--- a/raddb/eap.conf +++ b/raddb/eap.conf @@ -73,8 +73,8 @@ # User-Password, or the NT-Password attributes. # 'System' authentication is impossible with LEAP. # - leap { - } +# leap { +# } # Generic Token Card. # @@ -87,7 +87,7 @@ # the users password will go over the wire in plain-text, # for anyone to see. # - gtc { +# gtc { # The default challenge, which many clients # ignore.. #challenge = "Password: " @@ -104,8 +104,8 @@ # configured for the request, and do the # authentication itself. # - auth_type = PAP - } +# auth_type = PAP +# } ## EAP-TLS # @@ -336,7 +336,7 @@ # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # - mschapv2 { - } +# mschapv2 { +# } } --- a/raddb/radiusd.conf.in +++ b/raddb/radiusd.conf.in @@ -31,13 +31,13 @@ radacctdir = @radacctdir@ # Location of config and logfiles. confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd +run_dir = ${localstatedir}/run # # The logging messages for the server are appended to the # tail of this file. # -log_file = ${logdir}/radius.log +log_file = ${logdir}/radiusd.log # # libdir: Where to find the rlm_* modules. @@ -353,7 +353,7 @@ nospace_user = no nospace_pass = no # The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad +#checkrad = ${sbindir}/checkrad # SECURITY CONFIGURATION # @@ -425,8 +425,8 @@ security { # # allowed values: {no, yes} # -proxy_requests = yes -$INCLUDE ${confdir}/proxy.conf +proxy_requests = no +#$INCLUDE ${confdir}/proxy.conf # CLIENTS CONFIGURATION @@ -454,7 +454,7 @@ $INCLUDE ${confdir}/clients.conf # 'snmp' attribute to 'yes' # snmp = no -$INCLUDE ${confdir}/snmp.conf +#$INCLUDE ${confdir}/snmp.conf # THREAD POOL CONFIGURATION @@ -665,7 +665,7 @@ modules { # For all EAP related authentications. # Now in another file, because it is very large. # -$INCLUDE ${confdir}/eap.conf +#$INCLUDE ${confdir}/eap.conf # Microsoft CHAP authentication # @@ -1066,8 +1066,8 @@ $INCLUDE ${confdir}/eap.conf # files { usersfile = ${confdir}/users - acctusersfile = ${confdir}/acct_users - preproxy_usersfile = ${confdir}/preproxy_users +# acctusersfile = ${confdir}/acct_users +# preproxy_usersfile = ${confdir}/preproxy_users # If you want to use the old Cistron 'users' file # with FreeRADIUS, you should change the next line @@ -1253,7 +1253,7 @@ $INCLUDE ${confdir}/eap.conf # For MS-SQL, use: ${confdir}/mssql.conf # For Oracle, use: ${confdir}/oraclesql.conf # - $INCLUDE ${confdir}/sql.conf +# $INCLUDE ${confdir}/sql.conf # For Cisco VoIP specific accounting with Postgresql, @@ -1756,7 +1756,7 @@ instantiate { # The entire command line (and output) must fit into 253 bytes. # # e.g. Framed-Pool = `%{exec:/bin/echo foo}` - exec +# exec # # The expression module doesn't do authorization, @@ -1769,7 +1769,7 @@ instantiate { # listed in any other section. See 'doc/rlm_expr' for # more information. # - expr +# expr # # We add the counter module here so that it registers @@ -1796,7 +1796,7 @@ authorize { # 'raddb/huntgroups' files. # # It also adds the %{Client-IP-Address} attribute to the request. - preprocess +# preprocess # # If you want to have a log of authentication requests, @@ -1809,7 +1809,7 @@ authorize { # # The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set - chap +# chap # # If the users are logging in with an MS-CHAP-Challenge @@ -1837,7 +1837,7 @@ authorize { # Otherwise, when the first style of realm doesn't match, # the other styles won't be checked. # - suffix +# suffix # ntdomain # @@ -1846,11 +1846,11 @@ authorize { # # It also sets the EAP-Type attribute in the request # attribute list to the EAP type from the packet. - eap +# eap # # Read the 'users' file - files +# files # # Look in an SQL database. The schema of the database @@ -1909,24 +1909,24 @@ authenticate { # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. - Auth-Type PAP { - pap - } +# Auth-Type PAP { +# pap +# } # # Most people want CHAP authentication # A back-end database listed in the 'authorize' section # MUST supply a CLEAR TEXT password. Encrypted passwords # won't work. - Auth-Type CHAP { - chap - } +# Auth-Type CHAP { +# chap +# } # # MSCHAP authentication. - Auth-Type MS-CHAP { - mschap - } +# Auth-Type MS-CHAP { +# mschap +# } # # If you have a Cisco SIP server authenticating against @@ -1944,7 +1944,7 @@ authenticate { # containing CHAP-Password attributes CANNOT be authenticated # against /etc/passwd! See the FAQ for details. # - unix +# unix # Uncomment it if you want to use ldap for authentication # @@ -1957,7 +1957,7 @@ authenticate { # # Allow EAP authentication. - eap +# eap } @@ -1965,12 +1965,12 @@ authenticate { # Pre-accounting. Decide which accounting type to use. # preacct { - preprocess +# preprocess # # Ensure that we have a semi-unique identifier for every # request, and many NAS boxes are broken. - acct_unique +# acct_unique # # Look for IPASS-style 'realm/', and if not found, look for @@ -1980,12 +1980,12 @@ preacct { # Accounting requests are generally proxied to the same # home server as authentication requests. # IPASS - suffix +# suffix # ntdomain # # Read the 'acct_users' file - files +# files } # @@ -1996,20 +1996,20 @@ accounting { # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. - detail +# detail # daily # Update the wtmp file # # If you don't use "radlast", you can delete this line. - unix +# unix # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There is little we can do about it. - radutmp +# radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. @@ -2038,7 +2038,7 @@ accounting { # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { - radutmp +# radutmp # # See "Simultaneous Use Checking Querie" in sql.conf @@ -2142,5 +2142,5 @@ post-proxy { # hidden inside of the EAP packet, and the end server will # reject the EAP request. # - eap +# eap }