net/freeradius/patches/002-config.patch

   1 --- a/raddb/eap.conf
   2 +++ b/raddb/eap.conf
   3 @@ -73,8 +73,8 @@
   4                 #  User-Password, or the NT-Password attributes.
   5                 #  'System' authentication is impossible with LEAP.
   6                 #
   7 -               leap {
   8 -               }
   9 +#              leap {
  10 +#              }
  11
  12                 #  Generic Token Card.
  13                 #
  14 @@ -87,7 +87,7 @@
  15                 #  the users password will go over the wire in plain-text,
  16                 #  for anyone to see.
  17                 #
  18 -               gtc {
  19 +#              gtc {
  20                         #  The default challenge, which many clients
  21                         #  ignore..
  22                         #challenge = "Password: "
  23 @@ -104,8 +104,8 @@
  24                         #  configured for the request, and do the
  25                         #  authentication itself.
  26                         #
  27 -                       auth_type = PAP
  28 -               }
  29 +#                      auth_type = PAP
  30 +#              }
  31
  32                 ## EAP-TLS
  33                 #
  34 @@ -336,7 +336,7 @@
  35                 #  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
  36                 #  currently support.
  37                 #
  38 -               mschapv2 {
  39 -               }
  40 +#              mschapv2 {
  41 +#              }
  42         }
  43
  44 --- a/raddb/radiusd.conf.in
  45 +++ b/raddb/radiusd.conf.in
  46 @@ -31,13 +31,13 @@ radacctdir = @radacctdir@
  47
  48  #  Location of config and logfiles.
  49  confdir = ${raddbdir}
  50 -run_dir = ${localstatedir}/run/radiusd
  51 +run_dir = ${localstatedir}/run
  52
  53  #
  54  #  The logging messages for the server are appended to the
  55  #  tail of this file.
  56  #
  57 -log_file = ${logdir}/radius.log
  58 +log_file = ${logdir}/radiusd.log
  59
  60  #
  61  # libdir: Where to find the rlm_* modules.
  62 @@ -353,7 +353,7 @@ nospace_user = no
  63  nospace_pass = no
  64
  65  #  The program to execute to do concurrency checks.
  66 -checkrad = ${sbindir}/checkrad
  67 +#checkrad = ${sbindir}/checkrad
  68
  69  # SECURITY CONFIGURATION
  70  #
  71 @@ -425,8 +425,8 @@ security {
  72  #
  73  #  allowed values: {no, yes}
  74  #
  75 -proxy_requests  = yes
  76 -$INCLUDE  ${confdir}/proxy.conf
  77 +proxy_requests  = no
  78 +#$INCLUDE  ${confdir}/proxy.conf
  79
  80
  81  # CLIENTS CONFIGURATION
  82 @@ -454,7 +454,7 @@ $INCLUDE  ${confdir}/clients.conf
  83  #  'snmp' attribute to 'yes'
  84  #
  85  snmp   = no
  86 -$INCLUDE  ${confdir}/snmp.conf
  87 +#$INCLUDE  ${confdir}/snmp.conf
  88
  89
  90  # THREAD POOL CONFIGURATION
  91 @@ -665,7 +665,7 @@ modules {
  92         #  For all EAP related authentications.
  93         #  Now in another file, because it is very large.
  94         #
  95 -$INCLUDE ${confdir}/eap.conf
  96 +#$INCLUDE ${confdir}/eap.conf
  97
  98         # Microsoft CHAP authentication
  99         #
 100 @@ -1066,8 +1066,8 @@ $INCLUDE ${confdir}/eap.conf
 101         #
 102         files {
 103                 usersfile = ${confdir}/users
 104 -               acctusersfile = ${confdir}/acct_users
 105 -               preproxy_usersfile = ${confdir}/preproxy_users
 106 +#              acctusersfile = ${confdir}/acct_users
 107 +#              preproxy_usersfile = ${confdir}/preproxy_users
 108
 109                 #  If you want to use the old Cistron 'users' file
 110                 #  with FreeRADIUS, you should change the next line
 111 @@ -1253,7 +1253,7 @@ $INCLUDE ${confdir}/eap.conf
 112         #  For MS-SQL, use:             ${confdir}/mssql.conf
 113         #  For Oracle, use:             ${confdir}/oraclesql.conf
 114         #
 115 -       $INCLUDE  ${confdir}/sql.conf
 116 +#      $INCLUDE  ${confdir}/sql.conf
 117
 118
 119         #  For Cisco VoIP specific accounting with Postgresql,
 120 @@ -1756,7 +1756,7 @@ instantiate {
 121         #  The entire command line (and output) must fit into 253 bytes.
 122         #
 123         #  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
 124 -       exec
 125 +#      exec
 126
 127         #
 128         #  The expression module doesn't do authorization,
 129 @@ -1769,7 +1769,7 @@ instantiate {
 130         #  listed in any other section.  See 'doc/rlm_expr' for
 131         #  more information.
 132         #
 133 -       expr
 134 +#      expr
 135
 136         #
 137         # We add the counter module here so that it registers
 138 @@ -1796,7 +1796,7 @@ authorize {
 139         #  'raddb/huntgroups' files.
 140         #
 141         #  It also adds the %{Client-IP-Address} attribute to the request.
 142 -       preprocess
 143 +#      preprocess
 144
 145         #
 146         #  If you want to have a log of authentication requests,
 147 @@ -1809,7 +1809,7 @@ authorize {
 148         #
 149         #  The chap module will set 'Auth-Type := CHAP' if we are
 150         #  handling a CHAP request and Auth-Type has not already been set
 151 -       chap
 152 +#      chap
 153
 154         #
 155         #  If the users are logging in with an MS-CHAP-Challenge
 156 @@ -1837,7 +1837,7 @@ authorize {
 157         #  Otherwise, when the first style of realm doesn't match,
 158         #  the other styles won't be checked.
 159         #
 160 -       suffix
 161 +#      suffix
 162  #      ntdomain
 163
 164         #
 165 @@ -1846,11 +1846,11 @@ authorize {
 166         #
 167         #  It also sets the EAP-Type attribute in the request
 168         #  attribute list to the EAP type from the packet.
 169 -       eap
 170 +#      eap
 171
 172         #
 173         #  Read the 'users' file
 174 -       files
 175 +#      files
 176
 177         #
 178         #  Look in an SQL database.  The schema of the database
 179 @@ -1909,24 +1909,24 @@ authenticate {
 180         #  PAP authentication, when a back-end database listed
 181         #  in the 'authorize' section supplies a password.  The
 182         #  password can be clear-text, or encrypted.
 183 -       Auth-Type PAP {
 184 -               pap
 185 -       }
 186 +#      Auth-Type PAP {
 187 +#              pap
 188 +#      }
 189
 190         #
 191         #  Most people want CHAP authentication
 192         #  A back-end database listed in the 'authorize' section
 193         #  MUST supply a CLEAR TEXT password.  Encrypted passwords
 194         #  won't work.
 195 -       Auth-Type CHAP {
 196 -               chap
 197 -       }
 198 +#      Auth-Type CHAP {
 199 +#              chap
 200 +#      }
 201
 202         #
 203         #  MSCHAP authentication.
 204 -       Auth-Type MS-CHAP {
 205 -               mschap
 206 -       }
 207 +#      Auth-Type MS-CHAP {
 208 +#              mschap
 209 +#      }
 210
 211         #
 212         #  If you have a Cisco SIP server authenticating against
 213 @@ -1944,7 +1944,7 @@ authenticate {
 214         #  containing CHAP-Password attributes CANNOT be authenticated
 215         #  against /etc/passwd!  See the FAQ for details.
 216         #
 217 -       unix
 218 +#      unix
 219
 220         # Uncomment it if you want to use ldap for authentication
 221         #
 222 @@ -1957,7 +1957,7 @@ authenticate {
 223
 224         #
 225         #  Allow EAP authentication.
 226 -       eap
 227 +#      eap
 228  }
 229
 230
 231 @@ -1965,12 +1965,12 @@ authenticate {
 232  #  Pre-accounting.  Decide which accounting type to use.
 233  #
 234  preacct {
 235 -       preprocess
 236 +#      preprocess
 237
 238         #
 239         #  Ensure that we have a semi-unique identifier for every
 240         #  request, and many NAS boxes are broken.
 241 -       acct_unique
 242 +#      acct_unique
 243
 244         #
 245         #  Look for IPASS-style 'realm/', and if not found, look for
 246 @@ -1980,12 +1980,12 @@ preacct {
 247         #  Accounting requests are generally proxied to the same
 248         #  home server as authentication requests.
 249  #      IPASS
 250 -       suffix
 251 +#      suffix
 252  #      ntdomain
 253
 254         #
 255         #  Read the 'acct_users' file
 256 -       files
 257 +#      files
 258  }
 259
 260  #
 261 @@ -1996,20 +1996,20 @@ accounting {
 262         #  Create a 'detail'ed log of the packets.
 263         #  Note that accounting requests which are proxied
 264         #  are also logged in the detail file.
 265 -       detail
 266 +#      detail
 267  #      daily
 268
 269         #  Update the wtmp file
 270         #
 271         #  If you don't use "radlast", you can delete this line.
 272 -       unix
 273 +#      unix
 274
 275         #
 276         #  For Simultaneous-Use tracking.
 277         #
 278         #  Due to packet losses in the network, the data here
 279         #  may be incorrect.  There is little we can do about it.
 280 -       radutmp
 281 +#      radutmp
 282  #      sradutmp
 283
 284         #  Return an address to the IP Pool when we see a stop record.
 285 @@ -2038,7 +2038,7 @@ accounting {
 286  #  or rlm_sql module can handle this.
 287  #  The rlm_sql module is *much* faster
 288  session {
 289 -       radutmp
 290 +#      radutmp
 291
 292         #
 293         #  See "Simultaneous Use Checking Querie" in sql.conf
 294 @@ -2142,5 +2142,5 @@ post-proxy {
 295         #  hidden inside of the EAP packet, and the end server will
 296         #  reject the EAP request.
 297         #
 298 -       eap
 299 +#      eap
 300  }