{
#
# proxy.conf - proxy radius and realm configuration directives
#
# This file is included by default.  To disable it, you will need
# to modify the PROXY CONFIGURATION section of "radiusd.conf".
#
#######################################################################
#
#  Proxy server configuration
#
#  This entry controls the servers behaviour towards ALL other servers
#  to which it sends proxy requests.
#
}
proxy server \{
{
#
#  If the NAS re-sends the request to us, we can immediately re-send
#  the proxy request to the end server.  To do so, use 'yes' here.
#
#  If this is set to 'no', then we send the retries on our own schedule,
#  and ignore any duplicate NAS requests.
#
#  If you want to have the server send proxy retries ONLY when the NAS
#  sends it's retries to the server, then set this to 'yes', and
#  set the other proxy configuration parameters to 0 (zero).
#
#  Additionally, if you want 'failover' to work, the server must manage
#  retries and timeouts.  Therefore, if this is set to yes, then no
#  failover functionality is possible.
#
}	synchronous = no
{
#
#  The time (in seconds) to wait for a response from the proxy, before
#  re-sending the proxied request.
#
#  If this time is set too high, then the NAS may re-send the request,
#  or it may give up entirely, and reject the user.
#
#  If it is set too low, then the RADIUS server which receives the proxy
#  request will get kicked unnecessarily.
#
}	retry_delay = 5
{
#
#  The number of retries to send before giving up, and sending a reject
#  message to the NAS.
#
}	retry_count = 3
{
#
#  If the home server does not respond to any of the multiple retries,
#  then FreeRADIUS will stop sending it proxy requests, and mark it 'dead'.
#
#  If there are multiple entries configured for this realm, then the
#  server will fail-over to the next one listed.  If no more are listed,
#  then no requests will be proxied to that realm.
#
#
#  After a configurable 'dead_time', in seconds, FreeRADIUS will
#  speculatively mark the home server active, and start sending requests
#  to it again.
#
#  If this dead time is set too low, then you will lose requests,
#  as FreeRADIUS will quickly switch back to the home server, even if
#  it isn't up again.
#
#  If this dead time is set too high, then FreeRADIUS may take too long
#  to switch back to the primary home server.
#
#  Realistic values for this number are in the range of minutes to hours.
#  (60 to 3600)
#
}	dead_time = 120
{
#  An ldflag attribute for all realms to be included in a round-robin 
#  setup must be specified, and that ldflag must be the same for all
#  realms of the same name.
#  Currently (0 or fail_over) and (1 or round_robin) are the 
#  supported values for ldflag.  Fail over is the default setup.
#
#  DO NOT INCLUDE LOCAL AUTH/ACCT HOST REALMS IN A ROUND-ROBIN QUEUE.


#
#  If all exact matching realms did not respond, we can try the
#  DEFAULT realm, too.  This is what the server normally does.
#
#  This behaviour may be undesired for some cases.  e.g. You are proxying
#  for two different ISP's, and then act as a general dial-up for Gric.
#  If one of the first two ISP's has their RADIUS server go down, you do
#  NOT want to proxy those requests to GRIC.  Instead, you probably want
#  to just drop the requests on the floor.  In that case, set this value
#  to 'no'.
#
#  allowed values: \{yes, no\}
#
}	default_fallback = yes
{
#
#  Older versions of the server would pass proxy requests through the
#  'authorize' sections twice; once when the packet was received
#  from the NAS, and again after the reply was received from the home
#  server.  Now that we have a 'post_proxy' section, the replies from
#  the home server should be sent through that, instead of through
#  the 'authorize' section again.
#
#  However, for backwards compatibility, this behaviour is configurable.
#  The default configuration is 'yes', for backwards compatibility.
#  To use ONLY the new 'post_proxy' section, set this value to 'no'.
#
#  allowed values: \{yes, no\}
#
}	post_proxy_authorize = yes
\}
