diff -Nur e-smith-radiusd-2.6.0.old/createlinks e-smith-radiusd-2.6.0/createlinks --- e-smith-radiusd-2.6.0.old/createlinks 2016-04-07 02:29:43.465000000 -0400 +++ e-smith-radiusd-2.6.0/createlinks 2016-04-07 03:04:14.095000000 -0400 @@ -28,6 +28,7 @@ raddb/mods-available/ldap raddb/mods-available/smbpasswd raddb/sites-available/default + raddb/sites-available/inner-tunnel raddb/proxy.conf radiusclient-ng/servers)) { diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost 2016-04-07 02:29:43.448000000 -0400 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/clients.conf/10localhost 2016-04-07 02:33:05.760000000 -0400 @@ -5,6 +5,7 @@ ""; } client localhost \{ + ipaddr = 127.0.0.1 { # # The shared secret use to "encrypt" and "sign" packets between # the NAS and FreeRADIUS. You MUST change this secret from the diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/01init 2016-04-07 02:40:42.818000000 -0400 @@ -0,0 +1,13 @@ +{ +# -*- text -*- +###################################################################### +# +# This is a virtual server that handles *only* inner tunnel +# requests for EAP-TTLS and PEAP types. +# +# $Id: e-smith-radiusd-2.6.0-freeradius3ter.patch,v 1.1 2016/04/07 07:16:22 unnilennium Exp $ +# +###################################################################### +} +server inner-tunnel \{ + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/20listen 2016-04-07 02:42:10.419000000 -0400 @@ -0,0 +1,27 @@ +{ +# +# This next section is here to allow testing of the "inner-tunnel" +# authentication methods, independently from the "default" server. +# It is listening on "localhost", so that it can only be used from +# the same machine. +# +# $ radtest USER PASSWORD 127.0.0.1:18120 0 testing123 +# +# If it works, you have configured the inner tunnel correctly. To check +# if PEAP will work, use: +# +# $ radtest -t mschap USER PASSWORD 127.0.0.1:18120 0 testing123 +# +# If that works, PEAP should work. If that command doesn't work, then +# +# FIX THE INNER TUNNEL CONFIGURATION SO THAT IT WORKS. +# +# Do NOT do any PEAP tests. It won't help. Instead, concentrate +# on fixing the inner tunnel configuration. DO NOTHING ELSE. +# +} +listen \{ + ipaddr = 127.0.0.1 + port = 18120 + type = auth +\} diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization00init 2016-04-07 02:39:40.963000000 -0400 @@ -0,0 +1,11 @@ +{ +# Authorization. First preprocess (hints and huntgroups files), +# then realms, and finally look in the "users" file. +# +# The order of the realm modules will determine the order that +# we try to find a matching realm. +# +# Make *sure* that 'preprocess' comes before any realm if you +# need to setup hints for the remote radius server +} +authorize \{ diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization40default 2016-04-07 02:53:35.817000000 -0400 @@ -0,0 +1,107 @@ +{ + # + # The chap module will set 'Auth-Type := CHAP' if we are + # handling a CHAP request and Auth-Type has not already been set +} chap +{ + # + # If the users are logging in with an MS-CHAP-Challenge + # attribute for authentication, the mschap module will find + # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' + # to the request, which will cause the server to then use + # the mschap module for authentication. +} mschap +{ + # + # Pull crypt'd passwords from /etc/passwd or /etc/shadow, + # using the system API's to get the password. If you want + # to read /etc/passwd or /etc/shadow directly, see the + # passwd module, above. + # +}# unix +{ + # + # Look for IPASS style 'realm/', and if not found, look for + # '@realm', and decide whether or not to proxy, based on + # that. +}# IPASS +{ + # + # If you are using multiple kinds of realms, you probably + # want to set "ignore_null = yes" for all of them. + # Otherwise, when the first style of realm doesn't match, + # the other styles won't be checked. + # + # Note that proxying the inner tunnel authentication means + # that the user MAY use one identity in the outer session + # (e.g. "anonymous", and a different one here + # (e.g. "user@example.com"). The inner session will then be + # proxied elsewhere for authentication. If you are not + # careful, this means that the user can cause you to forward + # the authentication to another RADIUS server, and have the + # accounting logs *not* sent to the other server. This makes + # it difficult to bill people for their network activity. + # +} suffix +# ntdomain +{ + # + # The "suffix" module takes care of stripping the domain + # (e.g. "@example.com") from the User-Name attribute, and the + # next few lines ensure that the request is not proxied. + # + # If you want the inner tunnel request to be proxied, delete + # the next few lines. + # + +} update control \{ + Proxy-To-Realm := LOCAL + \} +{ + # + # This module takes care of EAP-MSCHAPv2 authentication. + # + # It also sets the EAP-Type attribute in the request + # attribute list to the EAP type from the packet. + # + # The example below uses module failover to avoid querying all + # of the following modules if the EAP module returns "ok". + # Therefore, your LDAP and/or SQL servers will not be queried + # for the many packets that go back and forth to set up TTLS + # or PEAP. The load on those servers will therefore be reduced. + # +} eap \{ + ok = return + \} +{ + # + # Read the 'users' file +} files +{ + # + # Look in an SQL database. The schema of the database + # is meant to mirror the "users" file. + # + # See "Authorization Queries" in sql.conf +}# -sql + -ldap +{ + # + # Enforce daily limits on time spent logged in. +}# daily + expiration + logintime +{ + # + # If no other module has claimed responsibility for + # authentication, then try to use PAP. This allows the + # other modules listed above to add a "known good" password + # to the request, and to do nothing else. The PAP module + # will then see that password, and use it to do PAP + # authentication. + # + # This module should be listed last, so that the other modules + # get a chance to set Auth-Type for themselves. + # +} pap + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/35authorization99end 2016-04-07 02:39:40.963000000 -0400 @@ -0,0 +1 @@ +\} diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate00setup 2016-04-07 02:39:40.963000000 -0400 @@ -0,0 +1,5 @@ +{ + my @authModules = ''; + $OUT = ''; +} + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate10AuthMsChap 2016-04-07 02:39:40.963000000 -0400 @@ -0,0 +1,5 @@ +{ + push(@authModules, "\tAuth-Type MS-CHAP\{\n\t\tmschap\n\t\}\n"); + $OUT = ''; +} + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate12pap 2016-04-07 02:56:10.969000000 -0400 @@ -0,0 +1,5 @@ +{ + push(@authModules, "\tAuth-Type PAP\{\n\t\tpap\n\t\}\n"); + $OUT = ''; +} + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate13chap 2016-04-07 02:57:13.246000000 -0400 @@ -0,0 +1,5 @@ +{ + push(@authModules, "\tAuth-Type CHAP\{\n\t\tchap\n\t\}\n"); + $OUT = ''; +} + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate15ldap 2016-04-07 02:39:40.963000000 -0400 @@ -0,0 +1,5 @@ +{ + push(@authModules, "\tAuth-Type LDAP\{\n\t\tldap\n\t\}\n"); + $OUT = ''; +} + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate20authEap 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1,4 @@ +{ + push(@authModules, "\teap\n"); + $OUT = ''; +} diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/40authenticate99process 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1,23 @@ +{ +# Authentication. +# +# This section lists which modules are available for authentication. +# Note that it does NOT mean 'try each module in order'. It means +# that a module from the 'authorize' section adds a configuration +# attribute 'Auth-Type := FOO'. That authentication type is then +# used to pick the apropriate module from the list below. +# +# In general, you SHOULD NOT set the Auth-Type attribute. The server +# will figure it out on its own, and will do the right thing. The +# most common side effect of erroneously setting the Auth-Type +# attribute is that one authentication method will work, but the +# others will not. +# +# The common reasons to set the Auth-Type attribute by hand +# is to either forcibly reject the user, or forcibly accept him. + + $OUT = "authenticate \{\n"; + $OUT .= "$_\n" foreach @authModules; + $OUT .= "\}\n"; + +} diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/55preacct 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1,47 @@ +{ +# +# Pre-accounting. Decide which accounting type to use. +# +}preacct \{ + preprocess +{ + # + # Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets + # into a single 64bit counter Acct-[Input|Output]-Octets64. + # +}# acct_counters64 +{ + # + # Session start times are *implied* in RADIUS. + # The NAS never sends a "start time". Instead, it sends + # a start packet, *possibly* with an Acct-Delay-Time. + # The server is supposed to conclude that the start time + # was "Acct-Delay-Time" seconds in the past. + # + # The code below creates an explicit start time, which can + # then be used in other modules. It will be *mostly* correct. + # Any errors are due to the 1-second resolution of RADIUS, + # and the possibility that the time on the NAS may be off. + # + # The start time is: NOW - delay - session_length + # +} +# update request { +# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" +# } + +{ + # + # Ensure that we have a semi-unique identifier for every + # request, and many NAS boxes are broken. +} + + acct_unique +{ + # Accounting requests are generally proxied to the same + # home server as authentication requests. +} suffix + ntdomain + files + +\} diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session00init 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1,6 @@ +{ +# Session database, used for checking Simultaneous-Use. Either the radutmp +# or rlm_sql module can handle this. +# The rlm_sql module is *much* faster +}session \{ + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session40default 2016-04-07 02:59:12.603000000 -0400 @@ -0,0 +1,3 @@ + radutmp +# sql + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/70session99end 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1 @@ +\} diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth00init 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1,8 @@ +{ +# Post-Authentication +# Once we KNOW that the user has been authenticated, there are +# additional steps we can take. +}post-auth \{ + # Get an address from the IP Pool. +# main_pool + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth40default 2016-04-07 03:01:40.764000000 -0400 @@ -0,0 +1,44 @@ +{ + # If you want privacy to remain, see the + # Chargeable-User-Identity attribute from RFC 4372. + # If you want to use it just uncomment the line below. +}# cui-inner +{ + # + # If you want to have a log of authentication replies, + # un-comment the following line, and enable the + # 'detail reply_log' module. +}# reply_log +{ + # + # After authenticating the user, do another SQL query. + # + # See "Authentication Logging Queries" in sql.conf +}# -sql +{ + # + # Instead of sending the query to the SQL server, + # write it into a log file. + # +}# sql_log +{ + # + # Un-comment the following if you have set + # 'edir_account_policy_check = yes' in the ldap module sub-section of + # the 'modules' section. + # +}# ldap +{ + # + # Access-Reject packets are sent through the REJECT sub-section of the + # post-auth section. + # + # Add the ldap module name (or instance) if you have set + # 'edir_account_policy_check = yes' in the ldap module configuration + # +} Post-Auth-Type REJECT \{ + # log failed authentications in SQL, too. +# -sql + attr_filter.access_reject + \} + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/80postauth99end 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1,26 @@ +{ + # Remove reply message if the response contains an EAP-Message +} remove_reply_message_if_eap +{ + # + # Access-Reject packets are sent through the REJECT sub-section of the + # post-auth section. + # + # Add the ldap module name (or instance) if you have set + # 'edir_account_policy_check = yes' in the ldap module configuration + # +} Post-Auth-Type REJECT \{ + # log failed authentications in SQL, too. + #-sql + attr_filter.access_reject + + # Insert EAP-Failure message if the request was + # rejected by policy instead of because of an + # authentication failure + eap + + # Remove reply message if the response contains an EAP-Message + remove_reply_message_if_eap + \} +\} + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/85preproxy 2016-04-07 03:02:39.117000000 -0400 @@ -0,0 +1,17 @@ +pre-proxy \{ +{ + # Uncomment the following line if you want to change attributes + # as defined in the preproxy_users file. +}# files +{ + # Uncomment the following line if you want to filter requests + # sent to remote servers based on the rules defined in the + # 'attrs.pre-proxy' file. +}# attr_filter.pre-proxy +{ + # If you want to have a log of packets proxied to a home + # server, un-comment the following line, and the + # 'detail pre_proxy_log' section, above. +}# pre_proxy_log +\} + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/90postproxy 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1,54 @@ +{ +# +# When the server receives a reply to a request it proxied +# to a home server, the request may be massaged here, in the +# post-proxy stage. +# +} +post-proxy \{ +{ + # If you want to have a log of replies from a home server, + # un-comment the following line, and the 'detail post_proxy_log' + # section, above. +}# post_proxy_log +{ + # Uncomment the following line if you want to filter replies from + # remote proxies based on the rules defined in the 'attrs' file. +}# attr_filter.post-proxy +{ + # + # If you are proxying LEAP, you MUST configure the EAP + # module, and you MUST list it here, in the post-proxy + # stage. + # + # You MUST also use the 'nostrip' option in the 'realm' + # configuration. Otherwise, the User-Name attribute + # in the proxied request will not match the user name + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +} eap +{ + # + # If the server tries to proxy a request and fails, then the + # request is processed through the modules in this section. + # + # The main use of this section is to permit robust proxying + # of accounting packets. The server can be configured to + # proxy accounting packets as part of normal processing. + # Then, if the home server goes down, accounting packets can + # be logged to a local "detail" file, for processing with + # radrelay. When the home server comes back up, radrelay + # will read the detail file, and send the packets to the + # home server. + # + # With this configuration, the server always responds to + # Accounting-Requests from the NAS, but only writes + # accounting packets to disk if the home server is down. + # +}# Post-Proxy-Type Fail \{ +# detail +# \} +\} + + diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates/etc/raddb/sites-available/inner-tunnel/99end 2016-04-07 02:39:40.964000000 -0400 @@ -0,0 +1,7 @@ + +\} +{ +# +#end of default server +# +} diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf 2013-02-13 18:00:55.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/eap.conf 1969-12-31 19:00:00.000000000 -0500 @@ -1,3 +0,0 @@ -PERMS=0640 -UID="root" -GID="radiusd" diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/eap 2016-04-07 03:05:38.145000000 -0400 @@ -0,0 +1,3 @@ +PERMS=0640 +UID="root" +GID="radiusd" diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/ldap 2016-04-07 03:05:53.872000000 -0400 @@ -0,0 +1,3 @@ +PERMS=0640 +UID="root" +GID="radiusd" diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/mods-available/smbpasswd 2016-04-07 03:13:11.491000000 -0400 @@ -0,0 +1,3 @@ +PERMS=0640 +UID="root" +GID="radiusd" diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/default 2016-04-07 03:06:03.104000000 -0400 @@ -0,0 +1,3 @@ +PERMS=0640 +UID="root" +GID="radiusd" diff -Nur e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel --- e-smith-radiusd-2.6.0.old/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel 1969-12-31 19:00:00.000000000 -0500 +++ e-smith-radiusd-2.6.0/root/etc/e-smith/templates.metadata/etc/raddb/sites-available/inner-tunnel 2016-04-07 03:06:15.232000000 -0400 @@ -0,0 +1,3 @@ +PERMS=0640 +UID="root" +GID="radiusd"