include $(TOPDIR)/rules.mk
PKG_NAME:=freeradius
-PKG_VERSION:=1.0.3
+PKG_VERSION:=1.0.4
PKG_RELEASE:=1
-PKG_MD5SUM:=7fe6732fa69ff4351f51d69212e89bb6
+PKG_MD5SUM:=edb5c3af6fabeff7b8e1131b6fa33e24
PKG_SOURCE_URL:=ftp://ftp.freeradius.org/pub/radius/ \
http://freeradius.portal-to-web.de/ \
+++ /dev/null
-diff -ruN freeradius-1.0.2-orig/raddb/eap.conf freeradius-1.0.2-2/raddb/eap.conf
---- freeradius-1.0.2-orig/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200
-+++ freeradius-1.0.2-2/raddb/eap.conf 2005-03-13 23:05:13.000000000 +0100
-@@ -72,8 +72,8 @@
- # User-Password, or the NT-Password attributes.
- # 'System' authentication is impossible with LEAP.
- #
-- leap {
-- }
-+# leap {
-+# }
-
- # Generic Token Card.
- #
-@@ -86,7 +86,7 @@
- # the users password will go over the wire in plain-text,
- # for anyone to see.
- #
-- gtc {
-+# gtc {
- # The default challenge, which many clients
- # ignore..
- #challenge = "Password: "
-@@ -103,8 +103,8 @@
- # configured for the request, and do the
- # authentication itself.
- #
-- auth_type = PAP
-- }
-+# auth_type = PAP
-+# }
-
- ## EAP-TLS
- #
-@@ -272,7 +272,7 @@
- # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
- # currently support.
- #
-- mschapv2 {
-- }
-+# mschapv2 {
-+# }
- }
-
-diff -ruN freeradius-1.0.2-orig/raddb/radiusd.conf.in freeradius-1.0.2-2/raddb/radiusd.conf.in
---- freeradius-1.0.2-orig/raddb/radiusd.conf.in 2005-02-07 20:52:05.000000000 +0100
-+++ freeradius-1.0.2-2/raddb/radiusd.conf.in 2005-03-13 23:05:13.000000000 +0100
-@@ -31,13 +31,13 @@
-
- # Location of config and logfiles.
- confdir = ${raddbdir}
--run_dir = ${localstatedir}/run/radiusd
-+run_dir = ${localstatedir}/run
-
- #
- # The logging messages for the server are appended to the
- # tail of this file.
- #
--log_file = ${logdir}/radius.log
-+log_file = ${localstatedir}/log/radiusd.log
-
- #
- # libdir: Where to find the rlm_* modules.
-@@ -353,7 +353,7 @@
- nospace_pass = no
-
- # The program to execute to do concurrency checks.
--checkrad = ${sbindir}/checkrad
-+#checkrad = ${sbindir}/checkrad
-
- # SECURITY CONFIGURATION
- #
-@@ -425,8 +425,8 @@
- #
- # allowed values: {no, yes}
- #
--proxy_requests = yes
--$INCLUDE ${confdir}/proxy.conf
-+proxy_requests = no
-+#$INCLUDE ${confdir}/proxy.conf
-
-
- # CLIENTS CONFIGURATION
-@@ -454,7 +454,7 @@
- # 'snmp' attribute to 'yes'
- #
- snmp = no
--$INCLUDE ${confdir}/snmp.conf
-+#$INCLUDE ${confdir}/snmp.conf
-
-
- # THREAD POOL CONFIGURATION
-@@ -657,7 +657,7 @@
- # For all EAP related authentications.
- # Now in another file, because it is very large.
- #
--$INCLUDE ${confdir}/eap.conf
-+# $INCLUDE ${confdir}/eap.conf
-
- # Microsoft CHAP authentication
- #
-@@ -1034,7 +1034,7 @@
- #
- files {
- usersfile = ${confdir}/users
-- acctusersfile = ${confdir}/acct_users
-+# acctusersfile = ${confdir}/acct_users
-
- # If you want to use the old Cistron 'users' file
- # with FreeRADIUS, you should change the next line
-@@ -1167,7 +1167,7 @@
- # For MS-SQL, use: ${confdir}/mssql.conf
- # For Oracle, use: ${confdir}/oraclesql.conf
- #
-- $INCLUDE ${confdir}/sql.conf
-+# $INCLUDE ${confdir}/sql.conf
-
-
- # For Cisco VoIP specific accounting with Postgresql,
-@@ -1535,7 +1535,7 @@
- # The entire command line (and output) must fit into 253 bytes.
- #
- # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
-- exec
-+# exec
-
- #
- # The expression module doesn't do authorization,
-@@ -1548,7 +1548,7 @@
- # listed in any other section. See 'doc/rlm_expr' for
- # more information.
- #
-- expr
-+# expr
-
- #
- # We add the counter module here so that it registers
-@@ -1575,7 +1575,7 @@
- # 'raddb/huntgroups' files.
- #
- # It also adds the %{Client-IP-Address} attribute to the request.
-- preprocess
-+# preprocess
-
- #
- # If you want to have a log of authentication requests,
-@@ -1588,7 +1588,7 @@
- #
- # The chap module will set 'Auth-Type := CHAP' if we are
- # handling a CHAP request and Auth-Type has not already been set
-- chap
-+# chap
-
- #
- # If the users are logging in with an MS-CHAP-Challenge
-@@ -1596,7 +1596,7 @@
- # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
- # to the request, which will cause the server to then use
- # the mschap module for authentication.
-- mschap
-+# mschap
-
- #
- # If you have a Cisco SIP server authenticating against
-@@ -1616,7 +1616,7 @@
- # Otherwise, when the first style of realm doesn't match,
- # the other styles won't be checked.
- #
-- suffix
-+# suffix
- # ntdomain
-
- #
-@@ -1625,11 +1625,11 @@
- #
- # It also sets the EAP-Type attribute in the request
- # attribute list to the EAP type from the packet.
-- eap
-+# eap
-
- #
- # Read the 'users' file
-- files
-+# files
-
- #
- # Look in an SQL database. The schema of the database
-@@ -1683,24 +1683,24 @@
- # PAP authentication, when a back-end database listed
- # in the 'authorize' section supplies a password. The
- # password can be clear-text, or encrypted.
-- Auth-Type PAP {
-- pap
-- }
-+# Auth-Type PAP {
-+# pap
-+# }
-
- #
- # Most people want CHAP authentication
- # A back-end database listed in the 'authorize' section
- # MUST supply a CLEAR TEXT password. Encrypted passwords
- # won't work.
-- Auth-Type CHAP {
-- chap
-- }
-+# Auth-Type CHAP {
-+# chap
-+# }
-
- #
- # MSCHAP authentication.
-- Auth-Type MS-CHAP {
-- mschap
-- }
-+# Auth-Type MS-CHAP {
-+# mschap
-+# }
-
- #
- # If you have a Cisco SIP server authenticating against
-@@ -1718,7 +1718,7 @@
- # containing CHAP-Password attributes CANNOT be authenticated
- # against /etc/passwd! See the FAQ for details.
- #
-- unix
-+# unix
-
- # Uncomment it if you want to use ldap for authentication
- #
-@@ -1731,7 +1731,7 @@
-
- #
- # Allow EAP authentication.
-- eap
-+# eap
- }
-
-
-@@ -1739,12 +1739,12 @@
- # Pre-accounting. Decide which accounting type to use.
- #
- preacct {
-- preprocess
-+# preprocess
-
- #
- # Ensure that we have a semi-unique identifier for every
- # request, and many NAS boxes are broken.
-- acct_unique
-+# acct_unique
-
- #
- # Look for IPASS-style 'realm/', and if not found, look for
-@@ -1754,12 +1754,12 @@
- # Accounting requests are generally proxied to the same
- # home server as authentication requests.
- # IPASS
-- suffix
-+# suffix
- # ntdomain
-
- #
- # Read the 'acct_users' file
-- files
-+# files
- }
-
- #
-@@ -1770,20 +1770,20 @@
- # Create a 'detail'ed log of the packets.
- # Note that accounting requests which are proxied
- # are also logged in the detail file.
-- detail
-+# detail
- # daily
-
- # Update the wtmp file
- #
- # If you don't use "radlast", you can delete this line.
-- unix
-+# unix
-
- #
- # For Simultaneous-Use tracking.
- #
- # Due to packet losses in the network, the data here
- # may be incorrect. There is little we can do about it.
-- radutmp
-+# radutmp
- # sradutmp
-
- # Return an address to the IP Pool when we see a stop record.
-@@ -1806,7 +1806,7 @@
- # or rlm_sql module can handle this.
- # The rlm_sql module is *much* faster
- session {
-- radutmp
-+# radutmp
-
- #
- # See "Simultaneous Use Checking Querie" in sql.conf
-@@ -1900,5 +1900,5 @@
- # hidden inside of the EAP packet, and the end server will
- # reject the EAP request.
- #
-- eap
-+# eap
- }
--- /dev/null
+diff -ruN freeradius-1.0.4-old/raddb/eap.conf freeradius-1.0.4-new/raddb/eap.conf
+--- freeradius-1.0.4-old/raddb/eap.conf 2004-04-15 20:34:41.000000000 +0200
++++ freeradius-1.0.4-new/raddb/eap.conf 2005-06-18 18:53:06.000000000 +0200
+@@ -72,8 +72,8 @@
+ # User-Password, or the NT-Password attributes.
+ # 'System' authentication is impossible with LEAP.
+ #
+- leap {
+- }
++# leap {
++# }
+
+ # Generic Token Card.
+ #
+@@ -86,7 +86,7 @@
+ # the users password will go over the wire in plain-text,
+ # for anyone to see.
+ #
+- gtc {
++# gtc {
+ # The default challenge, which many clients
+ # ignore..
+ #challenge = "Password: "
+@@ -103,8 +103,8 @@
+ # configured for the request, and do the
+ # authentication itself.
+ #
+- auth_type = PAP
+- }
++# auth_type = PAP
++# }
+
+ ## EAP-TLS
+ #
+@@ -272,7 +272,7 @@
+ # of MS-CHAPv2 in EAP by Cisco, which FreeRADIUS does not
+ # currently support.
+ #
+- mschapv2 {
+- }
++# mschapv2 {
++# }
+ }
+
+diff -ruN freeradius-1.0.4-old/raddb/radiusd.conf.in freeradius-1.0.4-new/raddb/radiusd.conf.in
+--- freeradius-1.0.4-old/raddb/radiusd.conf.in 2005-06-12 00:20:40.000000000 +0200
++++ freeradius-1.0.4-new/raddb/radiusd.conf.in 2005-06-18 18:53:32.000000000 +0200
+@@ -31,13 +31,13 @@
+
+ # Location of config and logfiles.
+ confdir = ${raddbdir}
+-run_dir = ${localstatedir}/run/radiusd
++run_dir = ${localstatedir}/run
+
+ #
+ # The logging messages for the server are appended to the
+ # tail of this file.
+ #
+-log_file = ${logdir}/radius.log
++log_file = ${localstatedir}/log/radiusd.log
+
+ #
+ # libdir: Where to find the rlm_* modules.
+@@ -353,7 +353,7 @@
+ nospace_pass = no
+
+ # The program to execute to do concurrency checks.
+-checkrad = ${sbindir}/checkrad
++#checkrad = ${sbindir}/checkrad
+
+ # SECURITY CONFIGURATION
+ #
+@@ -425,8 +425,8 @@
+ #
+ # allowed values: {no, yes}
+ #
+-proxy_requests = yes
+-$INCLUDE ${confdir}/proxy.conf
++proxy_requests = no
++#$INCLUDE ${confdir}/proxy.conf
+
+
+ # CLIENTS CONFIGURATION
+@@ -454,7 +454,7 @@
+ # 'snmp' attribute to 'yes'
+ #
+ snmp = no
+-$INCLUDE ${confdir}/snmp.conf
++#$INCLUDE ${confdir}/snmp.conf
+
+
+ # THREAD POOL CONFIGURATION
+@@ -657,7 +657,7 @@
+ # For all EAP related authentications.
+ # Now in another file, because it is very large.
+ #
+-$INCLUDE ${confdir}/eap.conf
++# $INCLUDE ${confdir}/eap.conf
+
+ # Microsoft CHAP authentication
+ #
+@@ -1034,8 +1034,8 @@
+ #
+ files {
+ usersfile = ${confdir}/users
+- acctusersfile = ${confdir}/acct_users
+- preproxy_usersfile = ${confdir}/preproxy_users
++# acctusersfile = ${confdir}/acct_users
++# preproxy_usersfile = ${confdir}/preproxy_users
+
+ # If you want to use the old Cistron 'users' file
+ # with FreeRADIUS, you should change the next line
+@@ -1168,7 +1168,7 @@
+ # For MS-SQL, use: ${confdir}/mssql.conf
+ # For Oracle, use: ${confdir}/oraclesql.conf
+ #
+- $INCLUDE ${confdir}/sql.conf
++# $INCLUDE ${confdir}/sql.conf
+
+
+ # For Cisco VoIP specific accounting with Postgresql,
+@@ -1536,7 +1536,7 @@
+ # The entire command line (and output) must fit into 253 bytes.
+ #
+ # e.g. Framed-Pool = `%{exec:/bin/echo foo}`
+- exec
++# exec
+
+ #
+ # The expression module doesn't do authorization,
+@@ -1549,7 +1549,7 @@
+ # listed in any other section. See 'doc/rlm_expr' for
+ # more information.
+ #
+- expr
++# expr
+
+ #
+ # We add the counter module here so that it registers
+@@ -1576,7 +1576,7 @@
+ # 'raddb/huntgroups' files.
+ #
+ # It also adds the %{Client-IP-Address} attribute to the request.
+- preprocess
++# preprocess
+
+ #
+ # If you want to have a log of authentication requests,
+@@ -1589,7 +1589,7 @@
+ #
+ # The chap module will set 'Auth-Type := CHAP' if we are
+ # handling a CHAP request and Auth-Type has not already been set
+- chap
++# chap
+
+ #
+ # If the users are logging in with an MS-CHAP-Challenge
+@@ -1597,7 +1597,7 @@
+ # the MS-CHAP-Challenge attribute, and add 'Auth-Type := MS-CHAP'
+ # to the request, which will cause the server to then use
+ # the mschap module for authentication.
+- mschap
++# mschap
+
+ #
+ # If you have a Cisco SIP server authenticating against
+@@ -1617,7 +1617,7 @@
+ # Otherwise, when the first style of realm doesn't match,
+ # the other styles won't be checked.
+ #
+- suffix
++# suffix
+ # ntdomain
+
+ #
+@@ -1626,11 +1626,11 @@
+ #
+ # It also sets the EAP-Type attribute in the request
+ # attribute list to the EAP type from the packet.
+- eap
++# eap
+
+ #
+ # Read the 'users' file
+- files
++# files
+
+ #
+ # Look in an SQL database. The schema of the database
+@@ -1684,24 +1684,24 @@
+ # PAP authentication, when a back-end database listed
+ # in the 'authorize' section supplies a password. The
+ # password can be clear-text, or encrypted.
+- Auth-Type PAP {
+- pap
+- }
++# Auth-Type PAP {
++# pap
++# }
+
+ #
+ # Most people want CHAP authentication
+ # A back-end database listed in the 'authorize' section
+ # MUST supply a CLEAR TEXT password. Encrypted passwords
+ # won't work.
+- Auth-Type CHAP {
+- chap
+- }
++# Auth-Type CHAP {
++# chap
++# }
+
+ #
+ # MSCHAP authentication.
+- Auth-Type MS-CHAP {
+- mschap
+- }
++# Auth-Type MS-CHAP {
++# mschap
++# }
+
+ #
+ # If you have a Cisco SIP server authenticating against
+@@ -1719,7 +1719,7 @@
+ # containing CHAP-Password attributes CANNOT be authenticated
+ # against /etc/passwd! See the FAQ for details.
+ #
+- unix
++# unix
+
+ # Uncomment it if you want to use ldap for authentication
+ #
+@@ -1732,7 +1732,7 @@
+
+ #
+ # Allow EAP authentication.
+- eap
++# eap
+ }
+
+
+@@ -1740,12 +1740,12 @@
+ # Pre-accounting. Decide which accounting type to use.
+ #
+ preacct {
+- preprocess
++# preprocess
+
+ #
+ # Ensure that we have a semi-unique identifier for every
+ # request, and many NAS boxes are broken.
+- acct_unique
++# acct_unique
+
+ #
+ # Look for IPASS-style 'realm/', and if not found, look for
+@@ -1755,12 +1755,12 @@
+ # Accounting requests are generally proxied to the same
+ # home server as authentication requests.
+ # IPASS
+- suffix
++# suffix
+ # ntdomain
+
+ #
+ # Read the 'acct_users' file
+- files
++# files
+ }
+
+ #
+@@ -1771,20 +1771,20 @@
+ # Create a 'detail'ed log of the packets.
+ # Note that accounting requests which are proxied
+ # are also logged in the detail file.
+- detail
++# detail
+ # daily
+
+ # Update the wtmp file
+ #
+ # If you don't use "radlast", you can delete this line.
+- unix
++# unix
+
+ #
+ # For Simultaneous-Use tracking.
+ #
+ # Due to packet losses in the network, the data here
+ # may be incorrect. There is little we can do about it.
+- radutmp
++# radutmp
+ # sradutmp
+
+ # Return an address to the IP Pool when we see a stop record.
+@@ -1807,7 +1807,7 @@
+ # or rlm_sql module can handle this.
+ # The rlm_sql module is *much* faster
+ session {
+- radutmp
++# radutmp
+
+ #
+ # See "Simultaneous Use Checking Querie" in sql.conf
+@@ -1904,5 +1904,5 @@
+ # hidden inside of the EAP packet, and the end server will
+ # reject the EAP request.
+ #
+- eap
++# eap
+ }
projects / openwrt.git / commitdiff