openwrtv4/openwrt/package/freeradius/patches/02-freeradius-1.1.1-config.patch
Nicolas Thill 4f1fa57c09 update freeradius to v1.1.1.
SVN-Revision: 3830
2006-05-27 13:56:04 +00:00

302 lines
6.5 KiB
Diff

diff -ruN freeradius-1.1.1-old/raddb/eap.conf freeradius-1.1.1-new/raddb/eap.conf
--- freeradius-1.1.1-old/raddb/eap.conf 2006-01-04 15:29:29.000000000 +0100
+++ freeradius-1.1.1-new/raddb/eap.conf 2006-05-22 23:29:11.000000000 +0200
@@ -73,8 +73,8 @@
# User-Password, or the NT-Password attributes.
# 'System' authentication is impossible with LEAP.
#
- leap {
- }
+# leap {
+# }
# Generic Token Card.
#
@@ -87,7 +87,7 @@
# the users password will go over the wire in plain-text,
# for anyone to see.
#
- gtc {
+# gtc {
# The default challenge, which many clients
# ignore..
#challenge = "Password: "
@@ -104,8 +104,8 @@
# configured for the request, and do the
# authentication itself.
#
- auth_type = PAP
- }
+# auth_type = PAP
+# }
## EAP-TLS
#
@@ -283,7 +283,7 @@
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
# currently support.
#
- mschapv2 {
- }
+# mschapv2 {
+# }
}
diff -ruN freeradius-1.1.1-old/raddb/radiusd.conf.in freeradius-1.1.1-new/raddb/radiusd.conf.in
--- freeradius-1.1.1-old/raddb/radiusd.conf.in 2006-02-10 16:12:02.000000000 +0100
+++ freeradius-1.1.1-new/raddb/radiusd.conf.in 2006-05-22 23:33:53.000000000 +0200
@@ -31,13 +31,13 @@
# Location of config and logfiles.
confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
+run_dir = ${localstatedir}/run
#
# The logging messages for the server are appended to the
# tail of this file.
#
-log_file = ${logdir}/radius.log
+log_file = ${logdir}/radiusd.log
#
# libdir: Where to find the rlm_* modules.
@@ -353,7 +353,7 @@
nospace_pass = no
# The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
+#checkrad = ${sbindir}/checkrad
# SECURITY CONFIGURATION
#
@@ -425,8 +425,8 @@
#
# allowed values: {no, yes}
#
-proxy_requests = yes
-$INCLUDE ${confdir}/proxy.conf
+proxy_requests = no
+#$INCLUDE ${confdir}/proxy.conf
# CLIENTS CONFIGURATION
@@ -454,7 +454,7 @@
# 'snmp' attribute to 'yes'
#
snmp = no
-$INCLUDE ${confdir}/snmp.conf
+#$INCLUDE ${confdir}/snmp.conf
# THREAD POOL CONFIGURATION
@@ -657,7 +657,7 @@
# For all EAP related authentications.
# Now in another file, because it is very large.
#
-$INCLUDE ${confdir}/eap.conf
+#$INCLUDE ${confdir}/eap.conf
# Microsoft CHAP authentication
#
@@ -1046,8 +1046,8 @@
#
files {
usersfile = ${confdir}/users
- acctusersfile = ${confdir}/acct_users
- preproxy_usersfile = ${confdir}/preproxy_users
+# acctusersfile = ${confdir}/acct_users
+# preproxy_usersfile = ${confdir}/preproxy_users
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
@@ -1221,7 +1221,7 @@
# For MS-SQL, use: ${confdir}/mssql.conf
# For Oracle, use: ${confdir}/oraclesql.conf
#
- $INCLUDE ${confdir}/sql.conf
+# $INCLUDE ${confdir}/sql.conf
# For Cisco VoIP specific accounting with Postgresql,
@@ -1694,7 +1694,7 @@
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
- exec
+# exec
#
# The expression module doesn't do authorization,
@@ -1707,7 +1707,7 @@
# listed in any other section. See 'doc/rlm_expr' for
# more information.
#
- expr
+# expr
#
# We add the counter module here so that it registers
@@ -1734,7 +1734,7 @@
# 'raddb/huntgroups' files.
#
# It also adds the %{Client-IP-Address} attribute to the request.
- preprocess
+# preprocess
#
# If you want to have a log of authentication requests,
@@ -1747,7 +1747,7 @@
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
- chap
+# chap
#
# If the users are logging in with an MS-CHAP-Challenge
@@ -1775,7 +1775,7 @@
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
- suffix
+# suffix
# ntdomain
#
@@ -1784,11 +1784,11 @@
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
- eap
+# eap
#
# Read the 'users' file
- files
+# files
#
# Look in an SQL database. The schema of the database
@@ -1842,24 +1842,24 @@
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
- Auth-Type PAP {
- pap
- }
+# Auth-Type PAP {
+# pap
+# }
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
- Auth-Type CHAP {
- chap
- }
+# Auth-Type CHAP {
+# chap
+# }
#
# MSCHAP authentication.
- Auth-Type MS-CHAP {
- mschap
- }
+# Auth-Type MS-CHAP {
+# mschap
+# }
#
# If you have a Cisco SIP server authenticating against
@@ -1877,7 +1877,7 @@
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
- unix
+# unix
# Uncomment it if you want to use ldap for authentication
#
@@ -1890,7 +1890,7 @@
#
# Allow EAP authentication.
- eap
+# eap
}
@@ -1898,12 +1898,12 @@
# Pre-accounting. Decide which accounting type to use.
#
preacct {
- preprocess
+# preprocess
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
- acct_unique
+# acct_unique
#
# Look for IPASS-style 'realm/', and if not found, look for
@@ -1913,12 +1913,12 @@
# Accounting requests are generally proxied to the same
# home server as authentication requests.
# IPASS
- suffix
+# suffix
# ntdomain
#
# Read the 'acct_users' file
- files
+# files
}
#
@@ -1929,20 +1929,20 @@
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
- detail
+# detail
# daily
# Update the wtmp file
#
# If you don't use "radlast", you can delete this line.
- unix
+# unix
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
- radutmp
+# radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
@@ -1970,7 +1970,7 @@
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
- radutmp
+# radutmp
#
# See "Simultaneous Use Checking Querie" in sql.conf
@@ -2073,5 +2073,5 @@
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
- eap
+# eap
}