port freeradius to buildroot-ng
[openwrt/svn-archive/archive.git] / net / freeradius / patches / 02-freeradius-1.1.1-config.patch
1 diff -ruN freeradius-1.1.1-old/raddb/eap.conf freeradius-1.1.1-new/raddb/eap.conf
2 --- freeradius-1.1.1-old/raddb/eap.conf 2006-01-04 15:29:29.000000000 +0100
3 +++ freeradius-1.1.1-new/raddb/eap.conf 2006-05-22 23:29:11.000000000 +0200
4 @@ -73,8 +73,8 @@
5 # User-Password, or the NT-Password attributes.
6 # 'System' authentication is impossible with LEAP.
7 #
8 - leap {
9 - }
10 +# leap {
11 +# }
12
13 # Generic Token Card.
14 #
15 @@ -87,7 +87,7 @@
16 # the users password will go over the wire in plain-text,
17 # for anyone to see.
18 #
19 - gtc {
20 +# gtc {
21 # The default challenge, which many clients
22 # ignore..
23 #challenge = "Password: "
24 @@ -104,8 +104,8 @@
25 # configured for the request, and do the
26 # authentication itself.
27 #
28 - auth_type = PAP
29 - }
30 +# auth_type = PAP
31 +# }
32
33 ## EAP-TLS
34 #
35 @@ -283,7 +283,7 @@
36 # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
37 # currently support.
38 #
39 - mschapv2 {
40 - }
41 +# mschapv2 {
42 +# }
43 }
44
45 diff -ruN freeradius-1.1.1-old/raddb/radiusd.conf.in freeradius-1.1.1-new/raddb/radiusd.conf.in
46 --- freeradius-1.1.1-old/raddb/radiusd.conf.in 2006-02-10 16:12:02.000000000 +0100
47 +++ freeradius-1.1.1-new/raddb/radiusd.conf.in 2006-05-22 23:33:53.000000000 +0200
48 @@ -31,13 +31,13 @@
49
50 # Location of config and logfiles.
51 confdir = ${raddbdir}
52 -run_dir = ${localstatedir}/run/radiusd
53 +run_dir = ${localstatedir}/run
54
55 #
56 # The logging messages for the server are appended to the
57 # tail of this file.
58 #
59 -log_file = ${logdir}/radius.log
60 +log_file = ${logdir}/radiusd.log
61
62 #
63 # libdir: Where to find the rlm_* modules.
64 @@ -353,7 +353,7 @@
65 nospace_pass = no
66
67 # The program to execute to do concurrency checks.
68 -checkrad = ${sbindir}/checkrad
69 +#checkrad = ${sbindir}/checkrad
70
71 # SECURITY CONFIGURATION
72 #
73 @@ -425,8 +425,8 @@
74 #
75 # allowed values: {no, yes}
76 #
77 -proxy_requests = yes
78 -$INCLUDE ${confdir}/proxy.conf
79 +proxy_requests = no
80 +#$INCLUDE ${confdir}/proxy.conf
81
82
83 # CLIENTS CONFIGURATION
84 @@ -454,7 +454,7 @@
85 # 'snmp' attribute to 'yes'
86 #
87 snmp = no
88 -$INCLUDE ${confdir}/snmp.conf
89 +#$INCLUDE ${confdir}/snmp.conf
90
91
92 # THREAD POOL CONFIGURATION
93 @@ -657,7 +657,7 @@
94 # For all EAP related authentications.
95 # Now in another file, because it is very large.
96 #
97 -$INCLUDE ${confdir}/eap.conf
98 +#$INCLUDE ${confdir}/eap.conf
99
100 # Microsoft CHAP authentication
101 #
102 @@ -1046,8 +1046,8 @@
103 #
104 files {
105 usersfile = ${confdir}/users
106 - acctusersfile = ${confdir}/acct_users
107 - preproxy_usersfile = ${confdir}/preproxy_users
108 +# acctusersfile = ${confdir}/acct_users
109 +# preproxy_usersfile = ${confdir}/preproxy_users
110
111 # If you want to use the old Cistron 'users' file
112 # with FreeRADIUS, you should change the next line
113 @@ -1221,7 +1221,7 @@
114 # For MS-SQL, use: ${confdir}/mssql.conf
115 # For Oracle, use: ${confdir}/oraclesql.conf
116 #
117 - $INCLUDE ${confdir}/sql.conf
118 +# $INCLUDE ${confdir}/sql.conf
119
120
121 # For Cisco VoIP specific accounting with Postgresql,
122 @@ -1694,7 +1694,7 @@
123 # The entire command line (and output) must fit into 253 bytes.
124 #
125 # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
126 - exec
127 +# exec
128
129 #
130 # The expression module doesn't do authorization,
131 @@ -1707,7 +1707,7 @@
132 # listed in any other section. See 'doc/rlm_expr' for
133 # more information.
134 #
135 - expr
136 +# expr
137
138 #
139 # We add the counter module here so that it registers
140 @@ -1734,7 +1734,7 @@
141 # 'raddb/huntgroups' files.
142 #
143 # It also adds the %{Client-IP-Address} attribute to the request.
144 - preprocess
145 +# preprocess
146
147 #
148 # If you want to have a log of authentication requests,
149 @@ -1747,7 +1747,7 @@
150 #
151 # The chap module will set 'Auth-Type := CHAP' if we are
152 # handling a CHAP request and Auth-Type has not already been set
153 - chap
154 +# chap
155
156 #
157 # If the users are logging in with an MS-CHAP-Challenge
158 @@ -1775,7 +1775,7 @@
159 # Otherwise, when the first style of realm doesn't match,
160 # the other styles won't be checked.
161 #
162 - suffix
163 +# suffix
164 # ntdomain
165
166 #
167 @@ -1784,11 +1784,11 @@
168 #
169 # It also sets the EAP-Type attribute in the request
170 # attribute list to the EAP type from the packet.
171 - eap
172 +# eap
173
174 #
175 # Read the 'users' file
176 - files
177 +# files
178
179 #
180 # Look in an SQL database. The schema of the database
181 @@ -1842,24 +1842,24 @@
182 # PAP authentication, when a back-end database listed
183 # in the 'authorize' section supplies a password. The
184 # password can be clear-text, or encrypted.
185 - Auth-Type PAP {
186 - pap
187 - }
188 +# Auth-Type PAP {
189 +# pap
190 +# }
191
192 #
193 # Most people want CHAP authentication
194 # A back-end database listed in the 'authorize' section
195 # MUST supply a CLEAR TEXT password. Encrypted passwords
196 # won't work.
197 - Auth-Type CHAP {
198 - chap
199 - }
200 +# Auth-Type CHAP {
201 +# chap
202 +# }
203
204 #
205 # MSCHAP authentication.
206 - Auth-Type MS-CHAP {
207 - mschap
208 - }
209 +# Auth-Type MS-CHAP {
210 +# mschap
211 +# }
212
213 #
214 # If you have a Cisco SIP server authenticating against
215 @@ -1877,7 +1877,7 @@
216 # containing CHAP-Password attributes CANNOT be authenticated
217 # against /etc/passwd! See the FAQ for details.
218 #
219 - unix
220 +# unix
221
222 # Uncomment it if you want to use ldap for authentication
223 #
224 @@ -1890,7 +1890,7 @@
225
226 #
227 # Allow EAP authentication.
228 - eap
229 +# eap
230 }
231
232
233 @@ -1898,12 +1898,12 @@
234 # Pre-accounting. Decide which accounting type to use.
235 #
236 preacct {
237 - preprocess
238 +# preprocess
239
240 #
241 # Ensure that we have a semi-unique identifier for every
242 # request, and many NAS boxes are broken.
243 - acct_unique
244 +# acct_unique
245
246 #
247 # Look for IPASS-style 'realm/', and if not found, look for
248 @@ -1913,12 +1913,12 @@
249 # Accounting requests are generally proxied to the same
250 # home server as authentication requests.
251 # IPASS
252 - suffix
253 +# suffix
254 # ntdomain
255
256 #
257 # Read the 'acct_users' file
258 - files
259 +# files
260 }
261
262 #
263 @@ -1929,20 +1929,20 @@
264 # Create a 'detail'ed log of the packets.
265 # Note that accounting requests which are proxied
266 # are also logged in the detail file.
267 - detail
268 +# detail
269 # daily
270
271 # Update the wtmp file
272 #
273 # If you don't use "radlast", you can delete this line.
274 - unix
275 +# unix
276
277 #
278 # For Simultaneous-Use tracking.
279 #
280 # Due to packet losses in the network, the data here
281 # may be incorrect. There is little we can do about it.
282 - radutmp
283 +# radutmp
284 # sradutmp
285
286 # Return an address to the IP Pool when we see a stop record.
287 @@ -1970,7 +1970,7 @@
288 # or rlm_sql module can handle this.
289 # The rlm_sql module is *much* faster
290 session {
291 - radutmp
292 +# radutmp
293
294 #
295 # See "Simultaneous Use Checking Querie" in sql.conf
296 @@ -2073,5 +2073,5 @@
297 # hidden inside of the EAP packet, and the end server will
298 # reject the EAP request.
299 #
300 - eap
301 +# eap
302 }