2005-06-19 10:27:40 +03:00
|
|
|
diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf
|
|
|
|
--- freeradius-1.0.4-old/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200
|
|
|
|
+++ freeradius-1.0.4-new/raddb/eap.conf 2005-06-18 18:53:06.000000000 +0200
|
2005-06-15 01:22:46 +03:00
|
|
|
@@ -72,8 +72,8 @@
|
|
|
|
# User-Password, or the NT-Password attributes.
|
|
|
|
# 'System' authentication is impossible with LEAP.
|
|
|
|
#
|
|
|
|
- leap {
|
|
|
|
- }
|
|
|
|
+# leap {
|
|
|
|
+# }
|
|
|
|
|
|
|
|
# Generic Token Card.
|
|
|
|
#
|
|
|
|
@@ -86,7 +86,7 @@
|
|
|
|
# the users password will go over the wire in plain-text,
|
|
|
|
# for anyone to see.
|
|
|
|
#
|
|
|
|
- gtc {
|
|
|
|
+# gtc {
|
|
|
|
# The default challenge, which many clients
|
|
|
|
# ignore..
|
|
|
|
#challenge = "Password: "
|
|
|
|
@@ -103,8 +103,8 @@
|
|
|
|
# configured for the request, and do the
|
|
|
|
# authentication itself.
|
|
|
|
#
|
|
|
|
- auth_type = PAP
|
|
|
|
- }
|
|
|
|
+# auth_type = PAP
|
|
|
|
+# }
|
|
|
|
|
|
|
|
## EAP-TLS
|
|
|
|
#
|
|
|
|
@@ -272,7 +272,7 @@
|
|
|
|
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
|
|
|
|
# currently support.
|
|
|
|
#
|
|
|
|
- mschapv2 {
|
|
|
|
- }
|
|
|
|
+# mschapv2 {
|
|
|
|
+# }
|
|
|
|
}
|
|
|
|
|
2005-06-19 10:27:40 +03:00
|
|
|
diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in
|
|
|
|
--- freeradius-1.0.4-old/raddb/radiusd.conf.in 2005-06-12 00:20:40.000000000 +0200
|
|
|
|
+++ freeradius-1.0.4-new/raddb/radiusd.conf.in 2005-06-18 18:53:32.000000000 +0200
|
2005-06-15 01:22:46 +03:00
|
|
|
@@ -31,13 +31,13 @@
|
|
|
|
|
|
|
|
# Location of config and logfiles.
|
|
|
|
confdir = ${raddbdir}
|
|
|
|
-run_dir = ${localstatedir}/run/radiusd
|
|
|
|
+run_dir = ${localstatedir}/run
|
|
|
|
|
|
|
|
#
|
|
|
|
# The logging messages for the server are appended to the
|
|
|
|
# tail of this file.
|
|
|
|
#
|
|
|
|
-log_file = ${logdir}/radius.log
|
|
|
|
+log_file = ${localstatedir}/log/radiusd.log
|
|
|
|
|
|
|
|
#
|
|
|
|
# libdir: Where to find the rlm_* modules.
|
|
|
|
@@ -353,7 +353,7 @@
|
|
|
|
nospace_pass = no
|
|
|
|
|
|
|
|
# The program to execute to do concurrency checks.
|
|
|
|
-checkrad = ${sbindir}/checkrad
|
|
|
|
+#checkrad = ${sbindir}/checkrad
|
|
|
|
|
|
|
|
# SECURITY CONFIGURATION
|
|
|
|
#
|
|
|
|
@@ -425,8 +425,8 @@
|
|
|
|
#
|
|
|
|
# allowed values: {no, yes}
|
|
|
|
#
|
|
|
|
-proxy_requests = yes
|
|
|
|
-$INCLUDE ${confdir}/proxy.conf
|
|
|
|
+proxy_requests = no
|
|
|
|
+#$INCLUDE ${confdir}/proxy.conf
|
|
|
|
|
|
|
|
|
|
|
|
# CLIENTS CONFIGURATION
|
|
|
|
@@ -454,7 +454,7 @@
|
|
|
|
# 'snmp' attribute to 'yes'
|
|
|
|
#
|
|
|
|
snmp = no
|
|
|
|
-$INCLUDE ${confdir}/snmp.conf
|
|
|
|
+#$INCLUDE ${confdir}/snmp.conf
|
|
|
|
|
|
|
|
|
|
|
|
# THREAD POOL CONFIGURATION
|
|
|
|
@@ -657,7 +657,7 @@
|
|
|
|
# For all EAP related authentications.
|
|
|
|
# Now in another file, because it is very large.
|
|
|
|
#
|
|
|
|
-$INCLUDE ${confdir}/eap.conf
|
|
|
|
+# $INCLUDE ${confdir}/eap.conf
|
|
|
|
|
|
|
|
# Microsoft CHAP authentication
|
|
|
|
#
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1034,8 +1034,8 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
#
|
|
|
|
files {
|
|
|
|
usersfile = ${confdir}/users
|
|
|
|
- acctusersfile = ${confdir}/acct_users
|
2005-06-19 10:27:40 +03:00
|
|
|
- preproxy_usersfile = ${confdir}/preproxy_users
|
2005-06-15 01:22:46 +03:00
|
|
|
+# acctusersfile = ${confdir}/acct_users
|
2005-06-19 10:27:40 +03:00
|
|
|
+# preproxy_usersfile = ${confdir}/preproxy_users
|
2005-06-15 01:22:46 +03:00
|
|
|
|
|
|
|
# If you want to use the old Cistron 'users' file
|
|
|
|
# with FreeRADIUS, you should change the next line
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1168,7 +1168,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# For MS-SQL, use: ${confdir}/mssql.conf
|
|
|
|
# For Oracle, use: ${confdir}/oraclesql.conf
|
|
|
|
#
|
|
|
|
- $INCLUDE ${confdir}/sql.conf
|
|
|
|
+# $INCLUDE ${confdir}/sql.conf
|
|
|
|
|
|
|
|
|
|
|
|
# For Cisco VoIP specific accounting with Postgresql,
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1536,7 +1536,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# The entire command line (and output) must fit into 253 bytes.
|
|
|
|
#
|
|
|
|
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
|
|
|
|
- exec
|
|
|
|
+# exec
|
|
|
|
|
|
|
|
#
|
|
|
|
# The expression module doesn't do authorization,
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1549,7 +1549,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# listed in any other section. See 'doc/rlm_expr' for
|
|
|
|
# more information.
|
|
|
|
#
|
|
|
|
- expr
|
|
|
|
+# expr
|
|
|
|
|
|
|
|
#
|
|
|
|
# We add the counter module here so that it registers
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1576,7 +1576,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# 'raddb/huntgroups' files.
|
|
|
|
#
|
|
|
|
# It also adds the %{Client-IP-Address} attribute to the request.
|
|
|
|
- preprocess
|
|
|
|
+# preprocess
|
|
|
|
|
|
|
|
#
|
|
|
|
# If you want to have a log of authentication requests,
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1589,7 +1589,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
#
|
|
|
|
# The chap module will set 'Auth-Type := CHAP' if we are
|
|
|
|
# handling a CHAP request and Auth-Type has not already been set
|
|
|
|
- chap
|
|
|
|
+# chap
|
|
|
|
|
|
|
|
#
|
|
|
|
# If the users are logging in with an MS-CHAP-Challenge
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1597,7 +1597,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
|
|
|
|
# to the request, which will cause the server to then use
|
|
|
|
# the mschap module for authentication.
|
|
|
|
- mschap
|
|
|
|
+# mschap
|
|
|
|
|
|
|
|
#
|
|
|
|
# If you have a Cisco SIP server authenticating against
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1617,7 +1617,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# Otherwise, when the first style of realm doesn't match,
|
|
|
|
# the other styles won't be checked.
|
|
|
|
#
|
|
|
|
- suffix
|
|
|
|
+# suffix
|
|
|
|
# ntdomain
|
|
|
|
|
|
|
|
#
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1626,11 +1626,11 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
#
|
|
|
|
# It also sets the EAP-Type attribute in the request
|
|
|
|
# attribute list to the EAP type from the packet.
|
|
|
|
- eap
|
|
|
|
+# eap
|
|
|
|
|
|
|
|
#
|
|
|
|
# Read the 'users' file
|
|
|
|
- files
|
|
|
|
+# files
|
|
|
|
|
|
|
|
#
|
|
|
|
# Look in an SQL database. The schema of the database
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1684,24 +1684,24 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# PAP authentication, when a back-end database listed
|
|
|
|
# in the 'authorize' section supplies a password. The
|
|
|
|
# password can be clear-text, or encrypted.
|
|
|
|
- Auth-Type PAP {
|
|
|
|
- pap
|
|
|
|
- }
|
|
|
|
+# Auth-Type PAP {
|
|
|
|
+# pap
|
|
|
|
+# }
|
|
|
|
|
|
|
|
#
|
|
|
|
# Most people want CHAP authentication
|
|
|
|
# A back-end database listed in the 'authorize' section
|
|
|
|
# MUST supply a CLEAR TEXT password. Encrypted passwords
|
|
|
|
# won't work.
|
|
|
|
- Auth-Type CHAP {
|
|
|
|
- chap
|
|
|
|
- }
|
|
|
|
+# Auth-Type CHAP {
|
|
|
|
+# chap
|
|
|
|
+# }
|
|
|
|
|
|
|
|
#
|
|
|
|
# MSCHAP authentication.
|
|
|
|
- Auth-Type MS-CHAP {
|
|
|
|
- mschap
|
|
|
|
- }
|
|
|
|
+# Auth-Type MS-CHAP {
|
|
|
|
+# mschap
|
|
|
|
+# }
|
|
|
|
|
|
|
|
#
|
|
|
|
# If you have a Cisco SIP server authenticating against
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1719,7 +1719,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# containing CHAP-Password attributes CANNOT be authenticated
|
|
|
|
# against /etc/passwd! See the FAQ for details.
|
|
|
|
#
|
|
|
|
- unix
|
|
|
|
+# unix
|
|
|
|
|
|
|
|
# Uncomment it if you want to use ldap for authentication
|
|
|
|
#
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1732,7 +1732,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
|
|
|
|
#
|
|
|
|
# Allow EAP authentication.
|
|
|
|
- eap
|
|
|
|
+# eap
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1740,12 +1740,12 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# Pre-accounting. Decide which accounting type to use.
|
|
|
|
#
|
|
|
|
preacct {
|
|
|
|
- preprocess
|
|
|
|
+# preprocess
|
|
|
|
|
|
|
|
#
|
|
|
|
# Ensure that we have a semi-unique identifier for every
|
|
|
|
# request, and many NAS boxes are broken.
|
|
|
|
- acct_unique
|
|
|
|
+# acct_unique
|
|
|
|
|
|
|
|
#
|
|
|
|
# Look for IPASS-style 'realm/', and if not found, look for
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1755,12 +1755,12 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# Accounting requests are generally proxied to the same
|
|
|
|
# home server as authentication requests.
|
|
|
|
# IPASS
|
|
|
|
- suffix
|
|
|
|
+# suffix
|
|
|
|
# ntdomain
|
|
|
|
|
|
|
|
#
|
|
|
|
# Read the 'acct_users' file
|
|
|
|
- files
|
|
|
|
+# files
|
|
|
|
}
|
|
|
|
|
|
|
|
#
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1771,20 +1771,20 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# Create a 'detail'ed log of the packets.
|
|
|
|
# Note that accounting requests which are proxied
|
|
|
|
# are also logged in the detail file.
|
|
|
|
- detail
|
|
|
|
+# detail
|
|
|
|
# daily
|
|
|
|
|
|
|
|
# Update the wtmp file
|
|
|
|
#
|
|
|
|
# If you don't use "radlast", you can delete this line.
|
|
|
|
- unix
|
|
|
|
+# unix
|
|
|
|
|
|
|
|
#
|
|
|
|
# For Simultaneous-Use tracking.
|
|
|
|
#
|
|
|
|
# Due to packet losses in the network, the data here
|
|
|
|
# may be incorrect. There is little we can do about it.
|
|
|
|
- radutmp
|
|
|
|
+# radutmp
|
|
|
|
# sradutmp
|
|
|
|
|
|
|
|
# Return an address to the IP Pool when we see a stop record.
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1807,7 +1807,7 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# or rlm_sql module can handle this.
|
|
|
|
# The rlm_sql module is *much* faster
|
|
|
|
session {
|
|
|
|
- radutmp
|
|
|
|
+# radutmp
|
|
|
|
|
|
|
|
#
|
|
|
|
# See "Simultaneous Use Checking Querie" in sql.conf
|
2005-06-19 10:27:40 +03:00
|
|
|
@@ -1904,5 +1904,5 @@
|
2005-06-15 01:22:46 +03:00
|
|
|
# hidden inside of the EAP packet, and the end server will
|
|
|
|
# reject the EAP request.
|
|
|
|
#
|
|
|
|
- eap
|
|
|
|
+# eap
|
|
|
|
}
|