Using the clients.conf File
In Chapter 5, I configured a very basic FreeRADIUS system using the plain-vanilla clients file. That file is obsolesced by the more flexible clients.conf file. It’s very simple to configure, however.
There are two types of entries in the
clients.conf file: clients and
NASes, or more generally, RADIUS client equipment. Clients
are standard requestors used in most authentication scenarios. In the
case of a client entry, the canonical name or IP address of the
original source request will be matched to an entry in the
clients.conf file, and the secret will be
compared to verify the integrity of the request. A NAS entry is used
for all RADIUS client equipment where it’s actually
a NAS or another type of client. The NAS entry changes the criteria
by which request information is compared to an entry: NAS entries use
the NAS-IP-Address attribute in the original
source request to match the appropriate entry and then progress to
the NAS-Ident attribute.
A sample complete clients.conf entry shown here:
client 172.16.1.55 {
secret = donttellanyone
shortname = totalcontrol
vendor = 3comusr
type = tc
login = !root
password = changeme
nas 172.16.1.66 {
secret = iamanas
shortname = max6000
vendor = lucent
type = ascend
login = !root
password = changeme