add detail, preprocess and realm sub-packages,
[openwrt.git] / package / freeradius / patches / 02-config.patch
1 diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf
2 --- freeradius-1.0.4-old/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200
3 +++ freeradius-1.0.4-new/raddb/eap.conf 2005-06-18 18:53:06.000000000 +0200
4 @@ -72,8 +72,8 @@
5 # User-Password, or the NT-Password attributes.
6 # 'System' authentication is impossible with LEAP.
7 #
8 - leap {
9 - }
10 +# leap {
11 +# }
12
13 # Generic Token Card.
14 #
15 @@ -86,7 +86,7 @@
16 # the users password will go over the wire in plain-text,
17 # for anyone to see.
18 #
19 - gtc {
20 +# gtc {
21 # The default challenge, which many clients
22 # ignore..
23 #challenge = "Password: "
24 @@ -103,8 +103,8 @@
25 # configured for the request, and do the
26 # authentication itself.
27 #
28 - auth_type = PAP
29 - }
30 +# auth_type = PAP
31 +# }
32
33 ## EAP-TLS
34 #
35 @@ -272,7 +272,7 @@
36 # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
37 # currently support.
38 #
39 - mschapv2 {
40 - }
41 +# mschapv2 {
42 +# }
43 }
44
45 diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in
46 --- freeradius-1.0.4-old/raddb/radiusd.conf.in 2005-06-12 00:20:40.000000000 +0200
47 +++ freeradius-1.0.4-new/raddb/radiusd.conf.in 2005-06-18 18:53:32.000000000 +0200
48 @@ -31,13 +31,13 @@
49
50 # Location of config and logfiles.
51 confdir = ${raddbdir}
52 -run_dir = ${localstatedir}/run/radiusd
53 +run_dir = ${localstatedir}/run
54
55 #
56 # The logging messages for the server are appended to the
57 # tail of this file.
58 #
59 -log_file = ${logdir}/radius.log
60 +log_file = ${localstatedir}/log/radiusd.log
61
62 #
63 # libdir: Where to find the rlm_* modules.
64 @@ -353,7 +353,7 @@
65 nospace_pass = no
66
67 # The program to execute to do concurrency checks.
68 -checkrad = ${sbindir}/checkrad
69 +#checkrad = ${sbindir}/checkrad
70
71 # SECURITY CONFIGURATION
72 #
73 @@ -425,8 +425,8 @@
74 #
75 # allowed values: {no, yes}
76 #
77 -proxy_requests = yes
78 -$INCLUDE ${confdir}/proxy.conf
79 +proxy_requests = no
80 +#$INCLUDE ${confdir}/proxy.conf
81
82
83 # CLIENTS CONFIGURATION
84 @@ -454,7 +454,7 @@
85 # 'snmp' attribute to 'yes'
86 #
87 snmp = no
88 -$INCLUDE ${confdir}/snmp.conf
89 +#$INCLUDE ${confdir}/snmp.conf
90
91
92 # THREAD POOL CONFIGURATION
93 @@ -657,7 +657,7 @@
94 # For all EAP related authentications.
95 # Now in another file, because it is very large.
96 #
97 -$INCLUDE ${confdir}/eap.conf
98 +# $INCLUDE ${confdir}/eap.conf
99
100 # Microsoft CHAP authentication
101 #
102 @@ -1034,8 +1034,8 @@
103 #
104 files {
105 usersfile = ${confdir}/users
106 - acctusersfile = ${confdir}/acct_users
107 - preproxy_usersfile = ${confdir}/preproxy_users
108 +# acctusersfile = ${confdir}/acct_users
109 +# preproxy_usersfile = ${confdir}/preproxy_users
110
111 # If you want to use the old Cistron 'users' file
112 # with FreeRADIUS, you should change the next line
113 @@ -1168,7 +1168,7 @@
114 # For MS-SQL, use: ${confdir}/mssql.conf
115 # For Oracle, use: ${confdir}/oraclesql.conf
116 #
117 - $INCLUDE ${confdir}/sql.conf
118 +# $INCLUDE ${confdir}/sql.conf
119
120
121 # For Cisco VoIP specific accounting with Postgresql,
122 @@ -1536,7 +1536,7 @@
123 # The entire command line (and output) must fit into 253 bytes.
124 #
125 # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
126 - exec
127 +# exec
128
129 #
130 # The expression module doesn't do authorization,
131 @@ -1549,7 +1549,7 @@
132 # listed in any other section. See 'doc/rlm_expr' for
133 # more information.
134 #
135 - expr
136 +# expr
137
138 #
139 # We add the counter module here so that it registers
140 @@ -1576,7 +1576,7 @@
141 # 'raddb/huntgroups' files.
142 #
143 # It also adds the %{Client-IP-Address} attribute to the request.
144 - preprocess
145 +# preprocess
146
147 #
148 # If you want to have a log of authentication requests,
149 @@ -1589,7 +1589,7 @@
150 #
151 # The chap module will set 'Auth-Type := CHAP' if we are
152 # handling a CHAP request and Auth-Type has not already been set
153 - chap
154 +# chap
155
156 #
157 # If the users are logging in with an MS-CHAP-Challenge
158 @@ -1597,7 +1597,7 @@
159 # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
160 # to the request, which will cause the server to then use
161 # the mschap module for authentication.
162 - mschap
163 +# mschap
164
165 #
166 # If you have a Cisco SIP server authenticating against
167 @@ -1617,7 +1617,7 @@
168 # Otherwise, when the first style of realm doesn't match,
169 # the other styles won't be checked.
170 #
171 - suffix
172 +# suffix
173 # ntdomain
174
175 #
176 @@ -1626,11 +1626,11 @@
177 #
178 # It also sets the EAP-Type attribute in the request
179 # attribute list to the EAP type from the packet.
180 - eap
181 +# eap
182
183 #
184 # Read the 'users' file
185 - files
186 +# files
187
188 #
189 # Look in an SQL database. The schema of the database
190 @@ -1684,24 +1684,24 @@
191 # PAP authentication, when a back-end database listed
192 # in the 'authorize' section supplies a password. The
193 # password can be clear-text, or encrypted.
194 - Auth-Type PAP {
195 - pap
196 - }
197 +# Auth-Type PAP {
198 +# pap
199 +# }
200
201 #
202 # Most people want CHAP authentication
203 # A back-end database listed in the 'authorize' section
204 # MUST supply a CLEAR TEXT password. Encrypted passwords
205 # won't work.
206 - Auth-Type CHAP {
207 - chap
208 - }
209 +# Auth-Type CHAP {
210 +# chap
211 +# }
212
213 #
214 # MSCHAP authentication.
215 - Auth-Type MS-CHAP {
216 - mschap
217 - }
218 +# Auth-Type MS-CHAP {
219 +# mschap
220 +# }
221
222 #
223 # If you have a Cisco SIP server authenticating against
224 @@ -1719,7 +1719,7 @@
225 # containing CHAP-Password attributes CANNOT be authenticated
226 # against /etc/passwd! See the FAQ for details.
227 #
228 - unix
229 +# unix
230
231 # Uncomment it if you want to use ldap for authentication
232 #
233 @@ -1732,7 +1732,7 @@
234
235 #
236 # Allow EAP authentication.
237 - eap
238 +# eap
239 }
240
241
242 @@ -1740,12 +1740,12 @@
243 # Pre-accounting. Decide which accounting type to use.
244 #
245 preacct {
246 - preprocess
247 +# preprocess
248
249 #
250 # Ensure that we have a semi-unique identifier for every
251 # request, and many NAS boxes are broken.
252 - acct_unique
253 +# acct_unique
254
255 #
256 # Look for IPASS-style 'realm/', and if not found, look for
257 @@ -1755,12 +1755,12 @@
258 # Accounting requests are generally proxied to the same
259 # home server as authentication requests.
260 # IPASS
261 - suffix
262 +# suffix
263 # ntdomain
264
265 #
266 # Read the 'acct_users' file
267 - files
268 +# files
269 }
270
271 #
272 @@ -1771,20 +1771,20 @@
273 # Create a 'detail'ed log of the packets.
274 # Note that accounting requests which are proxied
275 # are also logged in the detail file.
276 - detail
277 +# detail
278 # daily
279
280 # Update the wtmp file
281 #
282 # If you don't use "radlast", you can delete this line.
283 - unix
284 +# unix
285
286 #
287 # For Simultaneous-Use tracking.
288 #
289 # Due to packet losses in the network, the data here
290 # may be incorrect. There is little we can do about it.
291 - radutmp
292 +# radutmp
293 # sradutmp
294
295 # Return an address to the IP Pool when we see a stop record.
296 @@ -1807,7 +1807,7 @@
297 # or rlm_sql module can handle this.
298 # The rlm_sql module is *much* faster
299 session {
300 - radutmp
301 +# radutmp
302
303 #
304 # See "Simultaneous Use Checking Querie" in sql.conf
305 @@ -1904,5 +1904,5 @@
306 # hidden inside of the EAP packet, and the end server will
307 # reject the EAP request.
308 #
309 - eap
310 +# eap
311 }
This page took 0.053891 seconds and 5 git commands to generate.