1 files changed, 311 insertions, 0 deletions
diff --git a/package/freeradius/patches/02-freeradius-1.0.4-config.patch b/package/freeradius/patches/02-freeradius-1.0.4-config.patch
new file mode 100644
index 000000000..a1c9c5198
--- /dev/null
+++ b/package/freeradius/patches/02-freeradius-1.0.4-config.patch
@@ -0,0 +1,311 @@
+diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf
+--- freeradius-1.0.4-old/raddb/eap.conf	2004-04-15 20:34:41.000000000 +0200
++++ freeradius-1.0.4-new/raddb/eap.conf	2005-06-18 18:53:06.000000000 +0200
+@@ -72,8 +72,8 @@
+ 		#  User-Password, or the NT-Password attributes.
+ 		#  'System' authentication is impossible with LEAP.
+ 		#
+-		leap {
+-		}
++#		leap {
++#		}
+ 
+ 		#  Generic Token Card.
+ 		#  
+@@ -86,7 +86,7 @@
+ 		#  the users password will go over the wire in plain-text,
+ 		#  for anyone to see.
+ 		#
+-		gtc {
++#		gtc {
+ 			#  The default challenge, which many clients
+ 			#  ignore..
+ 			#challenge = "Password: "
+@@ -103,8 +103,8 @@
+ 			#  configured for the request, and do the
+ 			#  authentication itself.
+ 			#
+-			auth_type = PAP
+-		}
++#			auth_type = PAP
++#		}
+ 
+ 		## EAP-TLS
+ 		#
+@@ -272,7 +272,7 @@
+ 		#  of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
+ 		#  currently support.
+ 		#
+-		mschapv2 {
+-		}
++#		mschapv2 {
++#		}
+ 	}
+ 
+diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in
+--- freeradius-1.0.4-old/raddb/radiusd.conf.in	2005-06-12 00:20:40.000000000 +0200
++++ freeradius-1.0.4-new/raddb/radiusd.conf.in	2005-06-18 18:53:32.000000000 +0200
+@@ -31,13 +31,13 @@
+ 
+ #  Location of config and logfiles.
+ confdir = ${raddbdir}
+-run_dir = ${localstatedir}/run/radiusd
++run_dir = ${localstatedir}/run
+ 
+ #
+ #  The logging messages for the server are appended to the
+ #  tail of this file.
+ #
+-log_file = ${logdir}/radius.log
++log_file = ${localstatedir}/log/radiusd.log
+ 
+ #
+ # libdir: Where to find the rlm_* modules.
+@@ -353,7 +353,7 @@
+ nospace_pass = no
+ 
+ #  The program to execute to do concurrency checks.
+-checkrad = ${sbindir}/checkrad
++#checkrad = ${sbindir}/checkrad
+ 
+ # SECURITY CONFIGURATION
+ #
+@@ -425,8 +425,8 @@
+ #
+ #  allowed values: {no, yes}
+ #
+-proxy_requests  = yes
+-$INCLUDE  ${confdir}/proxy.conf
++proxy_requests  = no
++#$INCLUDE  ${confdir}/proxy.conf
+ 
+ 
+ # CLIENTS CONFIGURATION
+@@ -454,7 +454,7 @@
+ #  'snmp' attribute to 'yes'
+ #
+ snmp	= no
+-$INCLUDE  ${confdir}/snmp.conf
++#$INCLUDE  ${confdir}/snmp.conf
+ 
+ 
+ # THREAD POOL CONFIGURATION
+@@ -657,7 +657,7 @@
+ 	#  For all EAP related authentications.
+ 	#  Now in another file, because it is very large.
+ 	#
+-$INCLUDE ${confdir}/eap.conf
++#	$INCLUDE ${confdir}/eap.conf
+ 
+ 	# Microsoft CHAP authentication
+ 	#
+@@ -1034,8 +1034,8 @@
+ 	#
+ 	files {
+ 		usersfile = ${confdir}/users
+-		acctusersfile = ${confdir}/acct_users
+-		preproxy_usersfile = ${confdir}/preproxy_users
++#		acctusersfile = ${confdir}/acct_users
++#		preproxy_usersfile = ${confdir}/preproxy_users
+ 
+ 		#  If you want to use the old Cistron 'users' file
+ 		#  with FreeRADIUS, you should change the next line
+@@ -1168,7 +1168,7 @@
+ 	#  For MS-SQL, use:	 	${confdir}/mssql.conf
+ 	#  For Oracle, use:	 	${confdir}/oraclesql.conf
+ 	#
+-	$INCLUDE  ${confdir}/sql.conf
++#	$INCLUDE  ${confdir}/sql.conf
+ 
+ 
+ 	#  For Cisco VoIP specific accounting with Postgresql,
+@@ -1536,7 +1536,7 @@
+ 	#  The entire command line (and output) must fit into 253 bytes.
+ 	#
+ 	#  e.g. Framed-Pool = `%{exec:/bin/echo foo}`
+-	exec
++#	exec
+ 
+ 	#
+ 	#  The expression module doesn't do authorization,
+@@ -1549,7 +1549,7 @@
+ 	#  listed in any other section.  See 'doc/rlm_expr' for
+ 	#  more information.
+ 	#
+-	expr
++#	expr
+ 
+ 	#
+ 	# We add the counter module here so that it registers
+@@ -1576,7 +1576,7 @@
+ 	#  'raddb/huntgroups' files.
+ 	#
+ 	#  It also adds the %{Client-IP-Address} attribute to the request.
+-	preprocess
++#	preprocess
+ 
+ 	#
+ 	#  If you want to have a log of authentication requests,
+@@ -1589,7 +1589,7 @@
+ 	#
+ 	#  The chap module will set 'Auth-Type := CHAP' if we are
+ 	#  handling a CHAP request and Auth-Type has not already been set
+-	chap
++#	chap
+ 
+ 	#
+ 	#  If the users are logging in with an MS-CHAP-Challenge
+@@ -1597,7 +1597,7 @@
+ 	#  the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
+ 	#  to the request, which will cause the server to then use
+ 	#  the mschap module for authentication.
+-	mschap
++#	mschap
+ 
+ 	#
+ 	#  If you have a Cisco SIP server authenticating against
+@@ -1617,7 +1617,7 @@
+ 	#  Otherwise, when the first style of realm doesn't match,
+ 	#  the other styles won't be checked.
+ 	#
+-	suffix
++#	suffix
+ #	ntdomain
+ 
+ 	#
+@@ -1626,11 +1626,11 @@
+ 	#
+ 	#  It also sets the EAP-Type attribute in the request
+ 	#  attribute list to the EAP type from the packet.
+-	eap
++#	eap
+ 
+ 	#
+ 	#  Read the 'users' file
+-	files
++#	files
+ 
+ 	#
+ 	#  Look in an SQL database.  The schema of the database
+@@ -1684,24 +1684,24 @@
+ 	#  PAP authentication, when a back-end database listed
+ 	#  in the 'authorize' section supplies a password.  The
+ 	#  password can be clear-text, or encrypted.
+-	Auth-Type PAP {
+-		pap
+-	}
++#	Auth-Type PAP {
++#		pap
++#	}
+ 
+ 	#
+ 	#  Most people want CHAP authentication
+ 	#  A back-end database listed in the 'authorize' section
+ 	#  MUST supply a CLEAR TEXT password.  Encrypted passwords
+ 	#  won't work.
+-	Auth-Type CHAP {
+-		chap
+-	}
++#	Auth-Type CHAP {
++#		chap
++#	}
+ 
+ 	#
+ 	#  MSCHAP authentication.
+-	Auth-Type MS-CHAP {
+-		mschap
+-	}
++#	Auth-Type MS-CHAP {
++#		mschap
++#	}
+ 
+ 	#
+ 	#  If you have a Cisco SIP server authenticating against
+@@ -1719,7 +1719,7 @@
+ 	#  containing CHAP-Password attributes CANNOT be authenticated
+ 	#  against /etc/passwd!  See the FAQ for details.
+ 	#  
+-	unix
++#	unix
+ 
+ 	# Uncomment it if you want to use ldap for authentication
+ 	#
+@@ -1732,7 +1732,7 @@
+ 
+ 	#
+ 	#  Allow EAP authentication.
+-	eap
++#	eap
+ }
+ 
+ 
+@@ -1740,12 +1740,12 @@
+ #  Pre-accounting.  Decide which accounting type to use.
+ #
+ preacct {
+-	preprocess
++#	preprocess
+ 
+ 	#
+ 	#  Ensure that we have a semi-unique identifier for every
+ 	#  request, and many NAS boxes are broken.
+-	acct_unique
++#	acct_unique
+ 
+ 	#
+ 	#  Look for IPASS-style 'realm/', and if not found, look for
+@@ -1755,12 +1755,12 @@
+ 	#  Accounting requests are generally proxied to the same
+ 	#  home server as authentication requests.
+ #	IPASS
+-	suffix
++#	suffix
+ #	ntdomain
+ 
+ 	#
+ 	#  Read the 'acct_users' file
+-	files
++#	files
+ }
+ 
+ #
+@@ -1771,20 +1771,20 @@
+ 	#  Create a 'detail'ed log of the packets.
+ 	#  Note that accounting requests which are proxied
+ 	#  are also logged in the detail file.
+-	detail
++#	detail
+ #	daily
+ 
+ 	#  Update the wtmp file
+ 	#
+ 	#  If you don't use "radlast", you can delete this line.
+-	unix
++#	unix
+ 
+ 	#
+ 	#  For Simultaneous-Use tracking.
+ 	#
+ 	#  Due to packet losses in the network, the data here
+ 	#  may be incorrect.  There is little we can do about it.
+-	radutmp
++#	radutmp
+ #	sradutmp
+ 
+ 	#  Return an address to the IP Pool when we see a stop record.
+@@ -1807,7 +1807,7 @@
+ #  or rlm_sql module can handle this.
+ #  The rlm_sql module is *much* faster
+ session {
+-	radutmp
++#	radutmp
+ 
+ 	#
+ 	#  See "Simultaneous Use Checking Querie" in sql.conf
+@@ -1904,5 +1904,5 @@
+ 	#  hidden inside of the EAP packet, and the end server will
+ 	#  reject the EAP request.
+ 	#
+-	eap
++#	eap
+ }