Provided by: inn2_2.5.3-3ubuntu1_amd64 bug


       radius.conf - Configuration for nnrpd RADIUS authenticator


       This describes the format and attributes of the configuration file for the nnrpd RADIUS
       authenticator.  See radius(1) for more information about the authenticator program.  The
       default location for this file is radius.conf in pathetc.

       Blank lines and lines beginning with "#" are ignored, as is anything after a "#" on a
       line.  All other lines should begin with a parameter name followed by a colon and the
       value of that key, except that each section of configuration for a particular server
       should be enclosed in:

           server <name> {
               # parameters...

       where <name> is just some convenient label for that server.

       The available parameters are:

           The hostname of the RADIUS server to use for authentication.  This parameter must be

           The port to query on the RADIUS server.  Defaults to 1645 if not set.

           The hostname or IP address making the request.  The RADIUS server expects an IP
           address; a hostname will be translated into an IP address with gethostbyname().  If
           not given, this information isn't included in the request (not all RADIUS setups
           require this information).

           The port the client being authenticated is connecting to.  If not given, defaults to
           119.  This doesn't need to be set unless readers are connecting to a non-standard

           The shared secret with the RADIUS server.  If your secret includes spaces, tabs, or
           "#", be sure to include it in double quotes.  This parameter must be set.

           Prepend the value of this parameter to all usernames before passing them to the RADIUS
           server.  Can be used to prepend something like "news-" to all usernames in order to
           put news users into a different namespace from other accounts served by the same
           server.  If not set, nothing is prepended.

           Append the value of this parameter to all usernames before passing them to the RADIUS
           server.  This is often something like "", depending on how your RADIUS
           server is set up.  If not set, nothing is appended.

           Can be set to "true" or "false".  If set to false, the RADIUS authenticator will check
           to ensure that the response it receives is from the same IP address as it sent the
           request to (for some added security).  If set to true, it will skip this verification
           check (if your RADIUS server has multiple IP addresses or if other odd things are
           going on, it may be perfectly normal for the response to come from a different IP


       Here is a configuration for a news server named, authenticating users
       against and appending "" to all client-supplied usernames
       before passing them to the RADIUS server:

           server example {
               secret: IamARADIUSsecRET

       The shared secret with the RADIUS server is "IamARADIUSsecRET".


       This documentation was written by Russ Allbery <> based on the comments in
       the sample radius.conf file by Yury B. Razbegin.

       $Id: radius.conf.pod 8200 2008-11-30 13:31:30Z iulius $