1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
|
diff -ruN freeradius-1.1.1-old/raddb/eap.conf freeradius-1.1.1-new/raddb/eap.conf
--- freeradius-1.1.1-old/raddb/eap.conf 2006-01-04 15:29:29.000000000 +0100
+++ freeradius-1.1.1-new/raddb/eap.conf 2006-05-22 23:29:11.000000000 +0200
@@ -73,8 +73,8 @@
# User-Password, or the NT-Password attributes.
# 'System' authentication is impossible with LEAP.
#
- leap {
- }
+# leap {
+# }
# Generic Token Card.
#
@@ -87,7 +87,7 @@
# the users password will go over the wire in plain-text,
# for anyone to see.
#
- gtc {
+# gtc {
# The default challenge, which many clients
# ignore..
#challenge = "Password: "
@@ -104,8 +104,8 @@
# configured for the request, and do the
# authentication itself.
#
- auth_type = PAP
- }
+# auth_type = PAP
+# }
## EAP-TLS
#
@@ -283,7 +283,7 @@
# of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
# currently support.
#
- mschapv2 {
- }
+# mschapv2 {
+# }
}
diff -ruN freeradius-1.1.1-old/raddb/radiusd.conf.in freeradius-1.1.1-new/raddb/radiusd.conf.in
--- freeradius-1.1.1-old/raddb/radiusd.conf.in 2006-02-10 16:12:02.000000000 +0100
+++ freeradius-1.1.1-new/raddb/radiusd.conf.in 2006-05-22 23:33:53.000000000 +0200
@@ -31,13 +31,13 @@
# Location of config and logfiles.
confdir = ${raddbdir}
-run_dir = ${localstatedir}/run/radiusd
+run_dir = ${localstatedir}/run
#
# The logging messages for the server are appended to the
# tail of this file.
#
-log_file = ${logdir}/radius.log
+log_file = ${logdir}/radiusd.log
#
# libdir: Where to find the rlm_* modules.
@@ -353,7 +353,7 @@
nospace_pass = no
# The program to execute to do concurrency checks.
-checkrad = ${sbindir}/checkrad
+#checkrad = ${sbindir}/checkrad
# SECURITY CONFIGURATION
#
@@ -425,8 +425,8 @@
#
# allowed values: {no, yes}
#
-proxy_requests = yes
-$INCLUDE ${confdir}/proxy.conf
+proxy_requests = no
+#$INCLUDE ${confdir}/proxy.conf
# CLIENTS CONFIGURATION
@@ -454,7 +454,7 @@
# 'snmp' attribute to 'yes'
#
snmp = no
-$INCLUDE ${confdir}/snmp.conf
+#$INCLUDE ${confdir}/snmp.conf
# THREAD POOL CONFIGURATION
@@ -657,7 +657,7 @@
# For all EAP related authentications.
# Now in another file, because it is very large.
#
-$INCLUDE ${confdir}/eap.conf
+#$INCLUDE ${confdir}/eap.conf
# Microsoft CHAP authentication
#
@@ -1046,8 +1046,8 @@
#
files {
usersfile = ${confdir}/users
- acctusersfile = ${confdir}/acct_users
- preproxy_usersfile = ${confdir}/preproxy_users
+# acctusersfile = ${confdir}/acct_users
+# preproxy_usersfile = ${confdir}/preproxy_users
# If you want to use the old Cistron 'users' file
# with FreeRADIUS, you should change the next line
@@ -1221,7 +1221,7 @@
# For MS-SQL, use: ${confdir}/mssql.conf
# For Oracle, use: ${confdir}/oraclesql.conf
#
- $INCLUDE ${confdir}/sql.conf
+# $INCLUDE ${confdir}/sql.conf
# For Cisco VoIP specific accounting with Postgresql,
@@ -1694,7 +1694,7 @@
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
- exec
+# exec
#
# The expression module doesn't do authorization,
@@ -1707,7 +1707,7 @@
# listed in any other section. See 'doc/rlm_expr' for
# more information.
#
- expr
+# expr
#
# We add the counter module here so that it registers
@@ -1734,7 +1734,7 @@
# 'raddb/huntgroups' files.
#
# It also adds the %{Client-IP-Address} attribute to the request.
- preprocess
+# preprocess
#
# If you want to have a log of authentication requests,
@@ -1747,7 +1747,7 @@
#
# The chap module will set 'Auth-Type := CHAP' if we are
# handling a CHAP request and Auth-Type has not already been set
- chap
+# chap
#
# If the users are logging in with an MS-CHAP-Challenge
@@ -1775,7 +1775,7 @@
# Otherwise, when the first style of realm doesn't match,
# the other styles won't be checked.
#
- suffix
+# suffix
# ntdomain
#
@@ -1784,11 +1784,11 @@
#
# It also sets the EAP-Type attribute in the request
# attribute list to the EAP type from the packet.
- eap
+# eap
#
# Read the 'users' file
- files
+# files
#
# Look in an SQL database. The schema of the database
@@ -1842,24 +1842,24 @@
# PAP authentication, when a back-end database listed
# in the 'authorize' section supplies a password. The
# password can be clear-text, or encrypted.
- Auth-Type PAP {
- pap
- }
+# Auth-Type PAP {
+# pap
+# }
#
# Most people want CHAP authentication
# A back-end database listed in the 'authorize' section
# MUST supply a CLEAR TEXT password. Encrypted passwords
# won't work.
- Auth-Type CHAP {
- chap
- }
+# Auth-Type CHAP {
+# chap
+# }
#
# MSCHAP authentication.
- Auth-Type MS-CHAP {
- mschap
- }
+# Auth-Type MS-CHAP {
+# mschap
+# }
#
# If you have a Cisco SIP server authenticating against
@@ -1877,7 +1877,7 @@
# containing CHAP-Password attributes CANNOT be authenticated
# against /etc/passwd! See the FAQ for details.
#
- unix
+# unix
# Uncomment it if you want to use ldap for authentication
#
@@ -1890,7 +1890,7 @@
#
# Allow EAP authentication.
- eap
+# eap
}
@@ -1898,12 +1898,12 @@
# Pre-accounting. Decide which accounting type to use.
#
preacct {
- preprocess
+# preprocess
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
- acct_unique
+# acct_unique
#
# Look for IPASS-style 'realm/', and if not found, look for
@@ -1913,12 +1913,12 @@
# Accounting requests are generally proxied to the same
# home server as authentication requests.
# IPASS
- suffix
+# suffix
# ntdomain
#
# Read the 'acct_users' file
- files
+# files
}
#
@@ -1929,20 +1929,20 @@
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
- detail
+# detail
# daily
# Update the wtmp file
#
# If you don't use "radlast", you can delete this line.
- unix
+# unix
#
# For Simultaneous-Use tracking.
#
# Due to packet losses in the network, the data here
# may be incorrect. There is little we can do about it.
- radutmp
+# radutmp
# sradutmp
# Return an address to the IP Pool when we see a stop record.
@@ -1970,7 +1970,7 @@
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
- radutmp
+# radutmp
#
# See "Simultaneous Use Checking Querie" in sql.conf
@@ -2073,5 +2073,5 @@
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
- eap
+# eap
}
|
