3.1. Tips for using Radiator configuration files

This section discusses some practical tips for using Radiator configuration files.

Security

The configuration file usually contains the shared secrets that allow your RADIUS clients to communicate with the Radiator RADIUS server. It can also contain passwords for access to databases and such. This means that for security reasons, keep the configuration file as secure as possible. On Unix, make sure that it is readable only by the user that radiusd runs as.

Enabling and disabling flags

Parameters that are on/off flags, such as LogSuccess or LogFailure, can be enabled or disabled in a number of ways. Values of 0, no, or false (case insensitive) turn the flag off, whereas any other value, including the empty string, turn the flag on.
These turn the flag parameter off:
IgnoreAcctSignature 0
IgnoreAcctSignature no
IgnoreAcctSignature NO
IgnoreAcctSignature false
IgnoreAcctSignature FALSE
These turn the flag parameter on:
IgnoreAcctSignature
IgnoreAcctSignature 1
IgnoreAcctSignature yes
IgnoreAcctSignature anythingatall
DefineGlobalVar myspecialflag yes
IgnoreAcctSignature %{GlobalVar:myspecialflag}

Splitting lines

Long lines in your configuration file can be split over multiple lines by using the \ character at the end of each line except the last:
AuthSelect select s.password, g.session_timeout \
      s.check_items s.reply_items \
      from subscribers s, groups g \
      where username=? and s.group \
      = g.name

Escaped octal characters

Parameter values can contain escaped octal characters. Here is an example how to specify an AcctLogFileFormat with newline (octal 012) separated lines:
AcctLogFileFormat %{Timestamp}\012%{Acct-Session-Id}\
      \012%{User-Name}\012

Clause order

The order of clauses in the Radiator configuration file is significant. All the clauses are parsed and internal data structures constructed during the initial parse of the configuration file. They are constructed in the order they appear in the configuration file. For example, if a <Log xxxxxx> clause is encountered, that logger is created immediately and used to log all subsequent parsing and startup errors. This means that if a <Log xxxxxx> clause is encountered in the configuration file, only errors in clauses that appear after the Log clause is logged using that method.