From c7648b6717b49e6bcd093be1f9dfaa69a39b17d0 Mon Sep 17 00:00:00 2001 From: nico Date: Wed, 7 Dec 2005 23:08:54 +0000 Subject: add detail, preprocess and realm sub-packages, rename patches, prepare for future update. git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2597 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/freeradius/patches/02-config.patch | 311 +++++++++++++++++++++++++++++ 1 file changed, 311 insertions(+) create mode 100644 package/freeradius/patches/02-config.patch (limited to 'package/freeradius/patches/02-config.patch') diff --git a/package/freeradius/patches/02-config.patch b/package/freeradius/patches/02-config.patch new file mode 100644 index 000000000..a1c9c5198 --- /dev/null +++ b/package/freeradius/patches/02-config.patch @@ -0,0 +1,311 @@ +diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf +--- freeradius-1.0.4-old/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200 ++++ freeradius-1.0.4-new/raddb/eap.conf 2005-06-18 18:53:06.000000000 +0200 +@@ -72,8 +72,8 @@ + # User-Password, or the NT-Password attributes. + # 'System' authentication is impossible with LEAP. + # +- leap { +- } ++# leap { ++# } + + # Generic Token Card. + # +@@ -86,7 +86,7 @@ + # the users password will go over the wire in plain-text, + # for anyone to see. + # +- gtc { ++# gtc { + # The default challenge, which many clients + # ignore.. + #challenge = "Password: " +@@ -103,8 +103,8 @@ + # configured for the request, and do the + # authentication itself. + # +- auth_type = PAP +- } ++# auth_type = PAP ++# } + + ## EAP-TLS + # +@@ -272,7 +272,7 @@ + # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not + # currently support. + # +- mschapv2 { +- } ++# mschapv2 { ++# } + } + +diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in +--- freeradius-1.0.4-old/raddb/radiusd.conf.in 2005-06-12 00:20:40.000000000 +0200 ++++ freeradius-1.0.4-new/raddb/radiusd.conf.in 2005-06-18 18:53:32.000000000 +0200 +@@ -31,13 +31,13 @@ + + # Location of config and logfiles. + confdir = ${raddbdir} +-run_dir = ${localstatedir}/run/radiusd ++run_dir = ${localstatedir}/run + + # + # The logging messages for the server are appended to the + # tail of this file. + # +-log_file = ${logdir}/radius.log ++log_file = ${localstatedir}/log/radiusd.log + + # + # libdir: Where to find the rlm_* modules. +@@ -353,7 +353,7 @@ + nospace_pass = no + + # The program to execute to do concurrency checks. +-checkrad = ${sbindir}/checkrad ++#checkrad = ${sbindir}/checkrad + + # SECURITY CONFIGURATION + # +@@ -425,8 +425,8 @@ + # + # allowed values: {no, yes} + # +-proxy_requests = yes +-$INCLUDE ${confdir}/proxy.conf ++proxy_requests = no ++#$INCLUDE ${confdir}/proxy.conf + + + # CLIENTS CONFIGURATION +@@ -454,7 +454,7 @@ + # 'snmp' attribute to 'yes' + # + snmp = no +-$INCLUDE ${confdir}/snmp.conf ++#$INCLUDE ${confdir}/snmp.conf + + + # THREAD POOL CONFIGURATION +@@ -657,7 +657,7 @@ + # For all EAP related authentications. + # Now in another file, because it is very large. + # +-$INCLUDE ${confdir}/eap.conf ++# $INCLUDE ${confdir}/eap.conf + + # Microsoft CHAP authentication + # +@@ -1034,8 +1034,8 @@ + # + files { + usersfile = ${confdir}/users +- acctusersfile = ${confdir}/acct_users +- preproxy_usersfile = ${confdir}/preproxy_users ++# acctusersfile = ${confdir}/acct_users ++# preproxy_usersfile = ${confdir}/preproxy_users + + # If you want to use the old Cistron 'users' file + # with FreeRADIUS, you should change the next line +@@ -1168,7 +1168,7 @@ + # For MS-SQL, use: ${confdir}/mssql.conf + # For Oracle, use: ${confdir}/oraclesql.conf + # +- $INCLUDE ${confdir}/sql.conf ++# $INCLUDE ${confdir}/sql.conf + + + # For Cisco VoIP specific accounting with Postgresql, +@@ -1536,7 +1536,7 @@ + # The entire command line (and output) must fit into 253 bytes. + # + # e.g. Framed-Pool = `%{exec:/bin/echo foo}` +- exec ++# exec + + # + # The expression module doesn't do authorization, +@@ -1549,7 +1549,7 @@ + # listed in any other section. See 'doc/rlm_expr' for + # more information. + # +- expr ++# expr + + # + # We add the counter module here so that it registers +@@ -1576,7 +1576,7 @@ + # 'raddb/huntgroups' files. + # + # It also adds the %{Client-IP-Address} attribute to the request. +- preprocess ++# preprocess + + # + # If you want to have a log of authentication requests, +@@ -1589,7 +1589,7 @@ + # + # The chap module will set 'Auth-Type := CHAP' if we are + # handling a CHAP request and Auth-Type has not already been set +- chap ++# chap + + # + # If the users are logging in with an MS-CHAP-Challenge +@@ -1597,7 +1597,7 @@ + # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP' + # to the request, which will cause the server to then use + # the mschap module for authentication. +- mschap ++# mschap + + # + # If you have a Cisco SIP server authenticating against +@@ -1617,7 +1617,7 @@ + # Otherwise, when the first style of realm doesn't match, + # the other styles won't be checked. + # +- suffix ++# suffix + # ntdomain + + # +@@ -1626,11 +1626,11 @@ + # + # It also sets the EAP-Type attribute in the request + # attribute list to the EAP type from the packet. +- eap ++# eap + + # + # Read the 'users' file +- files ++# files + + # + # Look in an SQL database. The schema of the database +@@ -1684,24 +1684,24 @@ + # PAP authentication, when a back-end database listed + # in the 'authorize' section supplies a password. The + # password can be clear-text, or encrypted. +- Auth-Type PAP { +- pap +- } ++# Auth-Type PAP { ++# pap ++# } + + # + # Most people want CHAP authentication + # A back-end database listed in the 'authorize' section + # MUST supply a CLEAR TEXT password. Encrypted passwords + # won't work. +- Auth-Type CHAP { +- chap +- } ++# Auth-Type CHAP { ++# chap ++# } + + # + # MSCHAP authentication. +- Auth-Type MS-CHAP { +- mschap +- } ++# Auth-Type MS-CHAP { ++# mschap ++# } + + # + # If you have a Cisco SIP server authenticating against +@@ -1719,7 +1719,7 @@ + # containing CHAP-Password attributes CANNOT be authenticated + # against /etc/passwd! See the FAQ for details. + # +- unix ++# unix + + # Uncomment it if you want to use ldap for authentication + # +@@ -1732,7 +1732,7 @@ + + # + # Allow EAP authentication. +- eap ++# eap + } + + +@@ -1740,12 +1740,12 @@ + # Pre-accounting. Decide which accounting type to use. + # + preacct { +- preprocess ++# preprocess + + # + # Ensure that we have a semi-unique identifier for every + # request, and many NAS boxes are broken. +- acct_unique ++# acct_unique + + # + # Look for IPASS-style 'realm/', and if not found, look for +@@ -1755,12 +1755,12 @@ + # Accounting requests are generally proxied to the same + # home server as authentication requests. + # IPASS +- suffix ++# suffix + # ntdomain + + # + # Read the 'acct_users' file +- files ++# files + } + + # +@@ -1771,20 +1771,20 @@ + # Create a 'detail'ed log of the packets. + # Note that accounting requests which are proxied + # are also logged in the detail file. +- detail ++# detail + # daily + + # Update the wtmp file + # + # If you don't use "radlast", you can delete this line. +- unix ++# unix + + # + # For Simultaneous-Use tracking. + # + # Due to packet losses in the network, the data here + # may be incorrect. There is little we can do about it. +- radutmp ++# radutmp + # sradutmp + + # Return an address to the IP Pool when we see a stop record. +@@ -1807,7 +1807,7 @@ + # or rlm_sql module can handle this. + # The rlm_sql module is *much* faster + session { +- radutmp ++# radutmp + + # + # See "Simultaneous Use Checking Querie" in sql.conf +@@ -1904,5 +1904,5 @@ + # hidden inside of the EAP packet, and the end server will + # reject the EAP request. + # +- eap ++# eap + } -- cgit v1.2.3