/[smeserver]/rpms/e-smith-radiusd/sme10/e-smith-radiusd-2.6.0-freeradius3ter.patch
ViewVC logotype

Annotation of /rpms/e-smith-radiusd/sme10/e-smith-radiusd-2.6.0-freeradius3ter.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (hide annotations) (download)
Sun Apr 10 07:30:52 2016 UTC (8 years, 6 months ago) by unnilennium
Branch: MAIN
CVS Tags: e-smith-radiusd-2_6_0-10_el7_sme, e-smith-radiusd-2_6_0-20_el7_sme, e-smith-radiusd-2_6_0-9_el7_sme, e-smith-radiusd-2_6_0-13_el7_sme, e-smith-radiusd-2_6_0-23_el7_sme, e-smith-radiusd-2_6_0-17_el7_sme, e-smith-radiusd-2_6_0-19_el7_sme, e-smith-radiusd-2_6_0-7_el7_sme, e-smith-radiusd-2_6_0-22_el7_sme, e-smith-radiusd-2_6_0-12_el7_sme, e-smith-radiusd-2_6_0-8_el7_sme, e-smith-radiusd-2_6_0-21_el7_sme, e-smith-radiusd-2_6_0-11_el7_sme, e-smith-radiusd-2_6_0-16_el7_sme, e-smith-radiusd-2_6_0-14_el7_sme, e-smith-radiusd-2_6_0-18_el7_sme, e-smith-radiusd-2_6_0-15_el7_sme, HEAD
Changes since 1.1: +2 -2 lines
* Sun Apr 10 2016 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-7.sme
- fix typo [SME: 9425]

1 unnilennium 1.1 diff -Nur e-smith-radiusd-2.6.0.old/createlinks e-smith-radiusd-2.6.0/createlinks
2     --- e-smith-radiusd-2.6.0.old/createlinks 2016-04-07 02:29:43.465000000 -0400
3     +++ e-smith-radiusd-2.6.0/createlinks 2016-04-07 03:04:14.095000000 -0400
4     @@ -28,6 +28,7 @@
5     raddb/mods-available/ldap
6     raddb/mods-available/smbpasswd
7     raddb/sites-available/default
8     + raddb/sites-available/inner-tunnel
9     raddb/proxy.conf
10     radiusclient-ng/servers))
11     {
12     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost
13     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost 2016-04-07 02:29:43.448000000 -0400
14     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost 2016-04-07 02:33:05.760000000 -0400
15     @@ -5,6 +5,7 @@
16     "";
17     }
18     client localhost \{
19     + ipaddr = 127.0.0.1
20     { #
21     # The shared secret use to "encrypt" and "sign" packets between
22     # the NAS and FreeRADIUS. You MUST change this secret from the
23     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init
24     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init 1969-12-31 19:00:00.000000000 -0500
25     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init 2016-04-07 02:40:42.818000000 -0400
26     @@ -0,0 +1,13 @@
27     +{
28     +# -*- text -*-
29     +######################################################################
30     +#
31     +# This is a virtual server that handles *only* inner tunnel
32     +# requests for EAP-TTLS and PEAP types.
33     +#
34 unnilennium 1.2 +# $Id: e-smith-radiusd-2.6.0-freeradius3ter.patch,v 1.1 2016/04/07 07:16:22 unnilennium Exp $
35 unnilennium 1.1 +#
36     +######################################################################
37     +}
38 unnilennium 1.2 +server inner-tunnel \{
39 unnilennium 1.1 +
40     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen
41     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen 1969-12-31 19:00:00.000000000 -0500
42     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen 2016-04-07 02:42:10.419000000 -0400
43     @@ -0,0 +1,27 @@
44     +{
45     +#
46     +# This next section is here to allow testing of the "inner-tunnel"
47     +# authentication methods, independently from the "default" server.
48     +# It is listening on "localhost", so that it can only be used from
49     +# the same machine.
50     +#
51     +# $ radtest USER PASSWORD 127.0.0.1:18120 0 testing123
52     +#
53     +# If it works, you have configured the inner tunnel correctly. To check
54     +# if PEAP will work, use:
55     +#
56     +# $ radtest -t mschap USER PASSWORD 127.0.0.1:18120 0 testing123
57     +#
58     +# If that works, PEAP should work. If that command doesn't work, then
59     +#
60     +# FIX THE INNER TUNNEL CONFIGURATION SO THAT IT WORKS.
61     +#
62     +# Do NOT do any PEAP tests. It won't help. Instead, concentrate
63     +# on fixing the inner tunnel configuration. DO NOTHING ELSE.
64     +#
65     +}
66     +listen \{
67     + ipaddr = 127.0.0.1
68     + port = 18120
69     + type = auth
70     +\}
71     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init
72     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init 1969-12-31 19:00:00.000000000 -0500
73     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init 2016-04-07 02:39:40.963000000 -0400
74     @@ -0,0 +1,11 @@
75     +{
76     +# Authorization. First preprocess (hints and huntgroups files),
77     +# then realms, and finally look in the "users" file.
78     +#
79     +# The order of the realm modules will determine the order that
80     +# we try to find a matching realm.
81     +#
82     +# Make *sure* that 'preprocess' comes before any realm if you
83     +# need to setup hints for the remote radius server
84     +}
85     +authorize \{
86     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default
87     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default 1969-12-31 19:00:00.000000000 -0500
88     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default 2016-04-07 02:53:35.817000000 -0400
89     @@ -0,0 +1,107 @@
90     +{
91     + #
92     + # The chap module will set 'Auth-Type := CHAP' if we are
93     + # handling a CHAP request and Auth-Type has not already been set
94     +} chap
95     +{
96     + #
97     + # If the users are logging in with an MS-CHAP-Challenge
98     + # attribute for authentication, the mschap module will find
99     + # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
100     + # to the request, which will cause the server to then use
101     + # the mschap module for authentication.
102     +} mschap
103     +{
104     + #
105     + # Pull crypt'd passwords from /etc/passwd or /etc/shadow,
106     + # using the system API's to get the password. If you want
107     + # to read /etc/passwd or /etc/shadow directly, see the
108     + # passwd module, above.
109     + #
110     +}# unix
111     +{
112     + #
113     + # Look for IPASS style 'realm/', and if not found, look for
114     + # '@realm', and decide whether or not to proxy, based on
115     + # that.
116     +}# IPASS
117     +{
118     + #
119     + # If you are using multiple kinds of realms, you probably
120     + # want to set "ignore_null = yes" for all of them.
121     + # Otherwise, when the first style of realm doesn't match,
122     + # the other styles won't be checked.
123     + #
124     + # Note that proxying the inner tunnel authentication means
125     + # that the user MAY use one identity in the outer session
126     + # (e.g. "anonymous", and a different one here
127     + # (e.g. "user@example.com"). The inner session will then be
128     + # proxied elsewhere for authentication. If you are not
129     + # careful, this means that the user can cause you to forward
130     + # the authentication to another RADIUS server, and have the
131     + # accounting logs *not* sent to the other server. This makes
132     + # it difficult to bill people for their network activity.
133     + #
134     +} suffix
135     +# ntdomain
136     +{
137     + #
138     + # The "suffix" module takes care of stripping the domain
139     + # (e.g. "@example.com") from the User-Name attribute, and the
140     + # next few lines ensure that the request is not proxied.
141     + #
142     + # If you want the inner tunnel request to be proxied, delete
143     + # the next few lines.
144     + #
145     +
146     +} update control \{
147     + Proxy-To-Realm := LOCAL
148     + \}
149     +{
150     + #
151     + # This module takes care of EAP-MSCHAPv2 authentication.
152     + #
153     + # It also sets the EAP-Type attribute in the request
154     + # attribute list to the EAP type from the packet.
155     + #
156     + # The example below uses module failover to avoid querying all
157     + # of the following modules if the EAP module returns "ok".
158     + # Therefore, your LDAP and/or SQL servers will not be queried
159     + # for the many packets that go back and forth to set up TTLS
160     + # or PEAP. The load on those servers will therefore be reduced.
161     + #
162     +} eap \{
163     + ok = return
164     + \}
165     +{
166     + #
167     + # Read the 'users' file
168     +} files
169     +{
170     + #
171     + # Look in an SQL database. The schema of the database
172     + # is meant to mirror the "users" file.
173     + #
174     + # See "Authorization Queries" in sql.conf
175     +}# -sql
176     + -ldap
177     +{
178     + #
179     + # Enforce daily limits on time spent logged in.
180     +}# daily
181     + expiration
182     + logintime
183     +{
184     + #
185     + # If no other module has claimed responsibility for
186     + # authentication, then try to use PAP. This allows the
187     + # other modules listed above to add a "known good" password
188     + # to the request, and to do nothing else. The PAP module
189     + # will then see that password, and use it to do PAP
190     + # authentication.
191     + #
192     + # This module should be listed last, so that the other modules
193     + # get a chance to set Auth-Type for themselves.
194     + #
195     +} pap
196     +
197     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end
198     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end 1969-12-31 19:00:00.000000000 -0500
199     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end 2016-04-07 02:39:40.963000000 -0400
200     @@ -0,0 +1 @@
201     +\}
202     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup
203     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup 1969-12-31 19:00:00.000000000 -0500
204     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup 2016-04-07 02:39:40.963000000 -0400
205     @@ -0,0 +1,5 @@
206     +{
207     + my @authModules = '';
208     + $OUT = '';
209     +}
210     +
211     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap
212     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap 1969-12-31 19:00:00.000000000 -0500
213     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap 2016-04-07 02:39:40.963000000 -0400
214     @@ -0,0 +1,5 @@
215     +{
216     + push(@authModules, "\tAuth-Type MS-CHAP\{\n\t\tmschap\n\t\}\n");
217     + $OUT = '';
218     +}
219     +
220     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap
221     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap 1969-12-31 19:00:00.000000000 -0500
222     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap 2016-04-07 02:56:10.969000000 -0400
223     @@ -0,0 +1,5 @@
224     +{
225     + push(@authModules, "\tAuth-Type PAP\{\n\t\tpap\n\t\}\n");
226     + $OUT = '';
227     +}
228     +
229     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap
230     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap 1969-12-31 19:00:00.000000000 -0500
231     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap 2016-04-07 02:57:13.246000000 -0400
232     @@ -0,0 +1,5 @@
233     +{
234     + push(@authModules, "\tAuth-Type CHAP\{\n\t\tchap\n\t\}\n");
235     + $OUT = '';
236     +}
237     +
238     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap
239     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap 1969-12-31 19:00:00.000000000 -0500
240     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap 2016-04-07 02:39:40.963000000 -0400
241     @@ -0,0 +1,5 @@
242     +{
243     + push(@authModules, "\tAuth-Type LDAP\{\n\t\tldap\n\t\}\n");
244     + $OUT = '';
245     +}
246     +
247     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap
248     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap 1969-12-31 19:00:00.000000000 -0500
249     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap 2016-04-07 02:39:40.964000000 -0400
250     @@ -0,0 +1,4 @@
251     +{
252     + push(@authModules, "\teap\n");
253     + $OUT = '';
254     +}
255     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process
256     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process 1969-12-31 19:00:00.000000000 -0500
257     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process 2016-04-07 02:39:40.964000000 -0400
258     @@ -0,0 +1,23 @@
259     +{
260     +# Authentication.
261     +#
262     +# This section lists which modules are available for authentication.
263     +# Note that it does NOT mean 'try each module in order'. It means
264     +# that a module from the 'authorize' section adds a configuration
265     +# attribute 'Auth-Type := FOO'. That authentication type is then
266     +# used to pick the apropriate module from the list below.
267     +#
268     +# In general, you SHOULD NOT set the Auth-Type attribute. The server
269     +# will figure it out on its own, and will do the right thing. The
270     +# most common side effect of erroneously setting the Auth-Type
271     +# attribute is that one authentication method will work, but the
272     +# others will not.
273     +#
274     +# The common reasons to set the Auth-Type attribute by hand
275     +# is to either forcibly reject the user, or forcibly accept him.
276     +
277     + $OUT = "authenticate \{\n";
278     + $OUT .= "$_\n" foreach @authModules;
279     + $OUT .= "\}\n";
280     +
281     +}
282     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct
283     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct 1969-12-31 19:00:00.000000000 -0500
284     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct 2016-04-07 02:39:40.964000000 -0400
285     @@ -0,0 +1,47 @@
286     +{
287     +#
288     +# Pre-accounting. Decide which accounting type to use.
289     +#
290     +}preacct \{
291     + preprocess
292     +{
293     + #
294     + # Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets
295     + # into a single 64bit counter Acct-[Input|Output]-Octets64.
296     + #
297     +}# acct_counters64
298     +{
299     + #
300     + # Session start times are *implied* in RADIUS.
301     + # The NAS never sends a "start time". Instead, it sends
302     + # a start packet, *possibly* with an Acct-Delay-Time.
303     + # The server is supposed to conclude that the start time
304     + # was "Acct-Delay-Time" seconds in the past.
305     + #
306     + # The code below creates an explicit start time, which can
307     + # then be used in other modules. It will be *mostly* correct.
308     + # Any errors are due to the 1-second resolution of RADIUS,
309     + # and the possibility that the time on the NAS may be off.
310     + #
311     + # The start time is: NOW - delay - session_length
312     + #
313     +}
314     +# update request {
315     +# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
316     +# }
317     +
318     +{
319     + #
320     + # Ensure that we have a semi-unique identifier for every
321     + # request, and many NAS boxes are broken.
322     +}
323     +
324     + acct_unique
325     +{
326     + # Accounting requests are generally proxied to the same
327     + # home server as authentication requests.
328     +} suffix
329     + ntdomain
330     + files
331     +
332     +\}
333     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init
334     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init 1969-12-31 19:00:00.000000000 -0500
335     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init 2016-04-07 02:39:40.964000000 -0400
336     @@ -0,0 +1,6 @@
337     +{
338     +# Session database, used for checking Simultaneous-Use. Either the radutmp
339     +# or rlm_sql module can handle this.
340     +# The rlm_sql module is *much* faster
341     +}session \{
342     +
343     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default
344     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default 1969-12-31 19:00:00.000000000 -0500
345     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default 2016-04-07 02:59:12.603000000 -0400
346     @@ -0,0 +1,3 @@
347     + radutmp
348     +# sql
349     +
350     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end
351     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end 1969-12-31 19:00:00.000000000 -0500
352     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end 2016-04-07 02:39:40.964000000 -0400
353     @@ -0,0 +1 @@
354     +\}
355     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init
356     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init 1969-12-31 19:00:00.000000000 -0500
357     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init 2016-04-07 02:39:40.964000000 -0400
358     @@ -0,0 +1,8 @@
359     +{
360     +# Post-Authentication
361     +# Once we KNOW that the user has been authenticated, there are
362     +# additional steps we can take.
363     +}post-auth \{
364     + # Get an address from the IP Pool.
365     +# main_pool
366     +
367     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default
368     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default 1969-12-31 19:00:00.000000000 -0500
369     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default 2016-04-07 03:01:40.764000000 -0400
370     @@ -0,0 +1,44 @@
371     +{
372     + # If you want privacy to remain, see the
373     + # Chargeable-User-Identity attribute from RFC 4372.
374     + # If you want to use it just uncomment the line below.
375     +}# cui-inner
376     +{
377     + #
378     + # If you want to have a log of authentication replies,
379     + # un-comment the following line, and enable the
380     + # 'detail reply_log' module.
381     +}# reply_log
382     +{
383     + #
384     + # After authenticating the user, do another SQL query.
385     + #
386     + # See "Authentication Logging Queries" in sql.conf
387     +}# -sql
388     +{
389     + #
390     + # Instead of sending the query to the SQL server,
391     + # write it into a log file.
392     + #
393     +}# sql_log
394     +{
395     + #
396     + # Un-comment the following if you have set
397     + # 'edir_account_policy_check = yes' in the ldap module sub-section of
398     + # the 'modules' section.
399     + #
400     +}# ldap
401     +{
402     + #
403     + # Access-Reject packets are sent through the REJECT sub-section of the
404     + # post-auth section.
405     + #
406     + # Add the ldap module name (or instance) if you have set
407     + # 'edir_account_policy_check = yes' in the ldap module configuration
408     + #
409     +} Post-Auth-Type REJECT \{
410     + # log failed authentications in SQL, too.
411     +# -sql
412     + attr_filter.access_reject
413     + \}
414     +
415     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end
416     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end 1969-12-31 19:00:00.000000000 -0500
417     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end 2016-04-07 02:39:40.964000000 -0400
418     @@ -0,0 +1,26 @@
419     +{
420     + # Remove reply message if the response contains an EAP-Message
421     +} remove_reply_message_if_eap
422     +{
423     + #
424     + # Access-Reject packets are sent through the REJECT sub-section of the
425     + # post-auth section.
426     + #
427     + # Add the ldap module name (or instance) if you have set
428     + # 'edir_account_policy_check = yes' in the ldap module configuration
429     + #
430     +} Post-Auth-Type REJECT \{
431     + # log failed authentications in SQL, too.
432     + #-sql
433     + attr_filter.access_reject
434     +
435     + # Insert EAP-Failure message if the request was
436     + # rejected by policy instead of because of an
437     + # authentication failure
438     + eap
439     +
440     + # Remove reply message if the response contains an EAP-Message
441     + remove_reply_message_if_eap
442     + \}
443     +\}
444     +
445     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy
446     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy 1969-12-31 19:00:00.000000000 -0500
447     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy 2016-04-07 03:02:39.117000000 -0400
448     @@ -0,0 +1,17 @@
449     +pre-proxy \{
450     +{
451     + # Uncomment the following line if you want to change attributes
452     + # as defined in the preproxy_users file.
453     +}# files
454     +{
455     + # Uncomment the following line if you want to filter requests
456     + # sent to remote servers based on the rules defined in the
457     + # 'attrs.pre-proxy' file.
458     +}# attr_filter.pre-proxy
459     +{
460     + # If you want to have a log of packets proxied to a home
461     + # server, un-comment the following line, and the
462     + # 'detail pre_proxy_log' section, above.
463     +}# pre_proxy_log
464     +\}
465     +
466     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy
467     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy 1969-12-31 19:00:00.000000000 -0500
468     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy 2016-04-07 02:39:40.964000000 -0400
469     @@ -0,0 +1,54 @@
470     +{
471     +#
472     +# When the server receives a reply to a request it proxied
473     +# to a home server, the request may be massaged here, in the
474     +# post-proxy stage.
475     +#
476     +}
477     +post-proxy \{
478     +{
479     + # If you want to have a log of replies from a home server,
480     + # un-comment the following line, and the 'detail post_proxy_log'
481     + # section, above.
482     +}# post_proxy_log
483     +{
484     + # Uncomment the following line if you want to filter replies from
485     + # remote proxies based on the rules defined in the 'attrs' file.
486     +}# attr_filter.post-proxy
487     +{
488     + #
489     + # If you are proxying LEAP, you MUST configure the EAP
490     + # module, and you MUST list it here, in the post-proxy
491     + # stage.
492     + #
493     + # You MUST also use the 'nostrip' option in the 'realm'
494     + # configuration. Otherwise, the User-Name attribute
495     + # in the proxied request will not match the user name
496     + # hidden inside of the EAP packet, and the end server will
497     + # reject the EAP request.
498     + #
499     +} eap
500     +{
501     + #
502     + # If the server tries to proxy a request and fails, then the
503     + # request is processed through the modules in this section.
504     + #
505     + # The main use of this section is to permit robust proxying
506     + # of accounting packets. The server can be configured to
507     + # proxy accounting packets as part of normal processing.
508     + # Then, if the home server goes down, accounting packets can
509     + # be logged to a local "detail" file, for processing with
510     + # radrelay. When the home server comes back up, radrelay
511     + # will read the detail file, and send the packets to the
512     + # home server.
513     + #
514     + # With this configuration, the server always responds to
515     + # Accounting-Requests from the NAS, but only writes
516     + # accounting packets to disk if the home server is down.
517     + #
518     +}# Post-Proxy-Type Fail \{
519     +# detail
520     +# \}
521     +\}
522     +
523     +
524     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end
525     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end 1969-12-31 19:00:00.000000000 -0500
526     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end 2016-04-07 02:39:40.964000000 -0400
527     @@ -0,0 +1,7 @@
528     +
529     +\}
530     +{
531     +#
532     +#end of default server
533     +#
534     +}
535     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf
536     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf 2013-02-13 18:00:55.000000000 -0500
537     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf 1969-12-31 19:00:00.000000000 -0500
538     @@ -1,3 +0,0 @@
539     -PERMS=0640
540     -UID="root"
541     -GID="radiusd"
542     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap
543     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap 1969-12-31 19:00:00.000000000 -0500
544     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap 2016-04-07 03:05:38.145000000 -0400
545     @@ -0,0 +1,3 @@
546     +PERMS=0640
547     +UID="root"
548     +GID="radiusd"
549     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap
550     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap 1969-12-31 19:00:00.000000000 -0500
551     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap 2016-04-07 03:05:53.872000000 -0400
552     @@ -0,0 +1,3 @@
553     +PERMS=0640
554     +UID="root"
555     +GID="radiusd"
556     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd
557     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd 1969-12-31 19:00:00.000000000 -0500
558     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd 2016-04-07 03:13:11.491000000 -0400
559     @@ -0,0 +1,3 @@
560     +PERMS=0640
561     +UID="root"
562     +GID="radiusd"
563     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default
564     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default 1969-12-31 19:00:00.000000000 -0500
565     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default 2016-04-07 03:06:03.104000000 -0400
566     @@ -0,0 +1,3 @@
567     +PERMS=0640
568     +UID="root"
569     +GID="radiusd"
570     diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel
571     --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel 1969-12-31 19:00:00.000000000 -0500
572     +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel 2016-04-07 03:06:15.232000000 -0400
573     @@ -0,0 +1,3 @@
574     +PERMS=0640
575     +UID="root"
576     +GID="radiusd"

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed