310 lines
6.7 KiB
Diff
310 lines
6.7 KiB
Diff
|
diff -ruN freeradius-1.0.2-orig/raddb/eap.conf freeradius-1.0.2-2/raddb/eap.conf
|
||
|
--- freeradius-1.0.2-orig/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200
|
||
|
+++ freeradius-1.0.2-2/raddb/eap.conf 2005-03-13 23:05:13.000000000 +0100
|
||
|
@@ -72,8 +72,8 @@
|
||
|
# User-Password, or the NT-Password attributes.
|
||
|
# 'System' authentication is impossible with LEAP.
|
||
|
#
|
||
|
- leap {
|
||
|
- }
|
||
|
+# leap {
|
||
|
+# }
|
||
|
|
||
|
# Generic Token Card.
|
||
|
#
|
||
|
@@ -86,7 +86,7 @@
|
||
|
# the users password will go over the wire in plain-text,
|
||
|
# for anyone to see.
|
||
|
#
|
||
|
- gtc {
|
||
|
+# gtc {
|
||
|
# The default challenge, which many clients
|
||
|
# ignore..
|
||
|
#challenge = "Password: "
|
||
|
@@ -103,8 +103,8 @@
|
||
|
# configured for the request, and do the
|
||
|
# authentication itself.
|
||
|
#
|
||
|
- auth_type = PAP
|
||
|
- }
|
||
|
+# auth_type = PAP
|
||
|
+# }
|
||
|
|
||
|
## EAP-TLS
|
||
|
#
|
||
|
@@ -272,7 +272,7 @@
|
||
|
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
|
||
|
# currently support.
|
||
|
#
|
||
|
- mschapv2 {
|
||
|
- }
|
||
|
+# mschapv2 {
|
||
|
+# }
|
||
|
}
|
||
|
|
||
|
diff -ruN freeradius-1.0.2-orig/raddb/radiusd.conf.in freeradius-1.0.2-2/raddb/radiusd.conf.in
|
||
|
--- freeradius-1.0.2-orig/raddb/radiusd.conf.in 2005-02-07 20:52:05.000000000 +0100
|
||
|
+++ freeradius-1.0.2-2/raddb/radiusd.conf.in 2005-03-13 23:05:13.000000000 +0100
|
||
|
@@ -31,13 +31,13 @@
|
||
|
|
||
|
# Location of config and logfiles.
|
||
|
confdir = ${raddbdir}
|
||
|
-run_dir = ${localstatedir}/run/radiusd
|
||
|
+run_dir = ${localstatedir}/run
|
||
|
|
||
|
#
|
||
|
# The logging messages for the server are appended to the
|
||
|
# tail of this file.
|
||
|
#
|
||
|
-log_file = ${logdir}/radius.log
|
||
|
+log_file = ${localstatedir}/log/radiusd.log
|
||
|
|
||
|
#
|
||
|
# libdir: Where to find the rlm_* modules.
|
||
|
@@ -353,7 +353,7 @@
|
||
|
nospace_pass = no
|
||
|
|
||
|
# The program to execute to do concurrency checks.
|
||
|
-checkrad = ${sbindir}/checkrad
|
||
|
+#checkrad = ${sbindir}/checkrad
|
||
|
|
||
|
# SECURITY CONFIGURATION
|
||
|
#
|
||
|
@@ -425,8 +425,8 @@
|
||
|
#
|
||
|
# allowed values: {no, yes}
|
||
|
#
|
||
|
-proxy_requests = yes
|
||
|
-$INCLUDE ${confdir}/proxy.conf
|
||
|
+proxy_requests = no
|
||
|
+#$INCLUDE ${confdir}/proxy.conf
|
||
|
|
||
|
|
||
|
# CLIENTS CONFIGURATION
|
||
|
@@ -454,7 +454,7 @@
|
||
|
# 'snmp' attribute to 'yes'
|
||
|
#
|
||
|
snmp = no
|
||
|
-$INCLUDE ${confdir}/snmp.conf
|
||
|
+#$INCLUDE ${confdir}/snmp.conf
|
||
|
|
||
|
|
||
|
# THREAD POOL CONFIGURATION
|
||
|
@@ -657,7 +657,7 @@
|
||
|
# For all EAP related authentications.
|
||
|
# Now in another file, because it is very large.
|
||
|
#
|
||
|
-$INCLUDE ${confdir}/eap.conf
|
||
|
+# $INCLUDE ${confdir}/eap.conf
|
||
|
|
||
|
# Microsoft CHAP authentication
|
||
|
#
|
||
|
@@ -1034,7 +1034,7 @@
|
||
|
#
|
||
|
files {
|
||
|
usersfile = ${confdir}/users
|
||
|
- acctusersfile = ${confdir}/acct_users
|
||
|
+# acctusersfile = ${confdir}/acct_users
|
||
|
|
||
|
# If you want to use the old Cistron 'users' file
|
||
|
# with FreeRADIUS, you should change the next line
|
||
|
@@ -1167,7 +1167,7 @@
|
||
|
# For MS-SQL, use: ${confdir}/mssql.conf
|
||
|
# For Oracle, use: ${confdir}/oraclesql.conf
|
||
|
#
|
||
|
- $INCLUDE ${confdir}/sql.conf
|
||
|
+# $INCLUDE ${confdir}/sql.conf
|
||
|
|
||
|
|
||
|
# For Cisco VoIP specific accounting with Postgresql,
|
||
|
@@ -1535,7 +1535,7 @@
|
||
|
# The entire command line (and output) must fit into 253 bytes.
|
||
|
#
|
||
|
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
|
||
|
- exec
|
||
|
+# exec
|
||
|
|
||
|
#
|
||
|
# The expression module doesn't do authorization,
|
||
|
@@ -1548,7 +1548,7 @@
|
||
|
# listed in any other section. See 'doc/rlm_expr' for
|
||
|
# more information.
|
||
|
#
|
||
|
- expr
|
||
|
+# expr
|
||
|
|
||
|
#
|
||
|
# We add the counter module here so that it registers
|
||
|
@@ -1575,7 +1575,7 @@
|
||
|
# 'raddb/huntgroups' files.
|
||
|
#
|
||
|
# It also adds the %{Client-IP-Address} attribute to the request.
|
||
|
- preprocess
|
||
|
+# preprocess
|
||
|
|
||
|
#
|
||
|
# If you want to have a log of authentication requests,
|
||
|
@@ -1588,7 +1588,7 @@
|
||
|
#
|
||
|
# The chap module will set 'Auth-Type := CHAP' if we are
|
||
|
# handling a CHAP request and Auth-Type has not already been set
|
||
|
- chap
|
||
|
+# chap
|
||
|
|
||
|
#
|
||
|
# If the users are logging in with an MS-CHAP-Challenge
|
||
|
@@ -1596,7 +1596,7 @@
|
||
|
# the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
|
||
|
# to the request, which will cause the server to then use
|
||
|
# the mschap module for authentication.
|
||
|
- mschap
|
||
|
+# mschap
|
||
|
|
||
|
#
|
||
|
# If you have a Cisco SIP server authenticating against
|
||
|
@@ -1616,7 +1616,7 @@
|
||
|
# Otherwise, when the first style of realm doesn't match,
|
||
|
# the other styles won't be checked.
|
||
|
#
|
||
|
- suffix
|
||
|
+# suffix
|
||
|
# ntdomain
|
||
|
|
||
|
#
|
||
|
@@ -1625,11 +1625,11 @@
|
||
|
#
|
||
|
# It also sets the EAP-Type attribute in the request
|
||
|
# attribute list to the EAP type from the packet.
|
||
|
- eap
|
||
|
+# eap
|
||
|
|
||
|
#
|
||
|
# Read the 'users' file
|
||
|
- files
|
||
|
+# files
|
||
|
|
||
|
#
|
||
|
# Look in an SQL database. The schema of the database
|
||
|
@@ -1683,24 +1683,24 @@
|
||
|
# PAP authentication, when a back-end database listed
|
||
|
# in the 'authorize' section supplies a password. The
|
||
|
# password can be clear-text, or encrypted.
|
||
|
- Auth-Type PAP {
|
||
|
- pap
|
||
|
- }
|
||
|
+# Auth-Type PAP {
|
||
|
+# pap
|
||
|
+# }
|
||
|
|
||
|
#
|
||
|
# Most people want CHAP authentication
|
||
|
# A back-end database listed in the 'authorize' section
|
||
|
# MUST supply a CLEAR TEXT password. Encrypted passwords
|
||
|
# won't work.
|
||
|
- Auth-Type CHAP {
|
||
|
- chap
|
||
|
- }
|
||
|
+# Auth-Type CHAP {
|
||
|
+# chap
|
||
|
+# }
|
||
|
|
||
|
#
|
||
|
# MSCHAP authentication.
|
||
|
- Auth-Type MS-CHAP {
|
||
|
- mschap
|
||
|
- }
|
||
|
+# Auth-Type MS-CHAP {
|
||
|
+# mschap
|
||
|
+# }
|
||
|
|
||
|
#
|
||
|
# If you have a Cisco SIP server authenticating against
|
||
|
@@ -1718,7 +1718,7 @@
|
||
|
# containing CHAP-Password attributes CANNOT be authenticated
|
||
|
# against /etc/passwd! See the FAQ for details.
|
||
|
#
|
||
|
- unix
|
||
|
+# unix
|
||
|
|
||
|
# Uncomment it if you want to use ldap for authentication
|
||
|
#
|
||
|
@@ -1731,7 +1731,7 @@
|
||
|
|
||
|
#
|
||
|
# Allow EAP authentication.
|
||
|
- eap
|
||
|
+# eap
|
||
|
}
|
||
|
|
||
|
|
||
|
@@ -1739,12 +1739,12 @@
|
||
|
# Pre-accounting. Decide which accounting type to use.
|
||
|
#
|
||
|
preacct {
|
||
|
- preprocess
|
||
|
+# preprocess
|
||
|
|
||
|
#
|
||
|
# Ensure that we have a semi-unique identifier for every
|
||
|
# request, and many NAS boxes are broken.
|
||
|
- acct_unique
|
||
|
+# acct_unique
|
||
|
|
||
|
#
|
||
|
# Look for IPASS-style 'realm/', and if not found, look for
|
||
|
@@ -1754,12 +1754,12 @@
|
||
|
# Accounting requests are generally proxied to the same
|
||
|
# home server as authentication requests.
|
||
|
# IPASS
|
||
|
- suffix
|
||
|
+# suffix
|
||
|
# ntdomain
|
||
|
|
||
|
#
|
||
|
# Read the 'acct_users' file
|
||
|
- files
|
||
|
+# files
|
||
|
}
|
||
|
|
||
|
#
|
||
|
@@ -1770,20 +1770,20 @@
|
||
|
# Create a 'detail'ed log of the packets.
|
||
|
# Note that accounting requests which are proxied
|
||
|
# are also logged in the detail file.
|
||
|
- detail
|
||
|
+# detail
|
||
|
# daily
|
||
|
|
||
|
# Update the wtmp file
|
||
|
#
|
||
|
# If you don't use "radlast", you can delete this line.
|
||
|
- unix
|
||
|
+# unix
|
||
|
|
||
|
#
|
||
|
# For Simultaneous-Use tracking.
|
||
|
#
|
||
|
# Due to packet losses in the network, the data here
|
||
|
# may be incorrect. There is little we can do about it.
|
||
|
- radutmp
|
||
|
+# radutmp
|
||
|
# sradutmp
|
||
|
|
||
|
# Return an address to the IP Pool when we see a stop record.
|
||
|
@@ -1806,7 +1806,7 @@
|
||
|
# or rlm_sql module can handle this.
|
||
|
# The rlm_sql module is *much* faster
|
||
|
session {
|
||
|
- radutmp
|
||
|
+# radutmp
|
||
|
|
||
|
#
|
||
|
# See "Simultaneous Use Checking Querie" in sql.conf
|
||
|
@@ -1900,5 +1900,5 @@
|
||
|
# hidden inside of the EAP packet, and the end server will
|
||
|
# reject the EAP request.
|
||
|
#
|
||
|
- eap
|
||
|
+# eap
|
||
|
}
|