -->
<!-- Created by GNU Texinfo 6.1, http://www.gnu.org/software/texinfo/ -->
<head>
<title>GNU Mailutils Manual: Radius Statement</title>

<meta name="description" content="GNU Mailutils Manual: Radius Statement">
<meta name="keywords" content="GNU Mailutils Manual: Radius Statement">
<meta name="resource-type" content="document">
<meta name="distribution" content="global">
<meta name="Generator" content="makeinfo">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link href="index.html#Top" rel="start" title="Top">
<link href="Function-Index.html#Function-Index" rel="index" title="Function Index">
<link href="index.html#SEC_Contents" rel="contents" title="Table of Contents">
<link href="configuration.html#configuration" rel="up" title="configuration">
<link href="SQL-Statement.html#SQL-Statement" rel="next" title="SQL Statement">
<link href="Virtdomain-Statement.html#Virtdomain-Statement" rel="prev" title="Virtdomain Statement">
<style type="text/css">
<!--
a.summary-letter {text-decoration: none}
blockquote.indentedblock {margin-right: 0em}
blockquote.smallindentedblock {margin-right: 0em; font-size: smaller}
blockquote.smallquotation {font-size: smaller}
div.display {margin-left: 3.2em}
div.example {margin-left: 3.2em}
div.lisp {margin-left: 3.2em}
div.smalldisplay {margin-left: 3.2em}
div.smallexample {margin-left: 3.2em}
div.smalllisp {margin-left: 3.2em}
kbd {font-style: oblique}
pre.display {font-family: inherit}
pre.format {font-family: inherit}
pre.menu-comment {font-family: serif}
pre.menu-preformatted {font-family: serif}
pre.smalldisplay {font-family: inherit; font-size: smaller}
pre.smallexample {font-size: smaller}
pre.smallformat {font-family: inherit; font-size: smaller}
pre.smalllisp {font-size: smaller}
span.nolinebreak {white-space: nowrap}
span.roman {font-family: initial; font-weight: normal}
span.sansserif {font-family: sans-serif; font-weight: normal}
ul.no-bullet {list-style: none}
-->
</style>


</head>

<body lang="en">
<a name="Radius-Statement"></a>
<div class="header">
<p>
Next: <a href="SQL-Statement.html#SQL-Statement" accesskey="n" rel="next">SQL Statement</a>, Previous: <a href="Virtdomain-Statement.html#Virtdomain-Statement" accesskey="p" rel="prev">Virtdomain Statement</a>, Up: <a href="configuration.html#configuration" accesskey="u" rel="up">configuration</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-Index.html#Function-Index" title="Index" rel="index">Index</a>]</p>
</div>
<hr>
<a name="Radius-Statement-1"></a>
<h4 class="subsection">2.2.14 Radius Statement</h4>

<table class="cartouche" border="1"><tr><td>
<div align="center"><strong>Editor&rsquo;s note:</strong>
</div><p>The information in this node may be obsolete or
otherwise inaccurate.  This message will disappear, once this node revised.
</p></td></tr></table>
<a name="index-radius"></a>
<a name="Syntax-12"></a>
<h4 class="subheading">Syntax</h4>
<div class="example">
<pre class="example">radius {
  # Set radius configuration directory.
  directory <var>dir</var>;
  # <span class="roman">Radius request for authorization.</span>
  auth <var>request</var>;
  # <span class="roman">Radius request for getpwnam.</span>
  getpwnam <var>request</var>;
  # Radius request for getpwuid.
  getpwuid <var>request</var>;
}
</pre></div>
<a name="Description-10"></a>
<h4 class="subheading">Description</h4>
<p>The <code>radius</code> block statement configures <acronym>RADIUS
authentication</acronym> and authorization.
</p>
<p>Mailutils uses GNU Radius library, which is configured via
<samp>raddb/client.conf</samp> file (see <a href="../radius/client_002econf.html#client_002econf">Client Configuration</a> in <cite>GNU Radius Reference Manual</cite>).  Its exact
location depends on configuration settings that were used while
compiling GNU Radius.  Usually it is <samp>/usr/local/etc</samp>, or
<samp>/etc</samp>.  This default can also be changed at run time using
<code>directory</code> statement:
</p>
<dl>
<dt><a name="index-directory"></a>Configuration: <strong>directory</strong> <em><var>dir</var></em></dt>
<dd><p>Set full path name to the GNU Radius configuration directory.
</p></dd></dl>

<p>It authorization is used, the Radius dictionary file must declare the
the following attributes:
</p>
<table>
<thead><tr><th width="40%">Attribute</th><th width="20%">Type</th><th width="40%">Description
<a name="index-GNU_002dMU_002dUser_002dName"></a></th></tr></thead>
<tr><td width="40%">GNU-MU-User-Name</td><td width="20%">string</td><td width="40%">User login name
<a name="index-GNU_002dMU_002dUID"></a></td></tr>
<tr><td width="40%">GNU-MU-UID</td><td width="20%">integer</td><td width="40%">UID
<a name="index-GNU_002dMU_002dGID"></a></td></tr>
<tr><td width="40%">GNU-MU-GID</td><td width="20%">integer</td><td width="40%">GID
<a name="index-GNU_002dMU_002dGECOS"></a></td></tr>
<tr><td width="40%">GNU-MU-GECOS</td><td width="20%">string</td><td width="40%">GECOS
<a name="index-GNU_002dMU_002dDir"></a></td></tr>
<tr><td width="40%">GNU-MU-Dir</td><td width="20%">string</td><td width="40%">Home directory
<a name="index-GNU_002dMU_002dShell"></a></td></tr>
<tr><td width="40%">GNU-MU-Shell</td><td width="20%">string</td><td width="40%">User shell
<a name="index-GNU_002dMU_002dMailbox"></a></td></tr>
<tr><td width="40%">GNU-MU-Mailbox</td><td width="20%">string</td><td width="40%">User mailbox
<a name="index-GNU_002dMU_002dQuota"></a></td></tr>
<tr><td width="40%">GNU-MU-Quota</td><td width="20%">integer</td><td width="40%">Mail quota (in bytes)</td></tr>
</table>

<a name="index-mailutils_002edict"></a>
<p>A dictionary file with appropriate definitions is included in the
Mailutils distribution: <samp>examples/config/mailutils.dict</samp>.  This
file is not installed by default, you will have to manually copy it to
the GNU Radius <samp>raddb/dict</samp> directory and include it in the main
dictionary file <samp>raddb/dictionary</samp> by adding the following
statement:
</p>
<div class="example">
<pre class="example">$INCLUDE dict/mailutils.dict
</pre></div>

<p>Requests to use for authentication and authorization are
configured using three statements: <code>auth</code>, <code>getpwnam</code> and
<code>getpwuid</code>.  Each statement takes a single argument: a string,
containing a comma-separated list of assignments.  An assignment
specifies a particular <em>attribute-value pair</em> (see <a href="../radius/Overview.html#Overview">RADIUS Attributes</a> in <cite>GNU Radius Reference Manual</cite>) to send to
the server.  The left-hand side of the assignment is a symbolic attribute
name, as defined in one of Radius dictionaries (see <a href="../radius/dictionary-file.html#dictionary-file">Dictionary of Attributes</a> in <cite>GNU Radius Reference
Manual</cite>).  The value is specified by the right-hand side of
assignment.  For example:
</p>
<div class="example">
<pre class="example">&quot;Service-Type = Authenticate-Only, NAS-Identifier = \&quot;mail\&quot;&quot;
</pre></div>

<p>An assignment may contain references to the following macro-variables
(see <i>macro-variables</i>&nbsp;(<strong>Editor&rsquo;s note: dangling link</strong>)):
</p>
<dl compact="compact">
<dt>user</dt>
<dd><p>The actual user name (for <code>auth</code> and <code>getpwnam</code>), or user ID
(for <code>getpwuid</code>).  For example:
</p>
<div class="example">
<pre class="example">User-Name = ${user}
</pre></div>

</dd>
<dt>passwd</dt>
<dd><p>User password.  For examples:
</p><div class="example">
<pre class="example">User-Password = ${passwd}
</pre></div>
</dd>
</dl>

<dl>
<dt><a name="index-auth"></a>Configuration: <strong>auth</strong> <em><var>pairlist</var></em></dt>
<dd><p>Specifies the request to be sent to authenticate the user.  For example:
</p>
<div class="example">
<pre class="example">auth &quot;User-Name = ${user}, User-Password = ${passwd}&quot;;
</pre></div>

<p>The user is authenticated only if this request returns
<code>Access-Accept</code> (see <a href="../radius/Authentication-Requests.html#Authentication-Requests">Access-Accept</a> in <cite>GNU Radius Reference Manual</cite>).  Any returned attribute-value
pairs are ignored. 
</p></dd></dl>

<dl>
<dt><a name="index-getpwnam"></a>Configuration: <strong>getpwnam</strong> <em><var>pairlist</var></em></dt>
<dd><p>Specifies the request that returns user information for the
given user name.  For example:
</p>
<div class="example">
<pre class="example">getpwnam &quot;User-Name = ${user}, State = getpwnam, &quot;
         &quot;Service-Type = Authenticate-Only&quot;;
</pre></div>

<p>If the requested user account exists, the Radius server must return
<code>Access-Accept</code> packet with the following attributes:
<code>GNU-MU-User-Name</code>, <code>GNU-MU-UID</code>, <code>GNU-MU-GID</code>,
<code>GNU-MU-GECOS</code>, <code>GNU-MU-Dir</code>, <code>GNU-MU-Shell</code>.
</p>
<p>The attributes <code>GNU-MU-Mailbox</code> and <code>GNU-MU-Quota</code> are
optional.
</p>
<p>If <code>GNU-MU-Mailbox</code> is present, it must contain a
valid mailbox <acronym>URL</acronym> (see <i>urls</i>&nbsp;(<strong>Editor&rsquo;s note: dangling link</strong>)).  If
<code>GNU-MU-Mailbox</code> is not present, Mailutils constructs the
mailbox name using the settings from the <code>mailbox</code> configuration
statement (see <a href="Mailbox-Statement.html#Mailbox-Statement">Mailbox Statement</a>), or built-in defaults, if it is
not present.
</p>
<p>If <code>GNU-MU-Quota</code> is present, it specifies the maximum mailbox
size for this user, in bytes.  In the absence of this attribute, 
mailbox size is unlimited.
</p></dd></dl>

<dl>
<dt><a name="index-getpwuid"></a>Configuration: <strong>getpwuid</strong> <em><var>pairlist</var></em></dt>
<dd><p>Specifies the request that returns user information for the
given user ID.  In <var>pairlist</var>, the &lsquo;<samp>user</samp>&rsquo; macro-variable is
expanded to the numeric value of ID.  For example:
</p>
<div class="example">
<pre class="example">getpwuid &quot;User-Name = ${user}, State = getpwuid, &quot;
         &quot;Service-Type = Authenticate-Only&quot;;
</pre></div>

<p>The reply to <code>getpwuid</code> request is the same as to <code>getpwnam</code>
request (see above).
</p></dd></dl>

<hr>
<div class="header">
<p>
Next: <a href="SQL-Statement.html#SQL-Statement" accesskey="n" rel="next">SQL Statement</a>, Previous: <a href="Virtdomain-Statement.html#Virtdomain-Statement" accesskey="p" rel="prev">Virtdomain Statement</a>, Up: <a href="configuration.html#configuration" accesskey="u" rel="up">configuration</a> &nbsp; [<a href="index.html#SEC_Contents" title="Table of contents" rel="contents">Contents</a>][<a href="Function-Index.html#Function-Index" title="Index" rel="index">Index</a>]</p>
</div>



</body>
</html>