4 # User-Password, or the NT-Password attributes.
5 # 'System' authentication is impossible with LEAP.
15 # the users password will go over the wire in plain-text,
20 # The default challenge, which many clients
22 #challenge = "Password: "
24 # configured for the request, and do the
25 # authentication itself.
35 # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
44 --- a/raddb/radiusd.conf.in
45 +++ b/raddb/radiusd.conf.in
46 @@ -31,13 +31,13 @@ radacctdir = @radacctdir@
48 # Location of config and logfiles.
50 -run_dir = ${localstatedir}/run/radiusd
51 +run_dir = ${localstatedir}/run
54 # The logging messages for the server are appended to the
57 -log_file = ${logdir}/radius.log
58 +log_file = ${logdir}/radiusd.log
61 # libdir: Where to find the rlm_* modules.
62 @@ -353,7 +353,7 @@ nospace_user = no
65 # The program to execute to do concurrency checks.
66 -checkrad = ${sbindir}/checkrad
67 +#checkrad = ${sbindir}/checkrad
69 # SECURITY CONFIGURATION
71 @@ -425,8 +425,8 @@ security {
73 # allowed values: {no, yes}
76 -$INCLUDE ${confdir}/proxy.conf
78 +#$INCLUDE ${confdir}/proxy.conf
81 # CLIENTS CONFIGURATION
82 @@ -454,7 +454,7 @@ $INCLUDE ${confdir}/clients.conf
83 # 'snmp' attribute to 'yes'
86 -$INCLUDE ${confdir}/snmp.conf
87 +#$INCLUDE ${confdir}/snmp.conf
90 # THREAD POOL CONFIGURATION
91 @@ -665,7 +665,7 @@ modules {
92 # For all EAP related authentications.
93 # Now in another file, because it is very large.
95 -$INCLUDE ${confdir}/eap.conf
96 +#$INCLUDE ${confdir}/eap.conf
98 # Microsoft CHAP authentication
100 @@ -1066,8 +1066,8 @@ $INCLUDE ${confdir}/eap.conf
103 usersfile = ${confdir}/users
104 - acctusersfile = ${confdir}/acct_users
105 - preproxy_usersfile = ${confdir}/preproxy_users
106 +# acctusersfile = ${confdir}/acct_users
107 +# preproxy_usersfile = ${confdir}/preproxy_users
109 # If you want to use the old Cistron 'users' file
110 # with FreeRADIUS, you should change the next line
111 @@ -1253,7 +1253,7 @@ $INCLUDE ${confdir}/eap.conf
112 # For MS-SQL, use: ${confdir}/mssql.conf
113 # For Oracle, use: ${confdir}/oraclesql.conf
115 - $INCLUDE ${confdir}/sql.conf
116 +# $INCLUDE ${confdir}/sql.conf
119 # For Cisco VoIP specific accounting with Postgresql,
120 @@ -1756,7 +1756,7 @@ instantiate {
121 # The entire command line (and output) must fit into 253 bytes.
123 # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
128 # The expression module doesn't do authorization,
129 @@ -1769,7 +1769,7 @@ instantiate {
130 # listed in any other section. See 'doc/rlm_expr' for
137 # We add the counter module here so that it registers
138 @@ -1796,7 +1796,7 @@ authorize {
139 # 'raddb/huntgroups' files.
141 # It also adds the %{Client-IP-Address} attribute to the request.
146 # If you want to have a log of authentication requests,
147 @@ -1809,7 +1809,7 @@ authorize {
149 # The chap module will set 'Auth-Type := CHAP' if we are
150 # handling a CHAP request and Auth-Type has not already been set
155 # If the users are logging in with an MS-CHAP-Challenge
156 @@ -1837,7 +1837,7 @@ authorize {
157 # Otherwise, when the first style of realm doesn't match,
158 # the other styles won't be checked.
165 @@ -1846,11 +1846,11 @@ authorize {
167 # It also sets the EAP-Type attribute in the request
168 # attribute list to the EAP type from the packet.
173 # Read the 'users' file
178 # Look in an SQL database. The schema of the database
179 @@ -1909,24 +1909,24 @@ authenticate {
180 # PAP authentication, when a back-end database listed
181 # in the 'authorize' section supplies a password. The
182 # password can be clear-text, or encrypted.
191 # Most people want CHAP authentication
192 # A back-end database listed in the 'authorize' section
193 # MUST supply a CLEAR TEXT password. Encrypted passwords
203 # MSCHAP authentication.
204 - Auth-Type MS-CHAP {
207 +# Auth-Type MS-CHAP {
212 # If you have a Cisco SIP server authenticating against
213 @@ -1944,7 +1944,7 @@ authenticate {
214 # containing CHAP-Password attributes CANNOT be authenticated
215 # against /etc/passwd! See the FAQ for details.
220 # Uncomment it if you want to use ldap for authentication
222 @@ -1957,7 +1957,7 @@ authenticate {
225 # Allow EAP authentication.
231 @@ -1965,12 +1965,12 @@ authenticate {
232 # Pre-accounting. Decide which accounting type to use.
239 # Ensure that we have a semi-unique identifier for every
240 # request, and many NAS boxes are broken.
245 # Look for IPASS-style 'realm/', and if not found, look for
246 @@ -1980,12 +1980,12 @@ preacct {
247 # Accounting requests are generally proxied to the same
248 # home server as authentication requests.
255 # Read the 'acct_users' file
261 @@ -1996,20 +1996,20 @@ accounting {
262 # Create a 'detail'ed log of the packets.
263 # Note that accounting requests which are proxied
264 # are also logged in the detail file.
269 # Update the wtmp file
271 # If you don't use "radlast", you can delete this line.
276 # For Simultaneous-Use tracking.
278 # Due to packet losses in the network, the data here
279 # may be incorrect. There is little we can do about it.
284 # Return an address to the IP Pool when we see a stop record.
285 @@ -2038,7 +2038,7 @@ accounting {
286 # or rlm_sql module can handle this.
287 # The rlm_sql module is *much* faster
293 # See "Simultaneous Use Checking Querie" in sql.conf
294 @@ -2142,5 +2142,5 @@ post-proxy {
295 # hidden inside of the EAP packet, and the end server will
296 # reject the EAP request.