summaryrefslogtreecommitdiff
path: root/package/freeradius/patches/02-config.patch
diff options
context:
space:
mode:
Diffstat (limited to 'package/freeradius/patches/02-config.patch')
-rw-r--r--package/freeradius/patches/02-config.patch311
1 files changed, 311 insertions, 0 deletions
diff --git a/package/freeradius/patches/02-config.patch b/package/freeradius/patches/02-config.patch
new file mode 100644
index 0000000000..a1c9c51981
--- /dev/null
+++ b/package/freeradius/patches/02-config.patch
@@ -0,0 +1,311 @@
+diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf
+--- freeradius-1.0.4-old/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200
++++ freeradius-1.0.4-new/raddb/eap.conf 2005-06-18 18:53:06.000000000 +0200
+@@ -72,8 +72,8 @@
+ # User-Password, or the NT-Password attributes.
+ # 'System' authentication is impossible with LEAP.
+ #
+- leap {
+- }
++# leap {
++# }
+
+ # Generic Token Card.
+ #
+@@ -86,7 +86,7 @@
+ # the users password will go over the wire in plain-text,
+ # for anyone to see.
+ #
+- gtc {
++# gtc {
+ # The default challenge, which many clients
+ # ignore..
+ #challenge = "Password: "
+@@ -103,8 +103,8 @@
+ # configured for the request, and do the
+ # authentication itself.
+ #
+- auth_type = PAP
+- }
++# auth_type = PAP
++# }
+
+ ## EAP-TLS
+ #
+@@ -272,7 +272,7 @@
+ # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
+ # currently support.
+ #
+- mschapv2 {
+- }
++# mschapv2 {
++# }
+ }
+
+diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in
+--- freeradius-1.0.4-old/raddb/radiusd.conf.in 2005-06-12 00:20:40.000000000 +0200
++++ freeradius-1.0.4-new/raddb/radiusd.conf.in 2005-06-18 18:53:32.000000000 +0200
+@@ -31,13 +31,13 @@
+
+ # Location of config and logfiles.
+ confdir = ${raddbdir}
+-run_dir = ${localstatedir}/run/radiusd
++run_dir = ${localstatedir}/run
+
+ #
+ # The logging messages for the server are appended to the
+ # tail of this file.
+ #
+-log_file = ${logdir}/radius.log
++log_file = ${localstatedir}/log/radiusd.log
+
+ #
+ # libdir: Where to find the rlm_* modules.
+@@ -353,7 +353,7 @@
+ nospace_pass = no
+
+ # The program to execute to do concurrency checks.
+-checkrad = ${sbindir}/checkrad
++#checkrad = ${sbindir}/checkrad
+
+ # SECURITY CONFIGURATION
+ #
+@@ -425,8 +425,8 @@
+ #
+ # allowed values: {no, yes}
+ #
+-proxy_requests = yes
+-$INCLUDE ${confdir}/proxy.conf
++proxy_requests = no
++#$INCLUDE ${confdir}/proxy.conf
+
+
+ # CLIENTS CONFIGURATION
+@@ -454,7 +454,7 @@
+ # 'snmp' attribute to 'yes'
+ #
+ snmp = no
+-$INCLUDE ${confdir}/snmp.conf
++#$INCLUDE ${confdir}/snmp.conf
+
+
+ # THREAD POOL CONFIGURATION
+@@ -657,7 +657,7 @@
+ # For all EAP related authentications.
+ # Now in another file, because it is very large.
+ #
+-$INCLUDE ${confdir}/eap.conf
++# $INCLUDE ${confdir}/eap.conf
+
+ # Microsoft CHAP authentication
+ #
+@@ -1034,8 +1034,8 @@
+ #
+ files {
+ usersfile = ${confdir}/users
+- acctusersfile = ${confdir}/acct_users
+- preproxy_usersfile = ${confdir}/preproxy_users
++# acctusersfile = ${confdir}/acct_users
++# preproxy_usersfile = ${confdir}/preproxy_users
+
+ # If you want to use the old Cistron 'users' file
+ # with FreeRADIUS, you should change the next line
+@@ -1168,7 +1168,7 @@
+ # For MS-SQL, use: ${confdir}/mssql.conf
+ # For Oracle, use: ${confdir}/oraclesql.conf
+ #
+- $INCLUDE ${confdir}/sql.conf
++# $INCLUDE ${confdir}/sql.conf
+
+
+ # For Cisco VoIP specific accounting with Postgresql,
+@@ -1536,7 +1536,7 @@
+ # The entire command line (and output) must fit into 253 bytes.
+ #
+ # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
+- exec
++# exec
+
+ #
+ # The expression module doesn't do authorization,
+@@ -1549,7 +1549,7 @@
+ # listed in any other section. See 'doc/rlm_expr' for
+ # more information.
+ #
+- expr
++# expr
+
+ #
+ # We add the counter module here so that it registers
+@@ -1576,7 +1576,7 @@
+ # 'raddb/huntgroups' files.
+ #
+ # It also adds the %{Client-IP-Address} attribute to the request.
+- preprocess
++# preprocess
+
+ #
+ # If you want to have a log of authentication requests,
+@@ -1589,7 +1589,7 @@
+ #
+ # The chap module will set 'Auth-Type := CHAP' if we are
+ # handling a CHAP request and Auth-Type has not already been set
+- chap
++# chap
+
+ #
+ # If the users are logging in with an MS-CHAP-Challenge
+@@ -1597,7 +1597,7 @@
+ # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
+ # to the request, which will cause the server to then use
+ # the mschap module for authentication.
+- mschap
++# mschap
+
+ #
+ # If you have a Cisco SIP server authenticating against
+@@ -1617,7 +1617,7 @@
+ # Otherwise, when the first style of realm doesn't match,
+ # the other styles won't be checked.
+ #
+- suffix
++# suffix
+ # ntdomain
+
+ #
+@@ -1626,11 +1626,11 @@
+ #
+ # It also sets the EAP-Type attribute in the request
+ # attribute list to the EAP type from the packet.
+- eap
++# eap
+
+ #
+ # Read the 'users' file
+- files
++# files
+
+ #
+ # Look in an SQL database. The schema of the database
+@@ -1684,24 +1684,24 @@
+ # PAP authentication, when a back-end database listed
+ # in the 'authorize' section supplies a password. The
+ # password can be clear-text, or encrypted.
+- Auth-Type PAP {
+- pap
+- }
++# Auth-Type PAP {
++# pap
++# }
+
+ #
+ # Most people want CHAP authentication
+ # A back-end database listed in the 'authorize' section
+ # MUST supply a CLEAR TEXT password. Encrypted passwords
+ # won't work.
+- Auth-Type CHAP {
+- chap
+- }
++# Auth-Type CHAP {
++# chap
++# }
+
+ #
+ # MSCHAP authentication.
+- Auth-Type MS-CHAP {
+- mschap
+- }
++# Auth-Type MS-CHAP {
++# mschap
++# }
+
+ #
+ # If you have a Cisco SIP server authenticating against
+@@ -1719,7 +1719,7 @@
+ # containing CHAP-Password attributes CANNOT be authenticated
+ # against /etc/passwd! See the FAQ for details.
+ #
+- unix
++# unix
+
+ # Uncomment it if you want to use ldap for authentication
+ #
+@@ -1732,7 +1732,7 @@
+
+ #
+ # Allow EAP authentication.
+- eap
++# eap
+ }
+
+
+@@ -1740,12 +1740,12 @@
+ # Pre-accounting. Decide which accounting type to use.
+ #
+ preacct {
+- preprocess
++# preprocess
+
+ #
+ # Ensure that we have a semi-unique identifier for every
+ # request, and many NAS boxes are broken.
+- acct_unique
++# acct_unique
+
+ #
+ # Look for IPASS-style 'realm/', and if not found, look for
+@@ -1755,12 +1755,12 @@
+ # Accounting requests are generally proxied to the same
+ # home server as authentication requests.
+ # IPASS
+- suffix
++# suffix
+ # ntdomain
+
+ #
+ # Read the 'acct_users' file
+- files
++# files
+ }
+
+ #
+@@ -1771,20 +1771,20 @@
+ # Create a 'detail'ed log of the packets.
+ # Note that accounting requests which are proxied
+ # are also logged in the detail file.
+- detail
++# detail
+ # daily
+
+ # Update the wtmp file
+ #
+ # If you don't use "radlast", you can delete this line.
+- unix
++# unix
+
+ #
+ # For Simultaneous-Use tracking.
+ #
+ # Due to packet losses in the network, the data here
+ # may be incorrect. There is little we can do about it.
+- radutmp
++# radutmp
+ # sradutmp
+
+ # Return an address to the IP Pool when we see a stop record.
+@@ -1807,7 +1807,7 @@
+ # or rlm_sql module can handle this.
+ # The rlm_sql module is *much* faster
+ session {
+- radutmp
++# radutmp
+
+ #
+ # See "Simultaneous Use Checking Querie" in sql.conf
+@@ -1904,5 +1904,5 @@
+ # hidden inside of the EAP packet, and the end server will
+ # reject the EAP request.
+ #
+- eap
++# eap
+ }