aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNachtfalke <nachtfalkeaw@web.de>2012-01-08 02:35:30 +0100
committerNachtfalke <nachtfalkeaw@web.de>2012-01-08 02:35:30 +0100
commitca138ce6072599a7c2488bea0826222971f06bfb (patch)
tree69a4969f4c5635974059ebb7f9a185e99300da25
parentcc7ea4608ce03e4a6e271444f6562f78d7099344 (diff)
downloadpfsense-packages-ca138ce6072599a7c2488bea0826222971f06bfb.tar.gz
pfsense-packages-ca138ce6072599a7c2488bea0826222971f06bfb.tar.bz2
pfsense-packages-ca138ce6072599a7c2488bea0826222971f06bfb.zip
- fixed: logging output
- added: activated time correction for NAS which send a start-packet instead of a "start-time" packet. - fixed: changed order of EAP and PLAIN MAC AUTH module to reduce confusion when reading file
-rw-r--r--config/freeradius2/freeradius.inc33
1 files changed, 18 insertions, 15 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 7168f00a..ecf21a5e 100644
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -77,13 +77,13 @@ function freeradius_install_command() {
// creating a backup file of the original policy.conf no matter if user checked this or not
if (!file_exists("/usr/local/etc/raddb/policy.conf.backup")) {
- log_error("FreeRADIUS: Creating backup of the original file to {$filepolicyconfbackup}");
+ log_error("FreeRADIUS: Creating backup of the original file to /usr/local/etc/raddb/policy.conf.backup");
copy("/usr/local/etc/raddb/policy.conf", "/usr/local/etc/raddb/policy.conf.backup");
}
// creating a backup file of the original /modules/files no matter if user checked this or not
if (!file_exists("/usr/local/etc/raddb/files.backup")) {
- log_error("FreeRADIUS: Creating backup of the original file to {$filemodulesfilesbackup}");
+ log_error("FreeRADIUS: Creating backup of the original file to /usr/local/etc/raddb/files.backup");
copy("/usr/local/etc/raddb/modules/files", "/usr/local/etc/raddb/files.backup");
}
@@ -907,20 +907,17 @@ function freeradius_serverdefault_resync() {
// If unchecked we need the normal EAP section.
if (!$varsettings['varsettingsenablemacauth']) {
- $varplainmacauthenable = '';
- $varplainmacauthenable .= "eap {";
- $varplainmacauthenable .= "\n\tok = return";
- $varplainmacauthenable .= "\n\t}";
+ $varplainmacauthenable = '##### AUTHORIZE FOR PLAIN MAC-AUTH IS DISABLED #####';
- $varplainmacpreacctenable = '';
- $varplainmacpreacctenable .= '##### ACCOUNTING FOR PLAIN MAC-AUTH DISABLED #####';
+ $varplainmacpreacctenable = '##### ACCOUNTING FOR PLAIN MAC-AUTH DISABLED #####';
}
// If checked we need to check if it is plain mac or eap
else {
$varplainmacauthenable = '';
- $varplainmacauthenable .= "\t### FIRST check MAC address in authorized_macs and if that fails proceed with other checks below in else-section ###";
- $varplainmacauthenable .= "\n\t# if cleaning up the Calling-Station-Id...";
+ $varplainmacauthenable .= "### FIRST check MAC address in authorized_macs and if that fails proceed with other checks below in else-section ###";
+ $varplainmacauthenable .= "\n\t### if cleaning up the Calling-Station-Id...###";
$varplainmacauthenable .= "\n\trewrite_calling_station_id";
+ $varplainmacauthenable .= "\n\t";
$varplainmacauthenable .= "\n\t# now check against the authorized_macs file";
$varplainmacauthenable .= "\n\tauthorized_macs";
$varplainmacauthenable .= "\n\tif (ok) {";
@@ -1027,6 +1024,10 @@ authorize {
preprocess
#
+ #
+ $varplainmacauthenable
+
+ #
# If you want to have a log of authentication requests,
# un-comment the following line, and the 'detail auth_log'
# section, above.
@@ -1093,8 +1094,11 @@ authorize {
# for the many packets that go back and forth to set up TTLS
# or PEAP. The load on those servers will therefore be reduced.
#
+ #
- $varplainmacauthenable
+ eap {
+ ok = return
+ }
#
# Pull crypt'd passwords from /etc/passwd or /etc/shadow,
@@ -1288,10 +1292,9 @@ preacct {
# The start time is: NOW - delay - session_length
#
-# update request {
-# FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
-# }
-
+ update request {
+ FreeRADIUS-Acct-Session-Start-Time = "%{expr: %l - %{%{Acct-Session-Time}:-0} - %{%{Acct-Delay-Time}:-0}}"
+ }
#
# Ensure that we have a semi-unique identifier for every