aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2012-01-02 11:42:21 -0800
committerChris Buechler <cmb@pfsense.org>2012-01-02 11:42:21 -0800
commit311adf199d393466f3d8f0651118e7a770f08c59 (patch)
tree269d75dbf2056999fe00e502e48613dd49a1910f /config/freeradius2
parentefda45c843dcf50b54a9ec8bf1d30b6be9cc8fec (diff)
parent582c04866102a5c8fc30ea83d85261f5c291b3f9 (diff)
downloadpfsense-packages-311adf199d393466f3d8f0651118e7a770f08c59.tar.gz
pfsense-packages-311adf199d393466f3d8f0651118e7a770f08c59.tar.bz2
pfsense-packages-311adf199d393466f3d8f0651118e7a770f08c59.zip
Merge pull request #168 from Nachtfalkeaw/master
freeradius2 updates pkg v1.4.2
Diffstat (limited to 'config/freeradius2')
-rwxr-xr-xconfig/freeradius2/freeradius.inc42
-rwxr-xr-xconfig/freeradius2/freeradius.xml31
-rwxr-xr-xconfig/freeradius2/freeradiusclients.xml4
-rwxr-xr-xconfig/freeradius2/freeradiussettings.xml22
4 files changed, 64 insertions, 35 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 52456822..356f4229 100755
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -137,7 +137,7 @@ function freeradius_settings_resync() {
}
- $conf = <<<EOD
+ $conf .= <<<EOD
prefix = /usr/local
exec_prefix = \${prefix}
sysconfdir = \${prefix}/etc
@@ -330,7 +330,7 @@ if (is_array($arrusers) && !empty($arrusers)) {
$varuserslogintime=$users['varuserslogintime'];
$varusersvlanid=$users['varusersvlanid'];
- // Clear variables for next user foreach additional options
+ // Clear variables for next user foreach additional options TOP
$varuserstopadditionaloptions = '';
$varusersadditionaloptionstop = '';
@@ -341,15 +341,27 @@ if (is_array($arrusers) && !empty($arrusers)) {
}
}
- // Clear variables for next user foreach additional options
- $varusersbottomadditionaloptions = '';
- $varusersadditionaloptionsbottom = '';
+ // Clear variables for next user foreach additional options: CHECK-ITEMS
+ $varuserscheckitemsadditionaloptions = '';
+ $varusersadditionaloptionscheckitems = '';
- if(!empty($users['varusersbottomadditionaloptions'])) {
- $varusersbottomadditionaloptions = explode("|", ($users['varusersbottomadditionaloptions']));
- $varusersadditionaloptionsbottom .= '';
- foreach ($varusersbottomadditionaloptions as $bottomtmp) {
- $varusersadditionaloptionsbottom .= $bottomtmp . "\n\t";
+ if(!empty($users['varuserscheckitemsadditionaloptions'])) {
+ $varuserscheckitemsadditionaloptions = explode("|", ($users['varuserscheckitemsadditionaloptions']));
+ $varusersadditionaloptionscheckitems .= '';
+ foreach ($varuserscheckitemsadditionaloptions as $checkitemtmp) {
+ $varusersadditionaloptionscheckitems .= $checkitemtmp;
+ }
+ }
+
+ // Clear variables for next user foreach additional options: REPLY-ITEMS
+ $varusersreplyitemsadditionaloptions = '';
+ $varusersadditionaloptionsreplyitems = '';
+
+ if(!empty($users['varusersreplyitemsadditionaloptions'])) {
+ $varusersreplyitemsadditionaloptions = explode("|", ($users['varusersreplyitemsadditionaloptions']));
+ $varusersadditionaloptionsreplyitems .= '';
+ foreach ($varusersreplyitemsadditionaloptions as $replyitemtmp) {
+ $varusersadditionaloptionsreplyitems .= $replyitemtmp . "\n\t";
}
}
@@ -370,6 +382,10 @@ if (is_array($arrusers) && !empty($arrusers)) {
if ($varuserslogintime != '') {
$varuserscheckitem .= ", Login-Time := " . '"' . $varuserslogintime . '"';
}
+ if ($varusersadditionaloptionscheckitems != '') {
+ $varuserscheckitem .= ", $varusersadditionaloptionscheckitems";
+ }
+
// Add additional REPLY-ITEMS here. Different formatting in "users" file needed.
if ($varusersframedipaddress != '') {
@@ -392,12 +408,12 @@ if (is_array($arrusers) && !empty($arrusers)) {
if ($varusersreplyitem != '') { $varusersreplyitem .=","; }
$varusersreplyitem .= "\n\tTunnel-Type = VLAN,\n\tTunnel-Medium-Type = IEEE-802,\n\tTunnel-Private-Group-ID = " . '"' . $varusersvlanid . '"';
}
- if ($varusersadditionaloptionsbottom != '') {
+ if ($varusersadditionaloptionsreplyitems != '') {
if ($varusersreplyitem != '') { $varusersreplyitem .=","; }
- $varusersreplyitem .= "\n\t$varusersadditionaloptionsbottom";
+ $varusersreplyitem .= "\n\t$varusersadditionaloptionsreplyitems";
}
- // Cosmetic fix - This is just to make a blank new line after each user entry
+ // Cosmetic fix - This is just to make a blank new line after each user entry
$varusersreplyitem .= "\n\n";
diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index 627506a7..2f37b067 100755
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -213,9 +213,9 @@
<field>
<fielddescr>IP Address</fielddescr>
<fieldname>varusersframedipaddress</fieldname>
- <description><![CDATA[<b>Framed-IP-Address</b> must be supported by NAS.<br>
+ <description><![CDATA[<b>Framed-IP-Address</b> must be supported by NAS.<br><br>
If you want this user to be assigned a specific IP address from radius, enter the IP address here.<br>
- Continuous IP address is available with "+" suffix (e.g. 192.168.1.5+). Could be useful for simultaneous connections.<br>
+ Continuous IP address is available with "+" suffix (e.g. 192.168.1.5+). Could be useful for simultaneous connections.<br><br>
<b>IMPORTANT:</b> You must enter an IP address here if you checked "RADIUS issued IP" on VPN PPTP or VPN PPPoE configuration.]]></description>
<type>input</type>
</field>
@@ -279,27 +279,40 @@
<type>input</type>
</field>
<field>
- <fielddescr>Additional RADIUS Options on the TOP of this entry</fielddescr>
+ <fielddescr>Additional RADIUS Attributes on the TOP of this entry</fielddescr>
<fieldname>varuserstopadditionaloptions</fieldname>
<description><![CDATA[This is for experts only and should be treat with care!<br>
You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br>
- To put a command in a new line use ar vertical bar (|).<br><br>
+ To put a command in a new line use a vertical bar (|).<br><br>
Example: DEFAULT Auth-Type = System<br><br>
<b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br>
- Verify your changes by checking users file (/usr/local/etc/raddb/users).]]></description>
+ Verify your changes by checking users file (View config -> users).]]></description>
<type>textarea</type>
<rows>4</rows>
<cols>75</cols>
</field>
<field>
- <fielddescr>Additional RADIUS Options at the END of this user entry</fielddescr>
- <fieldname>varusersbottomadditionaloptions</fieldname>
+ <fielddescr>Additional RADIUS Attributes (CHECK-ITEM).</fielddescr>
+ <fieldname>varuserscheckitemsadditionaloptions</fieldname>
<description><![CDATA[This is for experts only and should be treat with care!<br>
You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br>
- To put a command in a new line use ar vertical bar (|).<br><br>
+ To put a command in a new line use a vertical bar (|).<br><br>
+ Example: Max-Daily-Session := 36000<br><br>
+ <b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br>
+ Verify your changes by checking users file (View config -> users).]]></description>
+ <type>textarea</type>
+ <rows>4</rows>
+ <cols>75</cols>
+ </field>
+ <field>
+ <fielddescr>Additional RADIUS Attributes (REPLY-ITEM).</fielddescr>
+ <fieldname>varusersreplyitemsadditionaloptions</fieldname>
+ <description><![CDATA[This is for experts only and should be treat with care!<br>
+ You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br>
+ To put a command in a new line use a vertical bar (|).<br><br>
Example: Service-Type == Login-User,|Login-Service == Telnet,|Login-IP-Host == 192.168.1.2<br><br>
<b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br>
- Verify your changes by checking users file (/usr/local/etc/raddb/users).]]></description>
+ Verify your changes by checking users file (View config -> users).]]></description>
<type>textarea</type>
<rows>4</rows>
<cols>75</cols>
diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml
index 61afd4f5..8e5e6b5b 100755
--- a/config/freeradius2/freeradiusclients.xml
+++ b/config/freeradius2/freeradiusclients.xml
@@ -147,7 +147,7 @@
<field>
<fielddescr>Client Shortname</fielddescr>
<fieldname>varclientshortname</fieldname>
- <description><![CDATA[Enter shortname of the client. This is in general the IP of the NAS (switch,accesspoint).]]></description>
+ <description><![CDATA[Enter shortname of the client. This is in general the hostname of the NAS (switch,accesspoint).]]></description>
<type>input</type>
<required/>
</field>
@@ -165,7 +165,7 @@
<field>
<fielddescr>Client Protocol</fielddescr>
<fieldname>varclientproto</fieldname>
- <description><![CDATA[Enter the protocol the client uses. (Default: udp)]]></description>
+ <description><![CDATA[Enter the protocol the client uses. (Default: UDP)]]></description>
<type>select</type>
<default_value>udp</default_value>
<options>
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 34999917..e49aee1a 100755
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -115,17 +115,6 @@
<default_value>5</default_value>
</field>
<field>
- <fielddescr>NAS Hostname Lookup</fielddescr>
- <fieldname>varsettingshostnamelookups</fieldname>
- <description><![CDATA[Log the names of NAS instead of IP addresses. Turning this on can result in lock ups of the RADIUS Server. (Default: no)]]></description>
- <type>select</type>
- <default_value>no</default_value>
- <options>
- <option><name>Disable</name><value>no</value></option>
- <option><name>Enable</name><value>yes</value></option>
- </options>
- </field>
- <field>
<fielddescr>Allow Core Dumps</fielddescr>
<fieldname>varsettingsallowcoredumps</fieldname>
<description><![CDATA[Only turn this on if you need to debug the RADIUS server! (Default: no)]]></description>
@@ -220,6 +209,17 @@
</options>
</field>
<field>
+ <fielddescr>NAS Hostname Lookup</fielddescr>
+ <fieldname>varsettingshostnamelookups</fieldname>
+ <description><![CDATA[Log the names of NAS instead of IP addresses. Turning this on can result in lock ups of the RADIUS Server. (Default: no)]]></description>
+ <type>select</type>
+ <default_value>no</default_value>
+ <options>
+ <option><name>Disable</name><value>no</value></option>
+ <option><name>Enable</name><value>yes</value></option>
+ </options>
+ </field>
+ <field>
<name>SECURITY CONFIGURATION</name>
<type>listtopic</type>
</field>