/[smeserver]/rpms/e-smith-radiusd/sme10/e-smith-radiusd-2.6.0-freeradius3ter.patch
ViewVC logotype

Contents of /rpms/e-smith-radiusd/sme10/e-smith-radiusd-2.6.0-freeradius3ter.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.2 - (show annotations) (download)
Sun Apr 10 07:30:52 2016 UTC (8 years, 7 months ago) by unnilennium
Branch: MAIN
CVS Tags: e-smith-radiusd-2_6_0-10_el7_sme, e-smith-radiusd-2_6_0-20_el7_sme, e-smith-radiusd-2_6_0-9_el7_sme, e-smith-radiusd-2_6_0-13_el7_sme, e-smith-radiusd-2_6_0-23_el7_sme, e-smith-radiusd-2_6_0-17_el7_sme, e-smith-radiusd-2_6_0-19_el7_sme, e-smith-radiusd-2_6_0-7_el7_sme, e-smith-radiusd-2_6_0-22_el7_sme, e-smith-radiusd-2_6_0-12_el7_sme, e-smith-radiusd-2_6_0-8_el7_sme, e-smith-radiusd-2_6_0-21_el7_sme, e-smith-radiusd-2_6_0-11_el7_sme, e-smith-radiusd-2_6_0-16_el7_sme, e-smith-radiusd-2_6_0-14_el7_sme, e-smith-radiusd-2_6_0-18_el7_sme, e-smith-radiusd-2_6_0-15_el7_sme, HEAD
Changes since 1.1: +2 -2 lines
Error occurred while calculating annotation data.
* Sun Apr 10 2016 Jean-Philipe Pialasse <tests@pialasse.com> 2.6.0-7.sme
- fix typo [SME: 9425]

1 diff -Nur e-smith-radiusd-2.6.0.old/createlinks e-smith-radiusd-2.6.0/createlinks
2 --- e-smith-radiusd-2.6.0.old/createlinks 2016-04-07 02:29:43.465000000 -0400
3 +++ e-smith-radiusd-2.6.0/createlinks 2016-04-07 03:04:14.095000000 -0400
4 @@ -28,6 +28,7 @@
5 raddb/mods-available/ldap
6 raddb/mods-available/smbpasswd
7 raddb/sites-available/default
8 + raddb/sites-available/inner-tunnel
9 raddb/proxy.conf
10 radiusclient-ng/servers))
11 {
12 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost
13 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost 2016-04-07 02:29:43.448000000 -0400
14 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost 2016-04-07 02:33:05.760000000 -0400
15 @@ -5,6 +5,7 @@
16 "";
17 }
18 client localhost \{
19 + ipaddr = 127.0.0.1
20 { #
21 # The shared secret use to "encrypt" and "sign" packets between
22 # the NAS and FreeRADIUS. You MUST change this secret from the
23 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init
24 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init 1969-12-31 19:00:00.000000000 -0500
25 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init 2016-04-07 02:40:42.818000000 -0400
26 @@ -0,0 +1,13 @@
27 +{
28 +# -*- text -*-
29 +######################################################################
30 +#
31 +# This is a virtual server that handles *only* inner tunnel
32 +# requests for EAP-TTLS and PEAP types.
33 +#
34 +# $Id: e-smith-radiusd-2.6.0-freeradius3ter.patch,v 1.1 2016/04/07 07:16:22 unnilennium Exp $
35 +#
36 +######################################################################
37 +}
38 +server inner-tunnel \{
39 +
40 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen
41 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen 1969-12-31 19:00:00.000000000 -0500
42 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen 2016-04-07 02:42:10.419000000 -0400
43 @@ -0,0 +1,27 @@
44 +{
45 +#
46 +# This next section is here to allow testing of the "inner-tunnel"
47 +# authentication methods, independently from the "default" server.
48 +# It is listening on "localhost", so that it can only be used from
49 +# the same machine.
50 +#
51 +# $ radtest USER PASSWORD 127.0.0.1:18120 0 testing123
52 +#
53 +# If it works, you have configured the inner tunnel correctly. To check
54 +# if PEAP will work, use:
55 +#
56 +# $ radtest -t mschap USER PASSWORD 127.0.0.1:18120 0 testing123
57 +#
58 +# If that works, PEAP should work. If that command doesn't work, then
59 +#
60 +# FIX THE INNER TUNNEL CONFIGURATION SO THAT IT WORKS.
61 +#
62 +# Do NOT do any PEAP tests. It won't help. Instead, concentrate
63 +# on fixing the inner tunnel configuration. DO NOTHING ELSE.
64 +#
65 +}
66 +listen \{
67 + ipaddr = 127.0.0.1
68 + port = 18120
69 + type = auth
70 +\}
71 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init
72 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init 1969-12-31 19:00:00.000000000 -0500
73 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init 2016-04-07 02:39:40.963000000 -0400
74 @@ -0,0 +1,11 @@
75 +{
76 +# Authorization. First preprocess (hints and huntgroups files),
77 +# then realms, and finally look in the "users" file.
78 +#
79 +# The order of the realm modules will determine the order that
80 +# we try to find a matching realm.
81 +#
82 +# Make *sure* that 'preprocess' comes before any realm if you
83 +# need to setup hints for the remote radius server
84 +}
85 +authorize \{
86 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default
87 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default 1969-12-31 19:00:00.000000000 -0500
88 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default 2016-04-07 02:53:35.817000000 -0400
89 @@ -0,0 +1,107 @@
90 +{
91 + #
92 + # The chap module will set 'Auth-Type := CHAP' if we are
93 + # handling a CHAP request and Auth-Type has not already been set
94 +} chap
95 +{
96 + #
97 + # If the users are logging in with an MS-CHAP-Challenge
98 + # attribute for authentication, the mschap module will find
99 + # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
100 + # to the request, which will cause the server to then use
101 + # the mschap module for authentication.
102 +} mschap
103 +{
104 + #
105 + # Pull crypt'd passwords from /etc/passwd or /etc/shadow,
106 + # using the system API's to get the password. If you want
107 + # to read /etc/passwd or /etc/shadow directly, see the
108 + # passwd module, above.
109 + #
110 +}# unix
111 +{
112 + #
113 + # Look for IPASS style 'realm/', and if not found, look for
114 + # '@realm', and decide whether or not to proxy, based on
115 + # that.
116 +}# IPASS
117 +{
118 + #
119 + # If you are using multiple kinds of realms, you probably
120 + # want to set "ignore_null = yes" for all of them.
121 + # Otherwise, when the first style of realm doesn't match,
122 + # the other styles won't be checked.
123 + #
124 + # Note that proxying the inner tunnel authentication means
125 + # that the user MAY use one identity in the outer session
126 + # (e.g. "anonymous", and a different one here
127 + # (e.g. "user@example.com"). The inner session will then be
128 + # proxied elsewhere for authentication. If you are not
129 + # careful, this means that the user can cause you to forward
130 + # the authentication to another RADIUS server, and have the
131 + # accounting logs *not* sent to the other server. This makes
132 + # it difficult to bill people for their network activity.
133 + #
134 +} suffix
135 +# ntdomain
136 +{
137 + #
138 + # The "suffix" module takes care of stripping the domain
139 + # (e.g. "@example.com") from the User-Name attribute, and the
140 + # next few lines ensure that the request is not proxied.
141 + #
142 + # If you want the inner tunnel request to be proxied, delete
143 + # the next few lines.
144 + #
145 +
146 +} update control \{
147 + Proxy-To-Realm := LOCAL
148 + \}
149 +{
150 + #
151 + # This module takes care of EAP-MSCHAPv2 authentication.
152 + #
153 + # It also sets the EAP-Type attribute in the request
154 + # attribute list to the EAP type from the packet.
155 + #
156 + # The example below uses module failover to avoid querying all
157 + # of the following modules if the EAP module returns "ok".
158 + # Therefore, your LDAP and/or SQL servers will not be queried
159 + # for the many packets that go back and forth to set up TTLS
160 + # or PEAP. The load on those servers will therefore be reduced.
161 + #
162 +} eap \{
163 + ok = return
164 + \}
165 +{
166 + #
167 + # Read the 'users' file
168 +} files
169 +{
170 + #
171 + # Look in an SQL database. The schema of the database
172 + # is meant to mirror the "users" file.
173 + #
174 + # See "Authorization Queries" in sql.conf
175 +}# -sql
176 + -ldap
177 +{
178 + #
179 + # Enforce daily limits on time spent logged in.
180 +}# daily
181 + expiration
182 + logintime
183 +{
184 + #
185 + # If no other module has claimed responsibility for
186 + # authentication, then try to use PAP. This allows the
187 + # other modules listed above to add a "known good" password
188 + # to the request, and to do nothing else. The PAP module
189 + # will then see that password, and use it to do PAP
190 + # authentication.
191 + #
192 + # This module should be listed last, so that the other modules
193 + # get a chance to set Auth-Type for themselves.
194 + #
195 +} pap
196 +
197 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end
198 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end 1969-12-31 19:00:00.000000000 -0500
199 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end 2016-04-07 02:39:40.963000000 -0400
200 @@ -0,0 +1 @@
201 +\}
202 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup
203 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup 1969-12-31 19:00:00.000000000 -0500
204 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup 2016-04-07 02:39:40.963000000 -0400
205 @@ -0,0 +1,5 @@
206 +{
207 + my @authModules = '';
208 + $OUT = '';
209 +}
210 +
211 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap
212 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap 1969-12-31 19:00:00.000000000 -0500
213 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap 2016-04-07 02:39:40.963000000 -0400
214 @@ -0,0 +1,5 @@
215 +{
216 + push(@authModules, "\tAuth-Type MS-CHAP\{\n\t\tmschap\n\t\}\n");
217 + $OUT = '';
218 +}
219 +
220 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap
221 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap 1969-12-31 19:00:00.000000000 -0500
222 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap 2016-04-07 02:56:10.969000000 -0400
223 @@ -0,0 +1,5 @@
224 +{
225 + push(@authModules, "\tAuth-Type PAP\{\n\t\tpap\n\t\}\n");
226 + $OUT = '';
227 +}
228 +
229 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap
230 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap 1969-12-31 19:00:00.000000000 -0500
231 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap 2016-04-07 02:57:13.246000000 -0400
232 @@ -0,0 +1,5 @@
233 +{
234 + push(@authModules, "\tAuth-Type CHAP\{\n\t\tchap\n\t\}\n");
235 + $OUT = '';
236 +}
237 +
238 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap
239 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap 1969-12-31 19:00:00.000000000 -0500
240 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap 2016-04-07 02:39:40.963000000 -0400
241 @@ -0,0 +1,5 @@
242 +{
243 + push(@authModules, "\tAuth-Type LDAP\{\n\t\tldap\n\t\}\n");
244 + $OUT = '';
245 +}
246 +
247 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap
248 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap 1969-12-31 19:00:00.000000000 -0500
249 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap 2016-04-07 02:39:40.964000000 -0400
250 @@ -0,0 +1,4 @@
251 +{
252 + push(@authModules, "\teap\n");
253 + $OUT = '';
254 +}
255 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process
256 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process 1969-12-31 19:00:00.000000000 -0500
257 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process 2016-04-07 02:39:40.964000000 -0400
258 @@ -0,0 +1,23 @@
259 +{
260 +# Authentication.
261 +#
262 +# This section lists which modules are available for authentication.
263 +# Note that it does NOT mean 'try each module in order'. It means
264 +# that a module from the 'authorize' section adds a configuration
265 +# attribute 'Auth-Type := FOO'. That authentication type is then
266 +# used to pick the apropriate module from the list below.
267 +#
268 +# In general, you SHOULD NOT set the Auth-Type attribute. The server
269 +# will figure it out on its own, and will do the right thing. The
270 +# most common side effect of erroneously setting the Auth-Type
271 +# attribute is that one authentication method will work, but the
272 +# others will not.
273 +#
274 +# The common reasons to set the Auth-Type attribute by hand
275 +# is to either forcibly reject the user, or forcibly accept him.
276 +
277 + $OUT = "authenticate \{\n";
278 + $OUT .= "$_\n" foreach @authModules;
279 + $OUT .= "\}\n";
280 +
281 +}
282 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct
283 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct 1969-12-31 19:00:00.000000000 -0500
284 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct 2016-04-07 02:39:40.964000000 -0400
285 @@ -0,0 +1,47 @@
286 +{
287 +#
288 +# Pre-accounting. Decide which accounting type to use.
289 +#
290 +}preacct \{
291 + preprocess
292 +{
293 + #
294 + # Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets
295 + # into a single 64bit counter Acct-[Input|Output]-Octets64.
296 + #
297 +}# acct_counters64
298 +{
299 + #
300 + # Session start times are *implied* in RADIUS.
301 + # The NAS never sends a "start time". Instead, it sends
302 + # a start packet, *possibly* with an Acct-Delay-Time.
303 + # The server is supposed to conclude that the start time
304 + # was "Acct-Delay-Time" seconds in the past.
305 + #
306 + # The code below creates an explicit start time, which can
307 + # then be used in other modules. It will be *mostly* correct.
308 + # Any errors are due to the 1-second resolution of RADIUS,
309 + # and the possibility that the time on the NAS may be off.
310 + #
311 + # The start time is: NOW - delay - session_length
312 + #
313 +}
314 +# update request {
315 +# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
316 +# }
317 +
318 +{
319 + #
320 + # Ensure that we have a semi-unique identifier for every
321 + # request, and many NAS boxes are broken.
322 +}
323 +
324 + acct_unique
325 +{
326 + # Accounting requests are generally proxied to the same
327 + # home server as authentication requests.
328 +} suffix
329 + ntdomain
330 + files
331 +
332 +\}
333 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init
334 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init 1969-12-31 19:00:00.000000000 -0500
335 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init 2016-04-07 02:39:40.964000000 -0400
336 @@ -0,0 +1,6 @@
337 +{
338 +# Session database, used for checking Simultaneous-Use. Either the radutmp
339 +# or rlm_sql module can handle this.
340 +# The rlm_sql module is *much* faster
341 +}session \{
342 +
343 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default
344 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default 1969-12-31 19:00:00.000000000 -0500
345 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default 2016-04-07 02:59:12.603000000 -0400
346 @@ -0,0 +1,3 @@
347 + radutmp
348 +# sql
349 +
350 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end
351 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end 1969-12-31 19:00:00.000000000 -0500
352 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end 2016-04-07 02:39:40.964000000 -0400
353 @@ -0,0 +1 @@
354 +\}
355 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init
356 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init 1969-12-31 19:00:00.000000000 -0500
357 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init 2016-04-07 02:39:40.964000000 -0400
358 @@ -0,0 +1,8 @@
359 +{
360 +# Post-Authentication
361 +# Once we KNOW that the user has been authenticated, there are
362 +# additional steps we can take.
363 +}post-auth \{
364 + # Get an address from the IP Pool.
365 +# main_pool
366 +
367 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default
368 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default 1969-12-31 19:00:00.000000000 -0500
369 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default 2016-04-07 03:01:40.764000000 -0400
370 @@ -0,0 +1,44 @@
371 +{
372 + # If you want privacy to remain, see the
373 + # Chargeable-User-Identity attribute from RFC 4372.
374 + # If you want to use it just uncomment the line below.
375 +}# cui-inner
376 +{
377 + #
378 + # If you want to have a log of authentication replies,
379 + # un-comment the following line, and enable the
380 + # 'detail reply_log' module.
381 +}# reply_log
382 +{
383 + #
384 + # After authenticating the user, do another SQL query.
385 + #
386 + # See "Authentication Logging Queries" in sql.conf
387 +}# -sql
388 +{
389 + #
390 + # Instead of sending the query to the SQL server,
391 + # write it into a log file.
392 + #
393 +}# sql_log
394 +{
395 + #
396 + # Un-comment the following if you have set
397 + # 'edir_account_policy_check = yes' in the ldap module sub-section of
398 + # the 'modules' section.
399 + #
400 +}# ldap
401 +{
402 + #
403 + # Access-Reject packets are sent through the REJECT sub-section of the
404 + # post-auth section.
405 + #
406 + # Add the ldap module name (or instance) if you have set
407 + # 'edir_account_policy_check = yes' in the ldap module configuration
408 + #
409 +} Post-Auth-Type REJECT \{
410 + # log failed authentications in SQL, too.
411 +# -sql
412 + attr_filter.access_reject
413 + \}
414 +
415 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end
416 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end 1969-12-31 19:00:00.000000000 -0500
417 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end 2016-04-07 02:39:40.964000000 -0400
418 @@ -0,0 +1,26 @@
419 +{
420 + # Remove reply message if the response contains an EAP-Message
421 +} remove_reply_message_if_eap
422 +{
423 + #
424 + # Access-Reject packets are sent through the REJECT sub-section of the
425 + # post-auth section.
426 + #
427 + # Add the ldap module name (or instance) if you have set
428 + # 'edir_account_policy_check = yes' in the ldap module configuration
429 + #
430 +} Post-Auth-Type REJECT \{
431 + # log failed authentications in SQL, too.
432 + #-sql
433 + attr_filter.access_reject
434 +
435 + # Insert EAP-Failure message if the request was
436 + # rejected by policy instead of because of an
437 + # authentication failure
438 + eap
439 +
440 + # Remove reply message if the response contains an EAP-Message
441 + remove_reply_message_if_eap
442 + \}
443 +\}
444 +
445 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy
446 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy 1969-12-31 19:00:00.000000000 -0500
447 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy 2016-04-07 03:02:39.117000000 -0400
448 @@ -0,0 +1,17 @@
449 +pre-proxy \{
450 +{
451 + # Uncomment the following line if you want to change attributes
452 + # as defined in the preproxy_users file.
453 +}# files
454 +{
455 + # Uncomment the following line if you want to filter requests
456 + # sent to remote servers based on the rules defined in the
457 + # 'attrs.pre-proxy' file.
458 +}# attr_filter.pre-proxy
459 +{
460 + # If you want to have a log of packets proxied to a home
461 + # server, un-comment the following line, and the
462 + # 'detail pre_proxy_log' section, above.
463 +}# pre_proxy_log
464 +\}
465 +
466 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy
467 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy 1969-12-31 19:00:00.000000000 -0500
468 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy 2016-04-07 02:39:40.964000000 -0400
469 @@ -0,0 +1,54 @@
470 +{
471 +#
472 +# When the server receives a reply to a request it proxied
473 +# to a home server, the request may be massaged here, in the
474 +# post-proxy stage.
475 +#
476 +}
477 +post-proxy \{
478 +{
479 + # If you want to have a log of replies from a home server,
480 + # un-comment the following line, and the 'detail post_proxy_log'
481 + # section, above.
482 +}# post_proxy_log
483 +{
484 + # Uncomment the following line if you want to filter replies from
485 + # remote proxies based on the rules defined in the 'attrs' file.
486 +}# attr_filter.post-proxy
487 +{
488 + #
489 + # If you are proxying LEAP, you MUST configure the EAP
490 + # module, and you MUST list it here, in the post-proxy
491 + # stage.
492 + #
493 + # You MUST also use the 'nostrip' option in the 'realm'
494 + # configuration. Otherwise, the User-Name attribute
495 + # in the proxied request will not match the user name
496 + # hidden inside of the EAP packet, and the end server will
497 + # reject the EAP request.
498 + #
499 +} eap
500 +{
501 + #
502 + # If the server tries to proxy a request and fails, then the
503 + # request is processed through the modules in this section.
504 + #
505 + # The main use of this section is to permit robust proxying
506 + # of accounting packets. The server can be configured to
507 + # proxy accounting packets as part of normal processing.
508 + # Then, if the home server goes down, accounting packets can
509 + # be logged to a local "detail" file, for processing with
510 + # radrelay. When the home server comes back up, radrelay
511 + # will read the detail file, and send the packets to the
512 + # home server.
513 + #
514 + # With this configuration, the server always responds to
515 + # Accounting-Requests from the NAS, but only writes
516 + # accounting packets to disk if the home server is down.
517 + #
518 +}# Post-Proxy-Type Fail \{
519 +# detail
520 +# \}
521 +\}
522 +
523 +
524 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end
525 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end 1969-12-31 19:00:00.000000000 -0500
526 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end 2016-04-07 02:39:40.964000000 -0400
527 @@ -0,0 +1,7 @@
528 +
529 +\}
530 +{
531 +#
532 +#end of default server
533 +#
534 +}
535 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf
536 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf 2013-02-13 18:00:55.000000000 -0500
537 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf 1969-12-31 19:00:00.000000000 -0500
538 @@ -1,3 +0,0 @@
539 -PERMS=0640
540 -UID="root"
541 -GID="radiusd"
542 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap
543 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap 1969-12-31 19:00:00.000000000 -0500
544 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap 2016-04-07 03:05:38.145000000 -0400
545 @@ -0,0 +1,3 @@
546 +PERMS=0640
547 +UID="root"
548 +GID="radiusd"
549 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap
550 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap 1969-12-31 19:00:00.000000000 -0500
551 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap 2016-04-07 03:05:53.872000000 -0400
552 @@ -0,0 +1,3 @@
553 +PERMS=0640
554 +UID="root"
555 +GID="radiusd"
556 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd
557 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd 1969-12-31 19:00:00.000000000 -0500
558 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd 2016-04-07 03:13:11.491000000 -0400
559 @@ -0,0 +1,3 @@
560 +PERMS=0640
561 +UID="root"
562 +GID="radiusd"
563 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default
564 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default 1969-12-31 19:00:00.000000000 -0500
565 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default 2016-04-07 03:06:03.104000000 -0400
566 @@ -0,0 +1,3 @@
567 +PERMS=0640
568 +UID="root"
569 +GID="radiusd"
570 diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel
571 --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel 1969-12-31 19:00:00.000000000 -0500
572 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel 2016-04-07 03:06:15.232000000 -0400
573 @@ -0,0 +1,3 @@
574 +PERMS=0640
575 +UID="root"
576 +GID="radiusd"

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed