b9e776e727
git-svn-id: svn://svn.openwrt.org/openwrt/packages@17958 3c298f89-4303-0410-b956-a3cf2f4a3e73
301 lines
6.5 KiB
Diff
301 lines
6.5 KiB
Diff
--- a/raddb/eap.conf
|
|
+++ b/raddb/eap.conf
|
|
@@ -73,8 +73,8 @@
|
|
# User-Password, or the NT-Password attributes.
|
|
# 'System' authentication is impossible with LEAP.
|
|
#
|
|
- leap {
|
|
- }
|
|
+# leap {
|
|
+# }
|
|
|
|
# Generic Token Card.
|
|
#
|
|
@@ -87,7 +87,7 @@
|
|
# the users password will go over the wire in plain-text,
|
|
# for anyone to see.
|
|
#
|
|
- gtc {
|
|
+# gtc {
|
|
# The default challenge, which many clients
|
|
# ignore..
|
|
#challenge = "Password: "
|
|
@@ -104,8 +104,8 @@
|
|
# configured for the request, and do the
|
|
# authentication itself.
|
|
#
|
|
- auth_type = PAP
|
|
- }
|
|
+# auth_type = PAP
|
|
+# }
|
|
|
|
## EAP-TLS
|
|
#
|
|
@@ -336,7 +336,7 @@
|
|
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
|
|
# currently support.
|
|
#
|
|
- mschapv2 {
|
|
- }
|
|
+# mschapv2 {
|
|
+# }
|
|
}
|
|
|
|
--- a/raddb/radiusd.conf.in
|
|
+++ b/raddb/radiusd.conf.in
|
|
@@ -31,13 +31,13 @@ radacctdir = @radacctdir@
|
|
|
|
# Location of config and logfiles.
|
|
confdir = ${raddbdir}
|
|
-run_dir = ${localstatedir}/run/radiusd
|
|
+run_dir = ${localstatedir}/run
|
|
|
|
#
|
|
# The logging messages for the server are appended to the
|
|
# tail of this file.
|
|
#
|
|
-log_file = ${logdir}/radius.log
|
|
+log_file = ${logdir}/radiusd.log
|
|
|
|
#
|
|
# libdir: Where to find the rlm_* modules.
|
|
@@ -353,7 +353,7 @@ nospace_user = no
|
|
nospace_pass = no
|
|
|
|
# The program to execute to do concurrency checks.
|
|
-checkrad = ${sbindir}/checkrad
|
|
+#checkrad = ${sbindir}/checkrad
|
|
|
|
# SECURITY CONFIGURATION
|
|
#
|
|
@@ -425,8 +425,8 @@ security {
|
|
#
|
|
# allowed values: {no, yes}
|
|
#
|
|
-proxy_requests = yes
|
|
-$INCLUDE ${confdir}/proxy.conf
|
|
+proxy_requests = no
|
|
+#$INCLUDE ${confdir}/proxy.conf
|
|
|
|
|
|
# CLIENTS CONFIGURATION
|
|
@@ -454,7 +454,7 @@ $INCLUDE ${confdir}/clients.conf
|
|
# 'snmp' attribute to 'yes'
|
|
#
|
|
snmp = no
|
|
-$INCLUDE ${confdir}/snmp.conf
|
|
+#$INCLUDE ${confdir}/snmp.conf
|
|
|
|
|
|
# THREAD POOL CONFIGURATION
|
|
@@ -665,7 +665,7 @@ modules {
|
|
# For all EAP related authentications.
|
|
# Now in another file, because it is very large.
|
|
#
|
|
-$INCLUDE ${confdir}/eap.conf
|
|
+#$INCLUDE ${confdir}/eap.conf
|
|
|
|
# Microsoft CHAP authentication
|
|
#
|
|
@@ -1066,8 +1066,8 @@ $INCLUDE ${confdir}/eap.conf
|
|
#
|
|
files {
|
|
usersfile = ${confdir}/users
|
|
- acctusersfile = ${confdir}/acct_users
|
|
- preproxy_usersfile = ${confdir}/preproxy_users
|
|
+# acctusersfile = ${confdir}/acct_users
|
|
+# preproxy_usersfile = ${confdir}/preproxy_users
|
|
|
|
# If you want to use the old Cistron 'users' file
|
|
# with FreeRADIUS, you should change the next line
|
|
@@ -1253,7 +1253,7 @@ $INCLUDE ${confdir}/eap.conf
|
|
# For MS-SQL, use: ${confdir}/mssql.conf
|
|
# For Oracle, use: ${confdir}/oraclesql.conf
|
|
#
|
|
- $INCLUDE ${confdir}/sql.conf
|
|
+# $INCLUDE ${confdir}/sql.conf
|
|
|
|
|
|
# For Cisco VoIP specific accounting with Postgresql,
|
|
@@ -1756,7 +1756,7 @@ instantiate {
|
|
# The entire command line (and output) must fit into 253 bytes.
|
|
#
|
|
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
|
|
- exec
|
|
+# exec
|
|
|
|
#
|
|
# The expression module doesn't do authorization,
|
|
@@ -1769,7 +1769,7 @@ instantiate {
|
|
# listed in any other section. See 'doc/rlm_expr' for
|
|
# more information.
|
|
#
|
|
- expr
|
|
+# expr
|
|
|
|
#
|
|
# We add the counter module here so that it registers
|
|
@@ -1796,7 +1796,7 @@ authorize {
|
|
# 'raddb/huntgroups' files.
|
|
#
|
|
# It also adds the %{Client-IP-Address} attribute to the request.
|
|
- preprocess
|
|
+# preprocess
|
|
|
|
#
|
|
# If you want to have a log of authentication requests,
|
|
@@ -1809,7 +1809,7 @@ authorize {
|
|
#
|
|
# The chap module will set 'Auth-Type := CHAP' if we are
|
|
# handling a CHAP request and Auth-Type has not already been set
|
|
- chap
|
|
+# chap
|
|
|
|
#
|
|
# If the users are logging in with an MS-CHAP-Challenge
|
|
@@ -1837,7 +1837,7 @@ authorize {
|
|
# Otherwise, when the first style of realm doesn't match,
|
|
# the other styles won't be checked.
|
|
#
|
|
- suffix
|
|
+# suffix
|
|
# ntdomain
|
|
|
|
#
|
|
@@ -1846,11 +1846,11 @@ authorize {
|
|
#
|
|
# It also sets the EAP-Type attribute in the request
|
|
# attribute list to the EAP type from the packet.
|
|
- eap
|
|
+# eap
|
|
|
|
#
|
|
# Read the 'users' file
|
|
- files
|
|
+# files
|
|
|
|
#
|
|
# Look in an SQL database. The schema of the database
|
|
@@ -1909,24 +1909,24 @@ authenticate {
|
|
# PAP authentication, when a back-end database listed
|
|
# in the 'authorize' section supplies a password. The
|
|
# password can be clear-text, or encrypted.
|
|
- Auth-Type PAP {
|
|
- pap
|
|
- }
|
|
+# Auth-Type PAP {
|
|
+# pap
|
|
+# }
|
|
|
|
#
|
|
# Most people want CHAP authentication
|
|
# A back-end database listed in the 'authorize' section
|
|
# MUST supply a CLEAR TEXT password. Encrypted passwords
|
|
# won't work.
|
|
- Auth-Type CHAP {
|
|
- chap
|
|
- }
|
|
+# Auth-Type CHAP {
|
|
+# chap
|
|
+# }
|
|
|
|
#
|
|
# MSCHAP authentication.
|
|
- Auth-Type MS-CHAP {
|
|
- mschap
|
|
- }
|
|
+# Auth-Type MS-CHAP {
|
|
+# mschap
|
|
+# }
|
|
|
|
#
|
|
# If you have a Cisco SIP server authenticating against
|
|
@@ -1944,7 +1944,7 @@ authenticate {
|
|
# containing CHAP-Password attributes CANNOT be authenticated
|
|
# against /etc/passwd! See the FAQ for details.
|
|
#
|
|
- unix
|
|
+# unix
|
|
|
|
# Uncomment it if you want to use ldap for authentication
|
|
#
|
|
@@ -1957,7 +1957,7 @@ authenticate {
|
|
|
|
#
|
|
# Allow EAP authentication.
|
|
- eap
|
|
+# eap
|
|
}
|
|
|
|
|
|
@@ -1965,12 +1965,12 @@ authenticate {
|
|
# Pre-accounting. Decide which accounting type to use.
|
|
#
|
|
preacct {
|
|
- preprocess
|
|
+# preprocess
|
|
|
|
#
|
|
# Ensure that we have a semi-unique identifier for every
|
|
# request, and many NAS boxes are broken.
|
|
- acct_unique
|
|
+# acct_unique
|
|
|
|
#
|
|
# Look for IPASS-style 'realm/', and if not found, look for
|
|
@@ -1980,12 +1980,12 @@ preacct {
|
|
# Accounting requests are generally proxied to the same
|
|
# home server as authentication requests.
|
|
# IPASS
|
|
- suffix
|
|
+# suffix
|
|
# ntdomain
|
|
|
|
#
|
|
# Read the 'acct_users' file
|
|
- files
|
|
+# files
|
|
}
|
|
|
|
#
|
|
@@ -1996,20 +1996,20 @@ accounting {
|
|
# Create a 'detail'ed log of the packets.
|
|
# Note that accounting requests which are proxied
|
|
# are also logged in the detail file.
|
|
- detail
|
|
+# detail
|
|
# daily
|
|
|
|
# Update the wtmp file
|
|
#
|
|
# If you don't use "radlast", you can delete this line.
|
|
- unix
|
|
+# unix
|
|
|
|
#
|
|
# For Simultaneous-Use tracking.
|
|
#
|
|
# Due to packet losses in the network, the data here
|
|
# may be incorrect. There is little we can do about it.
|
|
- radutmp
|
|
+# radutmp
|
|
# sradutmp
|
|
|
|
# Return an address to the IP Pool when we see a stop record.
|
|
@@ -2038,7 +2038,7 @@ accounting {
|
|
# or rlm_sql module can handle this.
|
|
# The rlm_sql module is *much* faster
|
|
session {
|
|
- radutmp
|
|
+# radutmp
|
|
|
|
#
|
|
# See "Simultaneous Use Checking Querie" in sql.conf
|
|
@@ -2142,5 +2142,5 @@ post-proxy {
|
|
# hidden inside of the EAP packet, and the end server will
|
|
# reject the EAP request.
|
|
#
|
|
- eap
|
|
+# eap
|
|
}
|