e-smith-radiusd/sme10/e-smith-radiusd-2.6.0-freeradius3ter.patch

diff -Nur e-smith-radiusd-2.6.0.old/createlinks e-smith-radiusd-2.6.0/createlinks
--- e-smith-radiusd-2.6.0.old/createlinks       2016-04-07 02:29:43.465000000 -0400
+++ e-smith-radiusd-2.6.0/createlinks   2016-04-07 03:04:14.095000000 -0400
@@ -28,6 +28,7 @@
     raddb/mods-available/ldap
     raddb/mods-available/smbpasswd
     raddb/sites-available/default
+    raddb/sites-available/inner-tunnel
     raddb/proxy.conf
     radiusclient-ng/servers))
 {
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost     2016-04-07 02:29:43.448000000 -0400
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost 2016-04-07 02:33:05.760000000 -0400
@@ -5,6 +5,7 @@
     "";
 }
 client localhost \{
+       ipaddr = 127.0.0.1
 {      #
        #  The shared secret use to "encrypt" and "sign" packets between
        #  the NAS and FreeRADIUS.  You MUST change this secret from the
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init  1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init      2016-04-07 02:40:42.818000000 -0400
@@ -0,0 +1,13 @@
+{
+# -*- text -*-
+######################################################################
+#
+#       This is a virtual server that handles *only* inner tunnel
+#       requests for EAP-TTLS and PEAP types.
+#
+#       $Id: e-smith-radiusd-2.6.0-freeradius3ter.patch,v 1.1 2016/04/07 07:16:22 unnilennium Exp $
+#
+######################################################################
+}
+server inner-tunnel \{
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen        1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen    2016-04-07 02:42:10.419000000 -0400
@@ -0,0 +1,27 @@
+{
+#
+#  This next section is here to allow testing of the "inner-tunnel"
+#  authentication methods, independently from the "default" server.
+#  It is listening on "localhost", so that it can only be used from
+#  the same machine.
+#
+#       $ radtest USER PASSWORD 127.0.0.1:18120 0 testing123
+#
+#  If it works, you have configured the inner tunnel correctly.  To check
+#  if PEAP will work, use:
+#
+#       $ radtest -t mschap USER PASSWORD 127.0.0.1:18120 0 testing123
+#
+#  If that works, PEAP should work.  If that command doesn't work, then
+#
+#       FIX THE INNER TUNNEL CONFIGURATION SO THAT IT WORKS.
+#
+#  Do NOT do any PEAP tests.  It won't help.  Instead, concentrate
+#  on fixing the inner tunnel configuration.  DO NOTHING ELSE.
+#
+}
+listen \{
+       ipaddr = 127.0.0.1
+       port = 18120
+       type = auth
+\}
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init   1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init       2016-04-07 02:39:40.963000000 -0400
@@ -0,0 +1,11 @@
+{
+#  Authorization. First preprocess (hints and huntgroups files),
+#  then realms, and finally look in the "users" file.
+#
+#  The order of the realm modules will determine the order that
+#  we try to find a matching realm.
+#
+#  Make *sure* that 'preprocess' comes before any realm if you 
+#  need to setup hints for the remote radius server
+}
+authorize \{
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default        1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default    2016-04-07 02:53:35.817000000 -0400
@@ -0,0 +1,107 @@
+{
+        #
+        #  The chap module will set 'Auth-Type := CHAP' if we are
+        #  handling a CHAP request and Auth-Type has not already been set
+}        chap
+{
+        #
+        #  If the users are logging in with an MS-CHAP-Challenge
+        #  attribute for authentication, the mschap module will find
+        #  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
+        #  to the request, which will cause the server to then use
+        #  the mschap module for authentication.
+}        mschap
+{
+        #
+        #  Pull crypt'd passwords from /etc/passwd or /etc/shadow,
+        #  using the system API's to get the password.  If you want
+        #  to read /etc/passwd or /etc/shadow directly, see the
+        #  passwd module, above.
+        #
+}#       unix
+{
+        #
+        #  Look for IPASS style 'realm/', and if not found, look for
+        #  '@realm', and decide whether or not to proxy, based on
+        #  that.
+}#       IPASS
+{
+        #
+        #  If you are using multiple kinds of realms, you probably
+        #  want to set "ignore_null = yes" for all of them.
+        #  Otherwise, when the first style of realm doesn't match,
+        #  the other styles won't be checked.
+        #
+        #  Note that proxying the inner tunnel authentication means
+        #  that the user MAY use one identity in the outer session
+        #  (e.g. "anonymous", and a different one here
+        #  (e.g. "user@example.com").  The inner session will then be
+        #  proxied elsewhere for authentication.  If you are not
+        #  careful, this means that the user can cause you to forward
+        #  the authentication to another RADIUS server, and have the
+        #  accounting logs *not* sent to the other server.  This makes
+        #  it difficult to bill people for their network activity.
+        #
+}        suffix
+#       ntdomain
+{
+        #
+        #  The "suffix" module takes care of stripping the domain
+        #  (e.g. "@example.com") from the User-Name attribute, and the
+        #  next few lines ensure that the request is not proxied.
+        #
+        #  If you want the inner tunnel request to be proxied, delete
+        #  the next few lines.
+        #
+
+}        update control \{
+               Proxy-To-Realm := LOCAL
+        \}
+{
+        #
+        #  This module takes care of EAP-MSCHAPv2 authentication.
+        #
+        #  It also sets the EAP-Type attribute in the request
+        #  attribute list to the EAP type from the packet.
+        #
+        #  The example below uses module failover to avoid querying all
+        #  of the following modules if the EAP module returns "ok".
+        #  Therefore, your LDAP and/or SQL servers will not be queried
+        #  for the many packets that go back and forth to set up TTLS
+        #  or PEAP.  The load on those servers will therefore be reduced.
+        #
+}        eap \{
+                ok = return
+        \}
+{
+        #
+        #  Read the 'users' file
+}       files
+{
+        #
+        #  Look in an SQL database.  The schema of the database
+        #  is meant to mirror the "users" file.
+        #
+        #  See "Authorization Queries" in sql.conf
+}#       -sql
+        -ldap
+{
+        #
+        #  Enforce daily limits on time spent logged in.
+}#       daily
+        expiration
+        logintime
+{
+        #
+        #  If no other module has claimed responsibility for
+        #  authentication, then try to use PAP.  This allows the
+        #  other modules listed above to add a "known good" password
+        #  to the request, and to do nothing else.  The PAP module
+        #  will then see that password, and use it to do PAP
+        #  authentication.
+        #
+        #  This module should be listed last, so that the other modules
+        #  get a chance to set Auth-Type for themselves.
+        #
+}        pap
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end    1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end        2016-04-07 02:39:40.963000000 -0400
@@ -0,0 +1 @@
+\}
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup   1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup       2016-04-07 02:39:40.963000000 -0400
@@ -0,0 +1,5 @@
+{
+    my @authModules = '';
+    $OUT = '';
+}
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap      1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap  2016-04-07 02:39:40.963000000 -0400
@@ -0,0 +1,5 @@
+{
+    push(@authModules, "\tAuth-Type MS-CHAP\{\n\t\tmschap\n\t\}\n");
+    $OUT = '';
+}
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap     1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap 2016-04-07 02:56:10.969000000 -0400
@@ -0,0 +1,5 @@
+{
+    push(@authModules, "\tAuth-Type PAP\{\n\t\tpap\n\t\}\n");
+    $OUT = '';
+}
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap    1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap        2016-04-07 02:57:13.246000000 -0400
@@ -0,0 +1,5 @@
+{
+    push(@authModules, "\tAuth-Type CHAP\{\n\t\tchap\n\t\}\n");
+    $OUT = '';
+}
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap    1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap        2016-04-07 02:39:40.963000000 -0400
@@ -0,0 +1,5 @@
+{
+    push(@authModules, "\tAuth-Type LDAP\{\n\t\tldap\n\t\}\n");
+    $OUT = '';
+}
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap 1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap     2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1,4 @@
+{
+    push(@authModules, "\teap\n");
+    $OUT = '';
+}
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process 1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process     2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1,23 @@
+{
+#  Authentication.
+#
+#  This section lists which modules are available for authentication.
+#  Note that it does NOT mean 'try each module in order'.  It means
+#  that a module from the 'authorize' section adds a configuration
+#  attribute 'Auth-Type := FOO'.  That authentication type is then
+#  used to pick the apropriate module from the list below.
+#
+#  In general, you SHOULD NOT set the Auth-Type attribute.  The server
+#  will figure it out on its own, and will do the right thing.  The
+#  most common side effect of erroneously setting the Auth-Type
+#  attribute is that one authentication method will work, but the
+#  others will not.
+#
+#  The common reasons to set the Auth-Type attribute by hand
+#  is to either forcibly reject the user, or forcibly accept him.
+
+    $OUT = "authenticate \{\n";
+    $OUT .= "$_\n" foreach @authModules;
+    $OUT .= "\}\n";
+
+}
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct       1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct   2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1,47 @@
+{
+#
+#  Pre-accounting.  Decide which accounting type to use.
+#
+}preacct \{
+       preprocess
+{
+        #
+        #  Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets
+        #  into a single 64bit counter Acct-[Input|Output]-Octets64.
+        #
+}#       acct_counters64
+{
+        #
+        #  Session start times are *implied* in RADIUS.
+        #  The NAS never sends a "start time".  Instead, it sends
+        #  a start packet, *possibly* with an Acct-Delay-Time.
+        #  The server is supposed to conclude that the start time
+        #  was "Acct-Delay-Time" seconds in the past.
+        #
+        #  The code below creates an explicit start time, which can
+        #  then be used in other modules.  It will be *mostly* correct.
+        #  Any errors are due to the 1-second resolution of RADIUS,
+        #  and the possibility that the time on the NAS may be off.
+        #
+        #  The start time is: NOW - delay - session_length
+        #
+}
+#       update request {
+#               FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
+#       }
+
+{
+        #
+        #  Ensure that we have a semi-unique identifier for every
+        #  request, and many NAS boxes are broken.
+}
+       
+        acct_unique
+{
+       #  Accounting requests are generally proxied to the same
+       #  home server as authentication requests.
+}      suffix
+       ntdomain
+        files
+
+\}
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init 1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init     2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1,6 @@
+{
+#  Session database, used for checking Simultaneous-Use. Either the radutmp
+#  or rlm_sql module can handle this.
+#  The rlm_sql module is *much* faster
+}session \{
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default      1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default  2016-04-07 02:59:12.603000000 -0400
@@ -0,0 +1,3 @@
+        radutmp
+#       sql
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end  1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end      2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1 @@
+\}
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init        1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init    2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1,8 @@
+{
+#  Post-Authentication
+#  Once we KNOW that the user has been authenticated, there are
+#  additional steps we can take.
+}post-auth \{
+        #  Get an address from the IP Pool.
+#       main_pool
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default     1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default 2016-04-07 03:01:40.764000000 -0400
@@ -0,0 +1,44 @@
+{
+        #  If you want privacy to remain, see the
+        #  Chargeable-User-Identity attribute from RFC 4372.
+        #  If you want to use it just uncomment the line below.
+}#       cui-inner
+{
+        #
+        #  If you want to have a log of authentication replies,
+        #  un-comment the following line, and enable the
+        #  'detail reply_log' module.
+}#       reply_log
+{
+        #
+        #  After authenticating the user, do another SQL query.
+        #
+        #  See "Authentication Logging Queries" in sql.conf
+}#        -sql
+{
+        #
+        #  Instead of sending the query to the SQL server,
+        #  write it into a log file.
+        #
+}#       sql_log
+{
+        #
+        #  Un-comment the following if you have set
+        #  'edir_account_policy_check = yes' in the ldap module sub-section of
+        #  the 'modules' section.
+        #
+}#       ldap
+{
+        #
+        #  Access-Reject packets are sent through the REJECT sub-section of the
+        #  post-auth section.
+        #
+        #  Add the ldap module name (or instance) if you have set
+        #  'edir_account_policy_check = yes' in the ldap module configuration
+        #
+}        Post-Auth-Type REJECT \{
+                # log failed authentications in SQL, too.
+#                -sql
+                attr_filter.access_reject
+        \}
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end 1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end     2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1,26 @@
+{
+        #  Remove reply message if the response contains an EAP-Message
+}        remove_reply_message_if_eap
+{
+        #
+        #  Access-Reject packets are sent through the REJECT sub-section of the
+        #  post-auth section.
+        #
+        #  Add the ldap module name (or instance) if you have set
+        #  'edir_account_policy_check = yes' in the ldap module configuration
+        #
+}        Post-Auth-Type REJECT \{
+                # log failed authentications in SQL, too.
+                #-sql
+                attr_filter.access_reject
+
+                # Insert EAP-Failure message if the request was
+                # rejected by policy instead of because of an
+                # authentication failure
+                eap
+
+                #  Remove reply message if the response contains an EAP-Message
+                remove_reply_message_if_eap
+        \}
+\}
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy      1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy  2016-04-07 03:02:39.117000000 -0400
@@ -0,0 +1,17 @@
+pre-proxy \{
+{
+        #  Uncomment the following line if you want to change attributes
+        #  as defined in the preproxy_users file.
+}#       files
+{
+        #  Uncomment the following line if you want to filter requests
+        #  sent to remote servers based on the rules defined in the
+        #  'attrs.pre-proxy' file.
+}#       attr_filter.pre-proxy
+{
+        #  If you want to have a log of packets proxied to a home
+        #  server, un-comment the following line, and the
+        #  'detail pre_proxy_log' section, above.
+}#       pre_proxy_log
+\}
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy     1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy 2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1,54 @@
+{
+#
+#  When the server receives a reply to a request it proxied
+#  to a home server, the request may be massaged here, in the
+#  post-proxy stage.
+#
+}
+post-proxy \{
+{
+        #  If you want to have a log of replies from a home server,
+        #  un-comment the following line, and the 'detail post_proxy_log'
+        #  section, above.
+}#       post_proxy_log
+{
+        #  Uncomment the following line if you want to filter replies from
+        #  remote proxies based on the rules defined in the 'attrs' file.
+}#       attr_filter.post-proxy
+{
+        #
+        #  If you are proxying LEAP, you MUST configure the EAP
+        #  module, and you MUST list it here, in the post-proxy
+        #  stage.
+        #
+        #  You MUST also use the 'nostrip' option in the 'realm'
+        #  configuration.  Otherwise, the User-Name attribute
+        #  in the proxied request will not match the user name
+        #  hidden inside of the EAP packet, and the end server will
+        #  reject the EAP request.
+        #
+}        eap
+{
+        #
+        #  If the server tries to proxy a request and fails, then the
+        #  request is processed through the modules in this section.
+        #
+        #  The main use of this section is to permit robust proxying
+        #  of accounting packets.  The server can be configured to
+        #  proxy accounting packets as part of normal processing.
+        #  Then, if the home server goes down, accounting packets can
+        #  be logged to a local "detail" file, for processing with
+        #  radrelay.  When the home server comes back up, radrelay
+        #  will read the detail file, and send the packets to the
+        #  home server.
+        #
+        #  With this configuration, the server always responds to
+        #  Accounting-Requests from the NAS, but only writes
+        #  accounting packets to disk if the home server is down.
+        #
+}#       Post-Proxy-Type Fail \{
+#                       detail
+#       \}
+\}
+
+
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end   1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end       2016-04-07 02:39:40.964000000 -0400
@@ -0,0 +1,7 @@
+
+\}
+{
+#
+#end of default server
+#
+}
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf    2013-02-13 18:00:55.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf        1969-12-31 19:00:00.000000000 -0500
@@ -1,3 +0,0 @@
-PERMS=0640
-UID="root"
-GID="radiusd"
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap  1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap      2016-04-07 03:05:38.145000000 -0400
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="radiusd"
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap 1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap     2016-04-07 03:05:53.872000000 -0400
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="radiusd"
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd    1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd        2016-04-07 03:13:11.491000000 -0400
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="radiusd"
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default     1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default 2016-04-07 03:06:03.104000000 -0400
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="radiusd"
diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel
--- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel        1969-12-31 19:00:00.000000000 -0500
+++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel    2016-04-07 03:06:15.232000000 -0400
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="radiusd"