ClearBox Server™ v1.2 Developer's Guide

Advanced Extension Configuration

Advanced server extension settings are stored in settings.ini file that must be located in the same folder with the server extension. Edit is before starting the server. All settings except for secrets shared with client may be left without changes.

Start with defining RADIUS/TACACS+ clients. For every client add a section with client IP address and define necessary keys (see Client section).

If you choose to authenticate users with a database, fill Users table. Database structure and fields usage are explained here.

The file has the following sections and keys:

[Authentication]

AuthenType. Describes how the server should authenticate users. Possible values are:

  • NTSAM (Windows NT SAM user database)
  • AD (Windows Active Directory)
  • DB (Database)

DBType. Specifies what type of database server extension should use. Is valid if AuthenType is DB. Possible values are:

  • MSAccess (MS Access database file)
  • MSSQL (MS SQL Server)
  • ODBC (ODBC-compliant data source)

AuthenDomain. Used when AuthenType is NTSAM or AD. Specifies the domain controller or computer name that contains account database. If AuthenType is NTSAM and AuthenDomain is . (dot) then local computer account database is used.

PAPAuthen. (true/false) Specifies whether users can authenticate through PAP or not.

CHAPAuthen. (true/false) Specifies whether users can authenticate through CHAP or not.

MSCHAPAuthen. (true/false) Specifies whether users can authenticate through MS-CHAP or not.

MSCHAP2Authen. (true/false) Specifies whether users can authenticate through MS-CHAPv2 or not.

[Database]

DBPath. Used when DBType is MSAccess and contains path to the database file.

DSN. Used when DBType is ODBC and specifies system data source name (DSN).

DBUser. Used when DBType is ODBC or (DBType is MSSQL and DBSecurity is mssql) and specifies database user name.

DBPassword. Used when DBType is ODBC or (DBType is MSSQL and DBSecurity is mssql) and specifies database user password.

DBServer. Used when DBType is MSSQL and specifies MS SQL server name.

DBCatalog. Used when DBType is MSSQL and specifies MS SQL database name.

DBSecurity. Specifies how should server extension authenticate on MS SQL server. Possible values are:

  • win (Use Windows integrated authentication)
  • mssql (Use MS SQL server authentication)

[Accounting]

LogFilePath. Specifies the base part of the accounting log file name. It may start with .\ to specify that the file should be located in the same folder with the server or be an absolute path. The actual file name will be extended with a suffix defined by Rollover key and LogFileExtension parameter.

LogFileExtension. Specifies an extension that accounting log file name set by LogFilePath will have.

Rollover. Defines how often the server closes old log file and creates a new. Possible values are:

  • hourly (new file is created every hour)
  • daily (new file is created every day)
  • weekly (new file is created every week)
  • monthly (new file is created every month)
  • onsize (new file is created when log file becomes larger than MaxFileSize parameter )
  • none (accounting log file is always the same)

MaxFileSize. Specifies maximum size (in bytes) accounting log file may have. If Rollover is ONSIZE and log file is larger than this threshold, new file is created.

LogInterim. (true/false. Specifies whether the server should log interim accounting records if LogType is Livingston.)

LogType. Possible values are:

  • CSV (Comma-separated-values format. Values of RADIUS/TACACS attributes are logged in a single line and separated by Separator character)
  • Livingston ('Livingston' accounting format)
  • Database (Accounting attributes are written to a database table. If this accounting mode is used then DBType key and [Database] section keys should have valid values).

Separator. Specifies the character that separates values in CSV accounting logging.

LogNames. (true/false) Used when LogType is CSV. When it's true, server writes logged attributes names at the first line of accounting log file.

LoggedRADIUSAttributes. Specifies list of RADIUS attributes names that should be logged. Every name should be delimetered by Separator. If this key is present, LoggedTACACSAttributes key is ignored. (See list of RADIUS attributes.)

LoggedTACACSAttributes. Specifies list of TACACS+ attributes names that are logged in CSV-files. (See list of TACACS attribute names.)

[<client IP address>]

radAuthenKey. Defines a secret shared with a RADIUS client for authentication transactions.

radAcctKey. Defines a secret shared with a RADIUS client for accounting transactions.

tacKey. Defines a secret shared with a TACACS+ client.


© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.