1 Index: freeradius-1.1.6/raddb/eap.conf
2 ===================================================================
3 --- freeradius-1.1.6.orig/raddb/eap.conf 2007-07-30 14:17:42.000000000 -0500
4 +++ freeradius-1.1.6/raddb/eap.conf 2007-07-30 14:17:42.000000000 -0500
6 # User-Password, or the NT-Password attributes.
7 # 'System' authentication is impossible with LEAP.
17 # the users password will go over the wire in plain-text,
22 # The default challenge, which many clients
24 #challenge = "Password: "
26 # configured for the request, and do the
27 # authentication itself.
37 # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
46 Index: freeradius-1.1.6/raddb/radiusd.conf.in
47 ===================================================================
48 --- freeradius-1.1.6.orig/raddb/radiusd.conf.in 2007-07-30 14:17:42.000000000 -0500
49 +++ freeradius-1.1.6/raddb/radiusd.conf.in 2007-07-30 14:17:42.000000000 -0500
52 # Location of config and logfiles.
54 -run_dir = ${localstatedir}/run/radiusd
55 +run_dir = ${localstatedir}/run
58 # The logging messages for the server are appended to the
61 -log_file = ${logdir}/radius.log
62 +log_file = ${logdir}/radiusd.log
65 # libdir: Where to find the rlm_* modules.
69 # The program to execute to do concurrency checks.
70 -checkrad = ${sbindir}/checkrad
71 +#checkrad = ${sbindir}/checkrad
73 # SECURITY CONFIGURATION
77 # allowed values: {no, yes}
80 -$INCLUDE ${confdir}/proxy.conf
82 +#$INCLUDE ${confdir}/proxy.conf
85 # CLIENTS CONFIGURATION
87 # 'snmp' attribute to 'yes'
90 -$INCLUDE ${confdir}/snmp.conf
91 +#$INCLUDE ${confdir}/snmp.conf
94 # THREAD POOL CONFIGURATION
96 # For all EAP related authentications.
97 # Now in another file, because it is very large.
99 -$INCLUDE ${confdir}/eap.conf
100 +#$INCLUDE ${confdir}/eap.conf
102 # Microsoft CHAP authentication
104 @@ -1066,8 +1066,8 @@
107 usersfile = ${confdir}/users
108 - acctusersfile = ${confdir}/acct_users
109 - preproxy_usersfile = ${confdir}/preproxy_users
110 +# acctusersfile = ${confdir}/acct_users
111 +# preproxy_usersfile = ${confdir}/preproxy_users
113 # If you want to use the old Cistron 'users' file
114 # with FreeRADIUS, you should change the next line
115 @@ -1253,7 +1253,7 @@
116 # For MS-SQL, use: ${confdir}/mssql.conf
117 # For Oracle, use: ${confdir}/oraclesql.conf
119 - $INCLUDE ${confdir}/sql.conf
120 +# $INCLUDE ${confdir}/sql.conf
123 # For Cisco VoIP specific accounting with Postgresql,
124 @@ -1755,7 +1755,7 @@
125 # The entire command line (and output) must fit into 253 bytes.
127 # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
132 # The expression module doesn't do authorization,
133 @@ -1768,7 +1768,7 @@
134 # listed in any other section. See 'doc/rlm_expr' for
141 # We add the counter module here so that it registers
142 @@ -1795,7 +1795,7 @@
143 # 'raddb/huntgroups' files.
145 # It also adds the %{Client-IP-Address} attribute to the request.
150 # If you want to have a log of authentication requests,
151 @@ -1808,7 +1808,7 @@
153 # The chap module will set 'Auth-Type := CHAP' if we are
154 # handling a CHAP request and Auth-Type has not already been set
159 # If the users are logging in with an MS-CHAP-Challenge
160 @@ -1836,7 +1836,7 @@
161 # Otherwise, when the first style of realm doesn't match,
162 # the other styles won't be checked.
169 @@ -1845,11 +1845,11 @@
171 # It also sets the EAP-Type attribute in the request
172 # attribute list to the EAP type from the packet.
177 # Read the 'users' file
182 # Look in an SQL database. The schema of the database
183 @@ -1908,24 +1908,24 @@
184 # PAP authentication, when a back-end database listed
185 # in the 'authorize' section supplies a password. The
186 # password can be clear-text, or encrypted.
195 # Most people want CHAP authentication
196 # A back-end database listed in the 'authorize' section
197 # MUST supply a CLEAR TEXT password. Encrypted passwords
207 # MSCHAP authentication.
208 - Auth-Type MS-CHAP {
211 +# Auth-Type MS-CHAP {
216 # If you have a Cisco SIP server authenticating against
217 @@ -1943,7 +1943,7 @@
218 # containing CHAP-Password attributes CANNOT be authenticated
219 # against /etc/passwd! See the FAQ for details.
224 # Uncomment it if you want to use ldap for authentication
226 @@ -1956,7 +1956,7 @@
229 # Allow EAP authentication.
235 @@ -1964,12 +1964,12 @@
236 # Pre-accounting. Decide which accounting type to use.
243 # Ensure that we have a semi-unique identifier for every
244 # request, and many NAS boxes are broken.
249 # Look for IPASS-style 'realm/', and if not found, look for
250 @@ -1979,12 +1979,12 @@
251 # Accounting requests are generally proxied to the same
252 # home server as authentication requests.
259 # Read the 'acct_users' file
265 @@ -1995,20 +1995,20 @@
266 # Create a 'detail'ed log of the packets.
267 # Note that accounting requests which are proxied
268 # are also logged in the detail file.
273 # Update the wtmp file
275 # If you don't use "radlast", you can delete this line.
280 # For Simultaneous-Use tracking.
282 # Due to packet losses in the network, the data here
283 # may be incorrect. There is little we can do about it.
288 # Return an address to the IP Pool when we see a stop record.
289 @@ -2036,7 +2036,7 @@
290 # or rlm_sql module can handle this.
291 # The rlm_sql module is *much* faster
297 # See "Simultaneous Use Checking Querie" in sql.conf
298 @@ -2139,5 +2139,5 @@
299 # hidden inside of the EAP packet, and the end server will
300 # reject the EAP request.