Index: freeradius-1.1.6/raddb/eap.conf =================================================================== --- freeradius-1.1.6.orig/raddb/eap.conf 2007-07-30 14:17:42.000000000 -0500 +++ freeradius-1.1.6/raddb/eap.conf 2007-07-30 14:17:42.000000000 -0500 @@ -73,8 +73,8 @@ # User-Password, or the NT-Password attributes. # 'System' authentication is impossible with LEAP. # - leap { - } +# leap { +# } # Generic Token Card. # @@ -87,7 +87,7 @@ # the users password will go over the wire in plain-text, # for anyone to see. # - gtc { +# gtc { # The default challenge, which many clients # ignore.. #challenge = "Password: " @@ -104,8 +104,8 @@ # configured for the request, and do the # authentication itself. # - auth_type = PAP - } +# auth_type = PAP +# } ## EAP-TLS # @@ -329,7 +329,7 @@ # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not # currently support. # - mschapv2 { - } +# mschapv2 { +# } } Index: freeradius-1.1.6/raddb/radiusd.conf.in =================================================================== --- freeradius-1.1.6.orig/raddb/radiusd.conf.in 2007-07-30 14:17:42.000000000 -0500 +++ freeradius-1.1.6/raddb/radiusd.conf.in 2007-07-30 14:17:42.000000000 -0500 @@ -31,13 +31,13 @@ # Location of config and logfiles. confdir = ${raddbdir} -run_dir = ${localstatedir}/run/radiusd +run_dir = ${localstatedir}/run # # The logging messages for the server are appended to the # tail of this file. # -log_file = ${logdir}/radius.log +log_file = ${logdir}/radiusd.log # # libdir: Where to find the rlm_* modules. @@ -353,7 +353,7 @@ nospace_pass = no # The program to execute to do concurrency checks. -checkrad = ${sbindir}/checkrad +#checkrad = ${sbindir}/checkrad # SECURITY CONFIGURATION # @@ -425,8 +425,8 @@ # # allowed values: {no, yes} # -proxy_requests = yes -$INCLUDE ${confdir}/proxy.conf +proxy_requests = no +#$INCLUDE ${confdir}/proxy.conf # CLIENTS CONFIGURATION @@ -454,7 +454,7 @@ # 'snmp' attribute to 'yes' # snmp = no -$INCLUDE ${confdir}/snmp.conf +#$INCLUDE ${confdir}/snmp.conf # THREAD POOL CONFIGURATION @@ -665,7 +665,7 @@ # For all EAP related authentications. # Now in another file, because it is very large. # -$INCLUDE ${confdir}/eap.conf +#$INCLUDE ${confdir}/eap.conf # Microsoft CHAP authentication # @@ -1066,8 +1066,8 @@ # files { usersfile = ${confdir}/users - acctusersfile = ${confdir}/acct_users - preproxy_usersfile = ${confdir}/preproxy_users +# acctusersfile = ${confdir}/acct_users +# preproxy_usersfile = ${confdir}/preproxy_users # If you want to use the old Cistron 'users' file # with FreeRADIUS, you should change the next line @@ -1253,7 +1253,7 @@ # For MS-SQL, use: ${confdir}/mssql.conf # For Oracle, use: ${confdir}/oraclesql.conf # - $INCLUDE ${confdir}/sql.conf +# $INCLUDE ${confdir}/sql.conf # For Cisco VoIP specific accounting with Postgresql, @@ -1755,7 +1755,7 @@ # The entire command line (and output) must fit into 253 bytes. # # e.g. Framed-Pool = `%{exec:/bin/echo foo}` - exec +# exec # # The expression module doesn't do authorization, @@ -1768,7 +1768,7 @@ # listed in any other section. See 'doc/rlm_expr' for # more information. # - expr +# expr # # We add the counter module here so that it registers @@ -1795,7 +1795,7 @@ # 'raddb/huntgroups' files. # # It also adds the %{Client-IP-Address} attribute to the request. - preprocess +# preprocess # # If you want to have a log of authentication requests, @@ -1808,7 +1808,7 @@ # # The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set - chap +# chap # # If the users are logging in with an MS-CHAP-Challenge @@ -1836,7 +1836,7 @@ # Otherwise, when the first style of realm doesn't match, # the other styles won't be checked. # - suffix +# suffix # ntdomain # @@ -1845,11 +1845,11 @@ # # It also sets the EAP-Type attribute in the request # attribute list to the EAP type from the packet. - eap +# eap # # Read the 'users' file - files +# files # # Look in an SQL database. The schema of the database @@ -1908,24 +1908,24 @@ # PAP authentication, when a back-end database listed # in the 'authorize' section supplies a password. The # password can be clear-text, or encrypted. - Auth-Type PAP { - pap - } +# Auth-Type PAP { +# pap +# } # # Most people want CHAP authentication # A back-end database listed in the 'authorize' section # MUST supply a CLEAR TEXT password. Encrypted passwords # won't work. - Auth-Type CHAP { - chap - } +# Auth-Type CHAP { +# chap +# } # # MSCHAP authentication. - Auth-Type MS-CHAP { - mschap - } +# Auth-Type MS-CHAP { +# mschap +# } # # If you have a Cisco SIP server authenticating against @@ -1943,7 +1943,7 @@ # containing CHAP-Password attributes CANNOT be authenticated # against /etc/passwd! See the FAQ for details. # - unix +# unix # Uncomment it if you want to use ldap for authentication # @@ -1956,7 +1956,7 @@ # # Allow EAP authentication. - eap +# eap } @@ -1964,12 +1964,12 @@ # Pre-accounting. Decide which accounting type to use. # preacct { - preprocess +# preprocess # # Ensure that we have a semi-unique identifier for every # request, and many NAS boxes are broken. - acct_unique +# acct_unique # # Look for IPASS-style 'realm/', and if not found, look for @@ -1979,12 +1979,12 @@ # Accounting requests are generally proxied to the same # home server as authentication requests. # IPASS - suffix +# suffix # ntdomain # # Read the 'acct_users' file - files +# files } # @@ -1995,20 +1995,20 @@ # Create a 'detail'ed log of the packets. # Note that accounting requests which are proxied # are also logged in the detail file. - detail +# detail # daily # Update the wtmp file # # If you don't use "radlast", you can delete this line. - unix +# unix # # For Simultaneous-Use tracking. # # Due to packet losses in the network, the data here # may be incorrect. There is little we can do about it. - radutmp +# radutmp # sradutmp # Return an address to the IP Pool when we see a stop record. @@ -2036,7 +2036,7 @@ # or rlm_sql module can handle this. # The rlm_sql module is *much* faster session { - radutmp +# radutmp # # See "Simultaneous Use Checking Querie" in sql.conf @@ -2139,5 +2139,5 @@ # hidden inside of the EAP packet, and the end server will # reject the EAP request. # - eap +# eap }