---- a/raddb/dictionary.in
-+++ b/raddb/dictionary.in
+Index: freeradius-server-2.2.7/raddb/dictionary.in
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/dictionary.in
++++ freeradius-server-2.2.7/raddb/dictionary.in
@@ -11,7 +11,7 @@
#
# The filename given here should be an absolute path.
#
# Place additional attributes or $INCLUDEs here. They will
---- a/raddb/eap.conf
-+++ b/raddb/eap.conf
+Index: freeradius-server-2.2.7/raddb/eap.conf
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/eap.conf
++++ freeradius-server-2.2.7/raddb/eap.conf
@@ -27,7 +27,7 @@
# then that EAP type takes precedence over the
# default type configured here.
# This option enables support for MS-SoH
# see doc/SoH.txt for more info.
---- a/raddb/modules/counter
-+++ b/raddb/modules/counter
+Index: freeradius-server-2.2.7/raddb/modules/counter
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/modules/counter
++++ freeradius-server-2.2.7/raddb/modules/counter
@@ -69,7 +69,7 @@
# 'check-name' attribute.
#
key = User-Name
count-attribute = Acct-Session-Time
reset = daily
---- a/raddb/modules/pap
-+++ b/raddb/modules/pap
+Index: freeradius-server-2.2.7/raddb/modules/pap
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/modules/pap
++++ freeradius-server-2.2.7/raddb/modules/pap
@@ -18,5 +18,5 @@
#
# http://www.openldap.org/faq/data/cache/347.html
- auto_header = no
+ auto_header = yes
}
---- a/raddb/modules/radutmp
-+++ b/raddb/modules/radutmp
+Index: freeradius-server-2.2.7/raddb/modules/radutmp
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/modules/radutmp
++++ freeradius-server-2.2.7/raddb/modules/radutmp
@@ -12,7 +12,7 @@ radutmp {
# Where the file is stored. It's not a log file,
# so it doesn't need rotating.
# The field in the packet to key on for the
# 'user' name, If you have other fields which you want
---- a/raddb/modules/sradutmp
-+++ b/raddb/modules/sradutmp
+Index: freeradius-server-2.2.7/raddb/modules/sradutmp
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/modules/sradutmp
++++ freeradius-server-2.2.7/raddb/modules/sradutmp
@@ -10,7 +10,7 @@
# then name "sradutmp" to identify it later in the "accounting"
# section.
perm = 0644
callerid = "no"
}
---- a/raddb/radiusd.conf.in
-+++ b/raddb/radiusd.conf.in
+Index: freeradius-server-2.2.7/raddb/radiusd.conf.in
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/radiusd.conf.in
++++ freeradius-server-2.2.7/raddb/radiusd.conf.in
@@ -66,7 +66,7 @@ name = radiusd
# Location of config and logfiles.
# clients = per_socket_clients
}
-@@ -584,8 +584,8 @@ security {
+@@ -576,8 +576,8 @@ security {
#
# allowed values: {no, yes}
#
# CLIENTS CONFIGURATION
-@@ -782,7 +782,7 @@ instantiate {
+@@ -774,7 +774,7 @@ instantiate {
# The entire command line (and output) must fit into 253 bytes.
#
# e.g. Framed-Pool = `%{exec:/bin/echo foo}`
#
# The expression module doesn't do authorization,
-@@ -799,15 +799,15 @@ instantiate {
+@@ -791,15 +791,15 @@ instantiate {
# other xlat functions such as md5, sha1 and lc.
#
# We do not recommend removing it's listing here.
# subsections here can be thought of as "virtual" modules.
#
-@@ -831,7 +831,7 @@ instantiate {
+@@ -823,7 +823,7 @@ instantiate {
# to multiple times.
#
######################################################################
######################################################################
#
-@@ -841,9 +841,9 @@ $INCLUDE policy.conf
+@@ -833,9 +833,9 @@ $INCLUDE policy.conf
# match the regular expression: /[a-zA-Z0-9_.]+/
#
# It allows you to define new virtual servers simply by placing
######################################################################
#
-@@ -851,7 +851,7 @@ $INCLUDE sites-enabled/
+@@ -843,7 +843,7 @@ $INCLUDE sites-enabled/
# "authenticate {}", "accounting {}", have been moved to the
# the file:
#
#
# This is the "default" virtual server that has the same
# configuration as in version 1.0.x and 1.1.x. The default
---- a/raddb/sites-available/default
-+++ b/raddb/sites-available/default
+Index: freeradius-server-2.2.7/raddb/sites-available/default
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/sites-available/default
++++ freeradius-server-2.2.7/raddb/sites-available/default
@@ -85,7 +85,7 @@ authorize {
#
# It takes care of processing the 'raddb/hints' and the
# ntdomain
#
-@@ -195,8 +195,8 @@ authorize {
+@@ -197,8 +197,8 @@ authorize {
# Use the checkval module
# checkval
#
# If no other module has claimed responsibility for
-@@ -277,7 +277,7 @@ authenticate {
+@@ -279,7 +279,7 @@ authenticate {
# If you have a Cisco SIP server authenticating against
# FreeRADIUS, uncomment the following line, and the 'digest'
# line in the 'authorize' section.
#
# Pluggable Authentication Modules.
-@@ -294,7 +294,7 @@ authenticate {
+@@ -296,7 +296,7 @@ authenticate {
# be used for authentication ONLY for compatibility with legacy
# FreeRADIUS configurations.
#
# Uncomment it if you want to use ldap for authentication
#
-@@ -330,8 +330,8 @@ authenticate {
+@@ -332,8 +332,8 @@ authenticate {
#
# Pre-accounting. Decide which accounting type to use.
#
#
# Session start times are *implied* in RADIUS.
-@@ -354,7 +354,7 @@ preacct {
+@@ -356,7 +356,7 @@ preacct {
#
# Ensure that we have a semi-unique identifier for every
# request, and many NAS boxes are broken.
#
# Look for IPASS-style 'realm/', and if not found, look for
-@@ -364,13 +364,13 @@ preacct {
+@@ -366,13 +366,13 @@ preacct {
# Accounting requests are generally proxied to the same
# home server as authentication requests.
# IPASS
#
# Accounting. Log the accounting data.
-@@ -380,7 +380,7 @@ accounting {
+@@ -382,7 +382,7 @@ accounting {
# Create a 'detail'ed log of the packets.
# Note that accounting requests which are proxied
# are also logged in the detail file.
# daily
# Update the wtmp file
-@@ -432,7 +432,7 @@ accounting {
+@@ -434,7 +434,7 @@ accounting {
exec
# Filter attributes from the accounting response.
#
# See "Autz-Type Status-Server" for how this works.
-@@ -458,7 +458,7 @@ session {
+@@ -460,7 +460,7 @@ session {
# Post-Authentication
# Once we KNOW that the user has been authenticated, there are
# additional steps we can take.
# Get an address from the IP Pool.
# main_pool
-@@ -488,7 +488,7 @@ post-auth {
+@@ -490,7 +490,7 @@ post-auth {
# ldap
# For Exec-Program and Exec-Program-Wait
#
# Calculate the various WiMAX keys. In order for this to work,
-@@ -572,12 +572,12 @@ post-auth {
+@@ -574,18 +574,18 @@ post-auth {
# Add the ldap module name (or instance) if you have set
# 'edir_account_policy_check = yes' in the ldap module configuration
#
+# Post-Auth-Type REJECT {
+# # log failed authentications in SQL, too.
# sql
+
+ # Insert EAP-Failure message if the request was
+ # rejected by policy instead of because of an
+ # authentication failure
+- eap
++# eap
+
- attr_filter.access_reject
- }
-}
#
# When the server decides to proxy a request to a home server,
-@@ -587,7 +587,7 @@ post-auth {
+@@ -595,7 +595,7 @@ post-auth {
#
# Only a few modules currently have this method.
#
# attr_rewrite
# Uncomment the following line if you want to change attributes
-@@ -603,14 +603,14 @@ pre-proxy {
+@@ -611,14 +611,14 @@ pre-proxy {
# server, un-comment the following line, and the
# 'detail pre_proxy_log' section, above.
# pre_proxy_log
# If you want to have a log of replies from a home server,
# un-comment the following line, and the 'detail post_proxy_log'
-@@ -634,7 +634,7 @@ post-proxy {
+@@ -642,7 +642,7 @@ post-proxy {
# hidden inside of the EAP packet, and the end server will
# reject the EAP request.
#
#
# If the server tries to proxy a request and fails, then the
-@@ -656,5 +656,5 @@ post-proxy {
+@@ -664,5 +664,5 @@ post-proxy {
# Post-Proxy-Type Fail {
# detail
# }
-}
+#}
---- a/raddb/users
-+++ b/raddb/users
+Index: freeradius-server-2.2.7/raddb/users
+===================================================================
+--- freeradius-server-2.2.7.orig/raddb/users
++++ freeradius-server-2.2.7/raddb/users
@@ -169,22 +169,22 @@
# by the terminal server in which case there may not be a "P" suffix.
# The terminal server sends "Framed-Protocol = PPP" for auto PPP.
projects / feed / packages.git / commitdiff