openwrt/package/freeradius/patches/02-freeradius-1.1.1-config.patch

   1 diff -ruN freeradius-1.1.1-old/raddb/eap.conf freeradius-1.1.1-new/raddb/eap.conf
   2 --- freeradius-1.1.1-old/raddb/eap.conf 2006-01-04 15:29:29.000000000 +0100
   3 +++ freeradius-1.1.1-new/raddb/eap.conf 2006-05-22 23:29:11.000000000 +0200
   4 @@ -73,8 +73,8 @@
   5                 #  User-Password, or the NT-Password attributes.
   6                 #  'System' authentication is impossible with LEAP.
   7                 #
   8 -               leap {
   9 -               }
  10 +#              leap {
  11 +#              }
  12
  13                 #  Generic Token Card.
  14                 #
  15 @@ -87,7 +87,7 @@
  16                 #  the users password will go over the wire in plain-text,
  17                 #  for anyone to see.
  18                 #
  19 -               gtc {
  20 +#              gtc {
  21                         #  The default challenge, which many clients
  22                         #  ignore..
  23                         #challenge = "Password: "
  24 @@ -104,8 +104,8 @@
  25                         #  configured for the request, and do the
  26                         #  authentication itself.
  27                         #
  28 -                       auth_type = PAP
  29 -               }
  30 +#                      auth_type = PAP
  31 +#              }
  32
  33                 ## EAP-TLS
  34                 #
  35 @@ -283,7 +283,7 @@
  36                 #  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
  37                 #  currently support.
  38                 #
  39 -               mschapv2 {
  40 -               }
  41 +#              mschapv2 {
  42 +#              }
  43         }
  44
  45 diff -ruN freeradius-1.1.1-old/raddb/radiusd.conf.in freeradius-1.1.1-new/raddb/radiusd.conf.in
  46 --- freeradius-1.1.1-old/raddb/radiusd.conf.in  2006-02-10 16:12:02.000000000 +0100
  47 +++ freeradius-1.1.1-new/raddb/radiusd.conf.in  2006-05-22 23:33:53.000000000 +0200
  48 @@ -31,13 +31,13 @@
  49
  50  #  Location of config and logfiles.
  51  confdir = ${raddbdir}
  52 -run_dir = ${localstatedir}/run/radiusd
  53 +run_dir = ${localstatedir}/run
  54
  55  #
  56  #  The logging messages for the server are appended to the
  57  #  tail of this file.
  58  #
  59 -log_file = ${logdir}/radius.log
  60 +log_file = ${logdir}/radiusd.log
  61
  62  #
  63  # libdir: Where to find the rlm_* modules.
  64 @@ -353,7 +353,7 @@
  65  nospace_pass = no
  66
  67  #  The program to execute to do concurrency checks.
  68 -checkrad = ${sbindir}/checkrad
  69 +#checkrad = ${sbindir}/checkrad
  70
  71  # SECURITY CONFIGURATION
  72  #
  73 @@ -425,8 +425,8 @@
  74  #
  75  #  allowed values: {no, yes}
  76  #
  77 -proxy_requests  = yes
  78 -$INCLUDE  ${confdir}/proxy.conf
  79 +proxy_requests  = no
  80 +#$INCLUDE  ${confdir}/proxy.conf
  81
  82
  83  # CLIENTS CONFIGURATION
  84 @@ -454,7 +454,7 @@
  85  #  'snmp' attribute to 'yes'
  86  #
  87  snmp   = no
  88 -$INCLUDE  ${confdir}/snmp.conf
  89 +#$INCLUDE  ${confdir}/snmp.conf
  90
  91
  92  # THREAD POOL CONFIGURATION
  93 @@ -657,7 +657,7 @@
  94         #  For all EAP related authentications.
  95         #  Now in another file, because it is very large.
  96         #
  97 -$INCLUDE ${confdir}/eap.conf
  98 +#$INCLUDE ${confdir}/eap.conf
  99
 100         # Microsoft CHAP authentication
 101         #
 102 @@ -1046,8 +1046,8 @@
 103         #
 104         files {
 105                 usersfile = ${confdir}/users
 106 -               acctusersfile = ${confdir}/acct_users
 107 -               preproxy_usersfile = ${confdir}/preproxy_users
 108 +#              acctusersfile = ${confdir}/acct_users
 109 +#              preproxy_usersfile = ${confdir}/preproxy_users
 110
 111                 #  If you want to use the old Cistron 'users' file
 112                 #  with FreeRADIUS, you should change the next line
 113 @@ -1221,7 +1221,7 @@
 114         #  For MS-SQL, use:             ${confdir}/mssql.conf
 115         #  For Oracle, use:             ${confdir}/oraclesql.conf
 116         #
 117 -       $INCLUDE  ${confdir}/sql.conf
 118 +#      $INCLUDE  ${confdir}/sql.conf
 119
 120
 121         #  For Cisco VoIP specific accounting with Postgresql,
 122 @@ -1694,7 +1694,7 @@
 123         #  The entire command line (and output) must fit into 253 bytes.
 124         #
 125         #  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
 126 -       exec
 127 +#      exec
 128
 129         #
 130         #  The expression module doesn't do authorization,
 131 @@ -1707,7 +1707,7 @@
 132         #  listed in any other section.  See 'doc/rlm_expr' for
 133         #  more information.
 134         #
 135 -       expr
 136 +#      expr
 137
 138         #
 139         # We add the counter module here so that it registers
 140 @@ -1734,7 +1734,7 @@
 141         #  'raddb/huntgroups' files.
 142         #
 143         #  It also adds the %{Client-IP-Address} attribute to the request.
 144 -       preprocess
 145 +#      preprocess
 146
 147         #
 148         #  If you want to have a log of authentication requests,
 149 @@ -1747,7 +1747,7 @@
 150         #
 151         #  The chap module will set 'Auth-Type := CHAP' if we are
 152         #  handling a CHAP request and Auth-Type has not already been set
 153 -       chap
 154 +#      chap
 155
 156         #
 157         #  If the users are logging in with an MS-CHAP-Challenge
 158 @@ -1775,7 +1775,7 @@
 159         #  Otherwise, when the first style of realm doesn't match,
 160         #  the other styles won't be checked.
 161         #
 162 -       suffix
 163 +#      suffix
 164  #      ntdomain
 165
 166         #
 167 @@ -1784,11 +1784,11 @@
 168         #
 169         #  It also sets the EAP-Type attribute in the request
 170         #  attribute list to the EAP type from the packet.
 171 -       eap
 172 +#      eap
 173
 174         #
 175         #  Read the 'users' file
 176 -       files
 177 +#      files
 178
 179         #
 180         #  Look in an SQL database.  The schema of the database
 181 @@ -1842,24 +1842,24 @@
 182         #  PAP authentication, when a back-end database listed
 183         #  in the 'authorize' section supplies a password.  The
 184         #  password can be clear-text, or encrypted.
 185 -       Auth-Type PAP {
 186 -               pap
 187 -       }
 188 +#      Auth-Type PAP {
 189 +#              pap
 190 +#      }
 191
 192         #
 193         #  Most people want CHAP authentication
 194         #  A back-end database listed in the 'authorize' section
 195         #  MUST supply a CLEAR TEXT password.  Encrypted passwords
 196         #  won't work.
 197 -       Auth-Type CHAP {
 198 -               chap
 199 -       }
 200 +#      Auth-Type CHAP {
 201 +#              chap
 202 +#      }
 203
 204         #
 205         #  MSCHAP authentication.
 206 -       Auth-Type MS-CHAP {
 207 -               mschap
 208 -       }
 209 +#      Auth-Type MS-CHAP {
 210 +#              mschap
 211 +#      }
 212
 213         #
 214         #  If you have a Cisco SIP server authenticating against
 215 @@ -1877,7 +1877,7 @@
 216         #  containing CHAP-Password attributes CANNOT be authenticated
 217         #  against /etc/passwd!  See the FAQ for details.
 218         #
 219 -       unix
 220 +#      unix
 221
 222         # Uncomment it if you want to use ldap for authentication
 223         #
 224 @@ -1890,7 +1890,7 @@
 225
 226         #
 227         #  Allow EAP authentication.
 228 -       eap
 229 +#      eap
 230  }
 231
 232
 233 @@ -1898,12 +1898,12 @@
 234  #  Pre-accounting.  Decide which accounting type to use.
 235  #
 236  preacct {
 237 -       preprocess
 238 +#      preprocess
 239
 240         #
 241         #  Ensure that we have a semi-unique identifier for every
 242         #  request, and many NAS boxes are broken.
 243 -       acct_unique
 244 +#      acct_unique
 245
 246         #
 247         #  Look for IPASS-style 'realm/', and if not found, look for
 248 @@ -1913,12 +1913,12 @@
 249         #  Accounting requests are generally proxied to the same
 250         #  home server as authentication requests.
 251  #      IPASS
 252 -       suffix
 253 +#      suffix
 254  #      ntdomain
 255
 256         #
 257         #  Read the 'acct_users' file
 258 -       files
 259 +#      files
 260  }
 261
 262  #
 263 @@ -1929,20 +1929,20 @@
 264         #  Create a 'detail'ed log of the packets.
 265         #  Note that accounting requests which are proxied
 266         #  are also logged in the detail file.
 267 -       detail
 268 +#      detail
 269  #      daily
 270
 271         #  Update the wtmp file
 272         #
 273         #  If you don't use "radlast", you can delete this line.
 274 -       unix
 275 +#      unix
 276
 277         #
 278         #  For Simultaneous-Use tracking.
 279         #
 280         #  Due to packet losses in the network, the data here
 281         #  may be incorrect.  There is little we can do about it.
 282 -       radutmp
 283 +#      radutmp
 284  #      sradutmp
 285
 286         #  Return an address to the IP Pool when we see a stop record.
 287 @@ -1970,7 +1970,7 @@
 288  #  or rlm_sql module can handle this.
 289  #  The rlm_sql module is *much* faster
 290  session {
 291 -       radutmp
 292 +#      radutmp
 293
 294         #
 295         #  See "Simultaneous Use Checking Querie" in sql.conf
 296 @@ -2073,5 +2073,5 @@
 297         #  hidden inside of the EAP packet, and the end server will
 298         #  reject the EAP request.
 299         #
 300 -       eap
 301 +#      eap
 302  }