summaryrefslogtreecommitdiffstats
path: root/package/freeradius/patches/freeradius-1.0.2-config.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/freeradius/patches/freeradius-1.0.2-config.patch')
-rw-r--r--package/freeradius/patches/freeradius-1.0.2-config.patch309
1 files changed, 309 insertions, 0 deletions
diff --git a/package/freeradius/patches/freeradius-1.0.2-config.patch b/package/freeradius/patches/freeradius-1.0.2-config.patch
new file mode 100644
index 000000000..e75d2efd6
--- /dev/null
+++ b/package/freeradius/patches/freeradius-1.0.2-config.patch
@@ -0,0 +1,309 @@
+diff -ruN freeradius-1.0.2-orig/raddb/eap.conf freeradius-1.0.2-2/raddb/eap.conf
+--- freeradius-1.0.2-orig/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200
++++ freeradius-1.0.2-2/raddb/eap.conf 2005-03-13 23:05:13.000000000 +0100
+@@ -72,8 +72,8 @@
+ # User-Password, or the NT-Password attributes.
+ # 'System' authentication is impossible with LEAP.
+ #
+- leap {
+- }
++# leap {
++# }
+
+ # Generic Token Card.
+ #
+@@ -86,7 +86,7 @@
+ # the users password will go over the wire in plain-text,
+ # for anyone to see.
+ #
+- gtc {
++# gtc {
+ # The default challenge, which many clients
+ # ignore..
+ #challenge = "Password: "
+@@ -103,8 +103,8 @@
+ # configured for the request, and do the
+ # authentication itself.
+ #
+- auth_type = PAP
+- }
++# auth_type = PAP
++# }
+
+ ## EAP-TLS
+ #
+@@ -272,7 +272,7 @@
+ # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
+ # currently support.
+ #
+- mschapv2 {
+- }
++# mschapv2 {
++# }
+ }
+
+diff -ruN freeradius-1.0.2-orig/raddb/radiusd.conf.in freeradius-1.0.2-2/raddb/radiusd.conf.in
+--- freeradius-1.0.2-orig/raddb/radiusd.conf.in 2005-02-07 20:52:05.000000000 +0100
++++ freeradius-1.0.2-2/raddb/radiusd.conf.in 2005-03-13 23:05:13.000000000 +0100
+@@ -31,13 +31,13 @@
+
+ # Location of config and logfiles.
+ confdir = ${raddbdir}
+-run_dir = ${localstatedir}/run/radiusd
++run_dir = ${localstatedir}/run
+
+ #
+ # The logging messages for the server are appended to the
+ # tail of this file.
+ #
+-log_file = ${logdir}/radius.log
++log_file = ${localstatedir}/log/radiusd.log
+
+ #
+ # libdir: Where to find the rlm_* modules.
+@@ -353,7 +353,7 @@
+ nospace_pass = no
+
+ # The program to execute to do concurrency checks.
+-checkrad = ${sbindir}/checkrad
++#checkrad = ${sbindir}/checkrad
+
+ # SECURITY CONFIGURATION
+ #
+@@ -425,8 +425,8 @@
+ #
+ # allowed values: {no, yes}
+ #
+-proxy_requests = yes
+-$INCLUDE ${confdir}/proxy.conf
++proxy_requests = no
++#$INCLUDE ${confdir}/proxy.conf
+
+
+ # CLIENTS CONFIGURATION
+@@ -454,7 +454,7 @@
+ # 'snmp' attribute to 'yes'
+ #
+ snmp = no
+-$INCLUDE ${confdir}/snmp.conf
++#$INCLUDE ${confdir}/snmp.conf
+
+
+ # THREAD POOL CONFIGURATION
+@@ -657,7 +657,7 @@
+ # For all EAP related authentications.
+ # Now in another file, because it is very large.
+ #
+-$INCLUDE ${confdir}/eap.conf
++# $INCLUDE ${confdir}/eap.conf
+
+ # Microsoft CHAP authentication
+ #
+@@ -1034,7 +1034,7 @@
+ #
+ files {
+ usersfile = ${confdir}/users
+- acctusersfile = ${confdir}/acct_users
++# acctusersfile = ${confdir}/acct_users
+
+ # If you want to use the old Cistron 'users' file
+ # with FreeRADIUS, you should change the next line
+@@ -1167,7 +1167,7 @@
+ # For MS-SQL, use: ${confdir}/mssql.conf
+ # For Oracle, use: ${confdir}/oraclesql.conf
+ #
+- $INCLUDE ${confdir}/sql.conf
++# $INCLUDE ${confdir}/sql.conf
+
+
+ # For Cisco VoIP specific accounting with Postgresql,
+@@ -1535,7 +1535,7 @@
+ # The entire command line (and output) must fit into 253 bytes.
+ #
+ # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
+- exec
++# exec
+
+ #
+ # The expression module doesn't do authorization,
+@@ -1548,7 +1548,7 @@
+ # listed in any other section. See 'doc/rlm_expr' for
+ # more information.
+ #
+- expr
++# expr
+
+ #
+ # We add the counter module here so that it registers
+@@ -1575,7 +1575,7 @@
+ # 'raddb/huntgroups' files.
+ #
+ # It also adds the %{Client-IP-Address} attribute to the request.
+- preprocess
++# preprocess
+
+ #
+ # If you want to have a log of authentication requests,
+@@ -1588,7 +1588,7 @@
+ #
+ # The chap module will set 'Auth-Type := CHAP' if we are
+ # handling a CHAP request and Auth-Type has not already been set
+- chap
++# chap
+
+ #
+ # If the users are logging in with an MS-CHAP-Challenge
+@@ -1596,7 +1596,7 @@
+ # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
+ # to the request, which will cause the server to then use
+ # the mschap module for authentication.
+- mschap
++# mschap
+
+ #
+ # If you have a Cisco SIP server authenticating against
+@@ -1616,7 +1616,7 @@
+ # Otherwise, when the first style of realm doesn't match,
+ # the other styles won't be checked.
+ #
+- suffix
++# suffix
+ # ntdomain
+
+ #
+@@ -1625,11 +1625,11 @@
+ #
+ # It also sets the EAP-Type attribute in the request
+ # attribute list to the EAP type from the packet.
+- eap
++# eap
+
+ #
+ # Read the 'users' file
+- files
++# files
+
+ #
+ # Look in an SQL database. The schema of the database
+@@ -1683,24 +1683,24 @@
+ # PAP authentication, when a back-end database listed
+ # in the 'authorize' section supplies a password. The
+ # password can be clear-text, or encrypted.
+- Auth-Type PAP {
+- pap
+- }
++# Auth-Type PAP {
++# pap
++# }
+
+ #
+ # Most people want CHAP authentication
+ # A back-end database listed in the 'authorize' section
+ # MUST supply a CLEAR TEXT password. Encrypted passwords
+ # won't work.
+- Auth-Type CHAP {
+- chap
+- }
++# Auth-Type CHAP {
++# chap
++# }
+
+ #
+ # MSCHAP authentication.
+- Auth-Type MS-CHAP {
+- mschap
+- }
++# Auth-Type MS-CHAP {
++# mschap
++# }
+
+ #
+ # If you have a Cisco SIP server authenticating against
+@@ -1718,7 +1718,7 @@
+ # containing CHAP-Password attributes CANNOT be authenticated
+ # against /etc/passwd! See the FAQ for details.
+ #
+- unix
++# unix
+
+ # Uncomment it if you want to use ldap for authentication
+ #
+@@ -1731,7 +1731,7 @@
+
+ #
+ # Allow EAP authentication.
+- eap
++# eap
+ }
+
+
+@@ -1739,12 +1739,12 @@
+ # Pre-accounting. Decide which accounting type to use.
+ #
+ preacct {
+- preprocess
++# preprocess
+
+ #
+ # Ensure that we have a semi-unique identifier for every
+ # request, and many NAS boxes are broken.
+- acct_unique
++# acct_unique
+
+ #
+ # Look for IPASS-style 'realm/', and if not found, look for
+@@ -1754,12 +1754,12 @@
+ # Accounting requests are generally proxied to the same
+ # home server as authentication requests.
+ # IPASS
+- suffix
++# suffix
+ # ntdomain
+
+ #
+ # Read the 'acct_users' file
+- files
++# files
+ }
+
+ #
+@@ -1770,20 +1770,20 @@
+ # Create a 'detail'ed log of the packets.
+ # Note that accounting requests which are proxied
+ # are also logged in the detail file.
+- detail
++# detail
+ # daily
+
+ # Update the wtmp file
+ #
+ # If you don't use "radlast", you can delete this line.
+- unix
++# unix
+
+ #
+ # For Simultaneous-Use tracking.
+ #
+ # Due to packet losses in the network, the data here
+ # may be incorrect. There is little we can do about it.
+- radutmp
++# radutmp
+ # sradutmp
+
+ # Return an address to the IP Pool when we see a stop record.
+@@ -1806,7 +1806,7 @@
+ # or rlm_sql module can handle this.
+ # The rlm_sql module is *much* faster
+ session {
+- radutmp
++# radutmp
+
+ #
+ # See "Simultaneous Use Checking Querie" in sql.conf
+@@ -1900,5 +1900,5 @@
+ # hidden inside of the EAP packet, and the end server will
+ # reject the EAP request.
+ #
+- eap
++# eap
+ }