1
0
mirror of git://projects.qi-hardware.com/openwrt-xburst.git synced 2024-12-22 19:21:08 +02:00
openwrt-xburst/package/freeradius/patches/02-freeradius-1.0.4-config.patch
nico b6547d17bc update freeradius to new upstream release (v1.0.5) (closes: #190)
git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2936 3c298f89-4303-0410-b956-a3cf2f4a3e73
2006-01-12 15:17:35 +00:00

312 lines
6.8 KiB
Diff

diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf
--- freeradius-1.0.4-old/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200
+++ freeradius-1.0.4-new/raddb/eap.conf 2005-06-18 18:53:06.000000000 +0200
@@ -72,8 +72,8 @@
# User-Password, or the NT-Password attributes.
# 'System' authentication is impossible with LEAP.
#
- leap {
- }
+# leap {
+# }
# Generic Token Card.
#
@@ -86,7 +86,7 @@
# the users password will go over the wire in plain-text,
# for anyone to see.
#
- gtc {
+# gtc {
# The default challenge, which many clients
# ignore..
#challenge = "Password: "
@@ -103,8 +103,8 @@
# configured for the request, and do the
# authentication itself.
#
- auth_type = PAP
- }
+# auth_type = PAP
+# }
## EAP-TLS
#
@@ -272,7 +272,7 @@
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
# currently support.
#
- mschapv2 {
- }
+# mschapv2 {
+# }
}
diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in
--- freeradius-1.0.4-old/raddb/radiusd.conf.in 2005-06-12 00:20:40.000000000 +0200
+++ freeradius-1.0.4-new/raddb/radiusd.conf.in 2005-06-18 18:53:32.000000000 +0200
@@ -31,13 +31,13 @@
# Location of config and logfiles.
confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
+run_dir = ${localstatedir}/run
#
# The logging messages for the server are appended to the
# tail of this file.
#
-log_file = ${logdir}/radius.log
+log_file = ${localstatedir}/log/radiusd.log
#
# libdir: Where to find the rlm_* modules.
@@ -353,7 +353,7 @@
nospace_pass = no
# The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
+#checkrad = ${sbindir}/checkrad
# SECURITY CONFIGURATION
#
@@ -425,8 +425,8 @@
#
# allowed values: {no, yes}
#
-proxy_requests = yes
-$INCLUDE ${confdir}/proxy.conf
+proxy_requests = no
+#$INCLUDE ${confdir}/proxy.conf
# CLIENTS CONFIGURATION
@@ -454,7 +454,7 @@
# 'snmp' attribute to 'yes'
#
snmp = no
-$INCLUDE ${confdir}/snmp.conf
+#$INCLUDE ${confdir}/snmp.conf
# THREAD POOL CONFIGURATION
@@ -657,7 +657,7 @@
# For all EAP related authentications.
# Now in another file, because it is very large.
#
-$INCLUDE ${confdir}/eap.conf
+# $INCLUDE ${confdir}/eap.conf
# Microsoft CHAP authentication
#
@@ -1034,8 +1034,8 @@
#
files {
usersfile = ${confdir}/users
- acctusersfile = ${confdir}/acct_users
- preproxy_usersfile = ${confdir}/preproxy_users
+# acctusersfile = ${confdir}/acct_users
+# preproxy_usersfile = ${confdir}/preproxy_users
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
@@ -1168,7 +1168,7 @@
# For MS-SQL, use: ${confdir}/mssql.conf
# For Oracle, use: ${confdir}/oraclesql.conf
#
- $INCLUDE ${confdir}/sql.conf
+# $INCLUDE ${confdir}/sql.conf
# For Cisco VoIP specific accounting with Postgresql,
@@ -1536,7 +1536,7 @@
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
- exec
+# exec
#
# The expression module doesn't do authorization,
@@ -1549,7 +1549,7 @@
# listed in any other section. See 'doc/rlm_expr' for
# more information.
#
- expr
+# expr
#
# We add the counter module here so that it registers
@@ -1576,7 +1576,7 @@
# 'raddb/huntgroups' files.
#
# It also adds the %{Client-IP-Address} attribute to the request.
- preprocess
+# preprocess
#
# If you want to have a log of authentication requests,
@@ -1589,7 +1589,7 @@
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
- chap
+# chap
#
# If the users are logging in with an MS-CHAP-Challenge
@@ -1597,7 +1597,7 @@
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
# to the request, which will cause the server to then use
# the mschap module for authentication.
- mschap
+# mschap
#
# If you have a Cisco SIP server authenticating against
@@ -1617,7 +1617,7 @@
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
- suffix
+# suffix
# ntdomain
#
@@ -1626,11 +1626,11 @@
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
- eap
+# eap
#
# Read the 'users' file
- files
+# files
#
# Look in an SQL database. The schema of the database
@@ -1684,24 +1684,24 @@
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
- Auth-Type PAP {
- pap
- }
+# Auth-Type PAP {
+# pap
+# }
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
- Auth-Type CHAP {
- chap
- }
+# Auth-Type CHAP {
+# chap
+# }
#
# MSCHAP authentication.
- Auth-Type MS-CHAP {
- mschap
- }
+# Auth-Type MS-CHAP {
+# mschap
+# }
#
# If you have a Cisco SIP server authenticating against
@@ -1719,7 +1719,7 @@
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
- unix
+# unix
# Uncomment it if you want to use ldap for authentication
#
@@ -1732,7 +1732,7 @@
#
# Allow EAP authentication.
- eap
+# eap
}
@@ -1740,12 +1740,12 @@
# Pre-accounting. Decide which accounting type to use.
#
preacct {
- preprocess
+# preprocess
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
- acct_unique
+# acct_unique
#
# Look for IPASS-style 'realm/', and if not found, look for
@@ -1755,12 +1755,12 @@
# Accounting requests are generally proxied to the same
# home server as authentication requests.
# IPASS
- suffix
+# suffix
# ntdomain
#
# Read the 'acct_users' file
- files
+# files
}
#
@@ -1771,20 +1771,20 @@
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
- detail
+# detail
# daily
# Update the wtmp file
#
# If you don't use "radlast", you can delete this line.
- unix
+# unix
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
- radutmp
+# radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
@@ -1807,7 +1807,7 @@
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
- radutmp
+# radutmp
#
# See "Simultaneous Use Checking Querie" in sql.conf
@@ -1904,5 +1904,5 @@
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
- eap
+# eap
}