--- a/raddb/eap.conf
+++ b/raddb/eap.conf
@@ -73,8 +73,8 @@
# User-Password, or the NT-Password attributes.
# 'System' authentication is impossible with LEAP.
#
- leap {
- }
+# leap {
+# }
# Generic Token Card.
#
@@ -87,7 +87,7 @@
# the users password will go over the wire in plain-text,
# for anyone to see.
#
- gtc {
+# gtc {
# The default challenge, which many clients
# ignore..
#challenge = "Password: "
@@ -104,8 +104,8 @@
# configured for the request, and do the
# authentication itself.
#
- auth_type = PAP
- }
+# auth_type = PAP
+# }
## EAP-TLS
#
@@ -336,7 +336,7 @@
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
# currently support.
#
- mschapv2 {
- }
+# mschapv2 {
+# }
}
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -31,13 +31,13 @@ radacctdir = @radacctdir@
# Location of config and logfiles.
confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
+run_dir = ${localstatedir}/run
#
# The logging messages for the server are appended to the
# tail of this file.
#
-log_file = ${logdir}/radius.log
+log_file = ${logdir}/radiusd.log
#
# libdir: Where to find the rlm_* modules.
@@ -353,7 +353,7 @@ nospace_user = no
nospace_pass = no
# The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
+#checkrad = ${sbindir}/checkrad
# SECURITY CONFIGURATION
#
@@ -425,8 +425,8 @@ security {
#
# allowed values: {no, yes}
#
-proxy_requests = yes
-$INCLUDE ${confdir}/proxy.conf
+proxy_requests = no
+#$INCLUDE ${confdir}/proxy.conf
# CLIENTS CONFIGURATION
@@ -454,7 +454,7 @@ $INCLUDE ${confdir}/clients.conf
# 'snmp' attribute to 'yes'
#
snmp = no
-$INCLUDE ${confdir}/snmp.conf
+#$INCLUDE ${confdir}/snmp.conf
# THREAD POOL CONFIGURATION
@@ -665,7 +665,7 @@ modules {
# For all EAP related authentications.
# Now in another file, because it is very large.
#
-$INCLUDE ${confdir}/eap.conf
+#$INCLUDE ${confdir}/eap.conf
# Microsoft CHAP authentication
#
@@ -1066,8 +1066,8 @@ $INCLUDE ${confdir}/eap.conf
#
files {
usersfile = ${confdir}/users
- acctusersfile = ${confdir}/acct_users
- preproxy_usersfile = ${confdir}/preproxy_users
+# acctusersfile = ${confdir}/acct_users
+# preproxy_usersfile = ${confdir}/preproxy_users
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
@@ -1253,7 +1253,7 @@ $INCLUDE ${confdir}/eap.conf
# For MS-SQL, use: ${confdir}/mssql.conf
# For Oracle, use: ${confdir}/oraclesql.conf
#
- $INCLUDE ${confdir}/sql.conf
+# $INCLUDE ${confdir}/sql.conf
# For Cisco VoIP specific accounting with Postgresql,
@@ -1756,7 +1756,7 @@ instantiate {
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
- exec
+# exec
#
# The expression module doesn't do authorization,
@@ -1769,7 +1769,7 @@ instantiate {
# listed in any other section. See 'doc/rlm_expr' for
# more information.
#
- expr
+# expr
#
# We add the counter module here so that it registers
@@ -1796,7 +1796,7 @@ authorize {
# 'raddb/huntgroups' files.
#
# It also adds the %{Client-IP-Address} attribute to the request.
- preprocess
+# preprocess
#
# If you want to have a log of authentication requests,
@@ -1809,7 +1809,7 @@ authorize {
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
- chap
+# chap
#
# If the users are logging in with an MS-CHAP-Challenge
@@ -1837,7 +1837,7 @@ authorize {
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
- suffix
+# suffix
# ntdomain
#
@@ -1846,11 +1846,11 @@ authorize {
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
- eap
+# eap
#
# Read the 'users' file
- files
+# files
#
# Look in an SQL database. The schema of the database
@@ -1909,24 +1909,24 @@ authenticate {
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
- Auth-Type PAP {
- pap
- }
+# Auth-Type PAP {
+# pap
+# }
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
- Auth-Type CHAP {
- chap
- }
+# Auth-Type CHAP {
+# chap
+# }
#
# MSCHAP authentication.
- Auth-Type MS-CHAP {
- mschap
- }
+# Auth-Type MS-CHAP {
+# mschap
+# }
#
# If you have a Cisco SIP server authenticating against
@@ -1944,7 +1944,7 @@ authenticate {
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
- unix
+# unix
# Uncomment it if you want to use ldap for authentication
#
@@ -1957,7 +1957,7 @@ authenticate {
#
# Allow EAP authentication.
- eap
+# eap
}
@@ -1965,12 +1965,12 @@ authenticate {
# Pre-accounting. Decide which accounting type to use.
#
preacct {
- preprocess
+# preprocess
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
- acct_unique
+# acct_unique
#
# Look for IPASS-style 'realm/', and if not found, look for
@@ -1980,12 +1980,12 @@ preacct {
# Accounting requests are generally proxied to the same
# home server as authentication requests.
# IPASS
- suffix
+# suffix
# ntdomain
#
# Read the 'acct_users' file
- files
+# files
}
#
@@ -1996,20 +1996,20 @@ accounting {
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
- detail
+# detail
# daily
# Update the wtmp file
#
# If you don't use "radlast", you can delete this line.
- unix
+# unix
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
- radutmp
+# radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
@@ -2038,7 +2038,7 @@ accounting {
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
- radutmp
+# radutmp
#
# See "Simultaneous Use Checking Querie" in sql.conf
@@ -2142,5 +2142,5 @@ post-proxy {
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
- eap
+# eap
}