diff options
Diffstat (limited to 'openwrt/package/freeradius/patches/02-freeradius-1.1.1-config.patch')
-rw-r--r-- | openwrt/package/freeradius/patches/02-freeradius-1.1.1-config.patch | 302 |
1 files changed, 302 insertions, 0 deletions
diff --git a/openwrt/package/freeradius/patches/02-freeradius-1.1.1-config.patch b/openwrt/package/freeradius/patches/02-freeradius-1.1.1-config.patch new file mode 100644 index 000000000..271cf5609 --- /dev/null +++ b/openwrt/package/freeradius/patches/02-freeradius-1.1.1-config.patch @@ -0,0 +1,302 @@ +diff -ruN freeradius-1.1.1-old/raddb/eap.conf freeradius-1.1.1-new/raddb/eap.conf +--- freeradius-1.1.1-old/raddb/eap.conf 2006-01-04 15:29:29.000000000 +0100 ++++ freeradius-1.1.1-new/raddb/eap.conf 2006-05-22 23:29:11.000000000 +0200 +@@ -73,8 +73,8 @@ + # User-Password, or the NT-Password attributes. + # 'System' authentication is impossible with LEAP. + # +- leap { +- } ++# leap { ++# } + + # Generic Token Card. + # +@@ -87,7 +87,7 @@ + # the users password will go over the wire in plain-text, + # for anyone to see. + # +- gtc { ++# gtc { + # The default challenge, which many clients + # ignore.. + #challenge = "Password: " +@@ -104,8 +104,8 @@ + # configured for the request, and do the + # authentication itself. + # +- auth_type = PAP +- } ++# auth_type = PAP ++# } + + ## EAP-TLS + # +@@ -283,7 +283,7 @@ + # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not + # currently support. + # +- mschapv2 { +- } ++# mschapv2 { ++# } + } + +diff -ruN freeradius-1.1.1-old/raddb/radiusd.conf.in freeradius-1.1.1-new/raddb/radiusd.conf.in +--- freeradius-1.1.1-old/raddb/radiusd.conf.in 2006-02-10 16:12:02.000000000 +0100 ++++ freeradius-1.1.1-new/raddb/radiusd.conf.in 2006-05-22 23:33:53.000000000 +0200 +@@ -31,13 +31,13 @@ + + # Location of config and logfiles. + confdir = ${raddbdir} +-run_dir = ${localstatedir}/run/radiusd ++run_dir = ${localstatedir}/run + + # + # The logging messages for the server are appended to the + # tail of this file. + # +-log_file = ${logdir}/radius.log ++log_file = ${logdir}/radiusd.log + + # + # libdir: Where to find the rlm_* modules. +@@ -353,7 +353,7 @@ + nospace_pass = no + + # The program to execute to do concurrency checks. +-checkrad = ${sbindir}/checkrad ++#checkrad = ${sbindir}/checkrad + + # SECURITY CONFIGURATION + # +@@ -425,8 +425,8 @@ + # + # allowed values: {no, yes} + # +-proxy_requests = yes +-$INCLUDE ${confdir}/proxy.conf ++proxy_requests = no ++#$INCLUDE ${confdir}/proxy.conf + + + # CLIENTS CONFIGURATION +@@ -454,7 +454,7 @@ + # 'snmp' attribute to 'yes' + # + snmp = no +-$INCLUDE ${confdir}/snmp.conf ++#$INCLUDE ${confdir}/snmp.conf + + + # THREAD POOL CONFIGURATION +@@ -657,7 +657,7 @@ + # For all EAP related authentications. + # Now in another file, because it is very large. + # +-$INCLUDE ${confdir}/eap.conf ++#$INCLUDE ${confdir}/eap.conf + + # Microsoft CHAP authentication + # +@@ -1046,8 +1046,8 @@ + # + files { + usersfile = ${confdir}/users +- acctusersfile = ${confdir}/acct_users +- preproxy_usersfile = ${confdir}/preproxy_users ++# acctusersfile = ${confdir}/acct_users ++# preproxy_usersfile = ${confdir}/preproxy_users + + # If you want to use the old Cistron 'users' file + # with FreeRADIUS, you should change the next line +@@ -1221,7 +1221,7 @@ + # For MS-SQL, use: ${confdir}/mssql.conf + # For Oracle, use: ${confdir}/oraclesql.conf + # +- $INCLUDE ${confdir}/sql.conf ++# $INCLUDE ${confdir}/sql.conf + + + # For Cisco VoIP specific accounting with Postgresql, +@@ -1694,7 +1694,7 @@ + # The entire command line (and output) must fit into 253 bytes. + # + # e.g. Framed-Pool = `%{exec:/bin/echo foo}` +- exec ++# exec + + # + # The expression module doesn't do authorization, +@@ -1707,7 +1707,7 @@ + # listed in any other section. See 'doc/rlm_expr' for + # more information. + # +- expr ++# expr + + # + # We add the counter module here so that it registers +@@ -1734,7 +1734,7 @@ + # 'raddb/huntgroups' files. + # + # It also adds the %{Client-IP-Address} attribute to the request. +- preprocess ++# preprocess + + # + # If you want to have a log of authentication requests, +@@ -1747,7 +1747,7 @@ + # + # The chap module will set 'Auth-Type := CHAP' if we are + # handling a CHAP request and Auth-Type has not already been set +- chap ++# chap + + # + # If the users are logging in with an MS-CHAP-Challenge +@@ -1775,7 +1775,7 @@ + # Otherwise, when the first style of realm doesn't match, + # the other styles won't be checked. + # +- suffix ++# suffix + # ntdomain + + # +@@ -1784,11 +1784,11 @@ + # + # It also sets the EAP-Type attribute in the request + # attribute list to the EAP type from the packet. +- eap ++# eap + + # + # Read the 'users' file +- files ++# files + + # + # Look in an SQL database. The schema of the database +@@ -1842,24 +1842,24 @@ + # PAP authentication, when a back-end database listed + # in the 'authorize' section supplies a password. The + # password can be clear-text, or encrypted. +- Auth-Type PAP { +- pap +- } ++# Auth-Type PAP { ++# pap ++# } + + # + # Most people want CHAP authentication + # A back-end database listed in the 'authorize' section + # MUST supply a CLEAR TEXT password. Encrypted passwords + # won't work. +- Auth-Type CHAP { +- chap +- } ++# Auth-Type CHAP { ++# chap ++# } + + # + # MSCHAP authentication. +- Auth-Type MS-CHAP { +- mschap +- } ++# Auth-Type MS-CHAP { ++# mschap ++# } + + # + # If you have a Cisco SIP server authenticating against +@@ -1877,7 +1877,7 @@ + # containing CHAP-Password attributes CANNOT be authenticated + # against /etc/passwd! See the FAQ for details. + # +- unix ++# unix + + # Uncomment it if you want to use ldap for authentication + # +@@ -1890,7 +1890,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + } + + +@@ -1898,12 +1898,12 @@ + # Pre-accounting. Decide which accounting type to use. + # + preacct { +- preprocess ++# preprocess + + # + # Ensure that we have a semi-unique identifier for every + # request, and many NAS boxes are broken. +- acct_unique ++# acct_unique + + # + # Look for IPASS-style 'realm/', and if not found, look for +@@ -1913,12 +1913,12 @@ + # Accounting requests are generally proxied to the same + # home server as authentication requests. + # IPASS +- suffix ++# suffix + # ntdomain + + # + # Read the 'acct_users' file +- files ++# files + } + + # +@@ -1929,20 +1929,20 @@ + # Create a 'detail'ed log of the packets. + # Note that accounting requests which are proxied + # are also logged in the detail file. +- detail ++# detail + # daily + + # Update the wtmp file + # + # If you don't use "radlast", you can delete this line. +- unix ++# unix + + # + # For Simultaneous-Use tracking. + # + # Due to packet losses in the network, the data here + # may be incorrect. There is little we can do about it. +- radutmp ++# radutmp + # sradutmp + + # Return an address to the IP Pool when we see a stop record. +@@ -1970,7 +1970,7 @@ + # or rlm_sql module can handle this. + # The rlm_sql module is *much* faster + session { +- radutmp ++# radutmp + + # + # See "Simultaneous Use Checking Querie" in sql.conf +@@ -2073,5 +2073,5 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + } |