diff options
author | Nachtfalke <nachtfalkeaw@web.de> | 2012-01-08 02:35:30 +0100 |
---|---|---|
committer | Nachtfalke <nachtfalkeaw@web.de> | 2012-01-08 02:35:30 +0100 |
commit | ca138ce6072599a7c2488bea0826222971f06bfb (patch) | |
tree | 69a4969f4c5635974059ebb7f9a185e99300da25 | |
parent | cc7ea4608ce03e4a6e271444f6562f78d7099344 (diff) | |
download | pfsense-packages-ca138ce6072599a7c2488bea0826222971f06bfb.tar.gz pfsense-packages-ca138ce6072599a7c2488bea0826222971f06bfb.tar.bz2 pfsense-packages-ca138ce6072599a7c2488bea0826222971f06bfb.zip |
- fixed: logging output
- added: activated time correction for NAS which send a start-packet instead of a "start-time" packet.
- fixed: changed order of EAP and PLAIN MAC AUTH module to reduce confusion when reading file
-rw-r--r-- | config/freeradius2/freeradius.inc | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 7168f00a..ecf21a5e 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -77,13 +77,13 @@ function freeradius_install_command() { // creating a backup file of the original policy.conf no matter if user checked this or not if (!file_exists("/usr/local/etc/raddb/policy.conf.backup")) { - log_error("FreeRADIUS: Creating backup of the original file to {$filepolicyconfbackup}"); + log_error("FreeRADIUS: Creating backup of the original file to /usr/local/etc/raddb/policy.conf.backup"); copy("/usr/local/etc/raddb/policy.conf", "/usr/local/etc/raddb/policy.conf.backup"); } // creating a backup file of the original /modules/files no matter if user checked this or not if (!file_exists("/usr/local/etc/raddb/files.backup")) { - log_error("FreeRADIUS: Creating backup of the original file to {$filemodulesfilesbackup}"); + log_error("FreeRADIUS: Creating backup of the original file to /usr/local/etc/raddb/files.backup"); copy("/usr/local/etc/raddb/modules/files", "/usr/local/etc/raddb/files.backup"); } @@ -907,20 +907,17 @@ function freeradius_serverdefault_resync() { // If unchecked we need the normal EAP section. if (!$varsettings['varsettingsenablemacauth']) { - $varplainmacauthenable = ''; - $varplainmacauthenable .= "eap {"; - $varplainmacauthenable .= "\n\tok = return"; - $varplainmacauthenable .= "\n\t}"; + $varplainmacauthenable = '##### AUTHORIZE FOR PLAIN MAC-AUTH IS DISABLED #####'; - $varplainmacpreacctenable = ''; - $varplainmacpreacctenable .= '##### ACCOUNTING FOR PLAIN MAC-AUTH DISABLED #####'; + $varplainmacpreacctenable = '##### ACCOUNTING FOR PLAIN MAC-AUTH DISABLED #####'; } // If checked we need to check if it is plain mac or eap else { $varplainmacauthenable = ''; - $varplainmacauthenable .= "\t### FIRST check MAC address in authorized_macs and if that fails proceed with other checks below in else-section ###"; - $varplainmacauthenable .= "\n\t# if cleaning up the Calling-Station-Id..."; + $varplainmacauthenable .= "### FIRST check MAC address in authorized_macs and if that fails proceed with other checks below in else-section ###"; + $varplainmacauthenable .= "\n\t### if cleaning up the Calling-Station-Id...###"; $varplainmacauthenable .= "\n\trewrite_calling_station_id"; + $varplainmacauthenable .= "\n\t"; $varplainmacauthenable .= "\n\t# now check against the authorized_macs file"; $varplainmacauthenable .= "\n\tauthorized_macs"; $varplainmacauthenable .= "\n\tif (ok) {"; @@ -1027,6 +1024,10 @@ authorize { preprocess # + # + $varplainmacauthenable + + # # If you want to have a log of authentication requests, # un-comment the following line, and the 'detail auth_log' # section, above. @@ -1093,8 +1094,11 @@ authorize { # for the many packets that go back and forth to set up TTLS # or PEAP. The load on those servers will therefore be reduced. # + # - $varplainmacauthenable + eap { + ok = return + } # # Pull crypt'd passwords from /etc/passwd or /etc/shadow, @@ -1288,10 +1292,9 @@ preacct { # The start time is: NOW - delay - session_length # -# update request { -# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" -# } - + update request { + FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}" + } # # Ensure that we have a semi-unique identifier for every |