aboutsummaryrefslogtreecommitdiffstats
path: root/config
diff options
context:
space:
mode:
authorChris Buechler <cmb@pfsense.org>2011-12-28 14:04:47 -0800
committerChris Buechler <cmb@pfsense.org>2011-12-28 14:04:47 -0800
commit5516aa102df93816dff4bab5a9ddd67a72710c00 (patch)
tree4477c3bdd851a718c645df7f7e32f4d54a15959e /config
parent54cc1ac21a9e89a496800bb521ca7d485929cc95 (diff)
parentfda35a3ca21e8a41d88b3e04416d889555b1492a (diff)
downloadpfsense-packages-5516aa102df93816dff4bab5a9ddd67a72710c00.tar.gz
pfsense-packages-5516aa102df93816dff4bab5a9ddd67a72710c00.tar.bz2
pfsense-packages-5516aa102df93816dff4bab5a9ddd67a72710c00.zip
Merge pull request #160 from Nachtfalkeaw/master
freeradius2 updates
Diffstat (limited to 'config')
-rwxr-xr-xconfig/freeradius2/freeradius.inc277
-rw-r--r--config/freeradius2/freeradius.xml95
-rw-r--r--config/freeradius2/freeradiuscerts.xml59
-rw-r--r--config/freeradius2/freeradiusclients.xml57
-rw-r--r--config/freeradius2/freeradiuseapconf.xml59
-rw-r--r--config/freeradius2/freeradiusinterfaces.xml57
-rw-r--r--config/freeradius2/freeradiussettings.xml63
-rw-r--r--config/freeradius2/freeradiussqlconf.xml123
8 files changed, 451 insertions, 339 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc
index 9409553b..c4edf183 100755
--- a/config/freeradius2/freeradius.inc
+++ b/config/freeradius2/freeradius.inc
@@ -49,20 +49,20 @@ function freeradius_settings_resync() {
$varsettings = $config['installedpackages']['freeradiussettings']['config'][0];
// Variables: General configuration
- $varsettingsmaxrequesttime = ($varsettings['varsettingsmaxrequesttime']?$varsettings['varsettingsmaxrequesttime']:'1024');
- $varsettingscleanupdelay = ($varsettings['varsettingscleanupdelay']?$varsettings['varsettingscleanupdelay']:'30');
- $varsettingsmaxrequests = ($varsettings['varsettingsmaxrequests']?$varsettings['varsettingsmaxrequests']:'5');
- $varsettingslogdir = ($varsettings['varsettingslogdir']?$varsettings['varsettingslogdir']:'no');
- $varsettingsstrippednames = ($varsettings['varsettingsstrippednames']?$varsettings['varsettingsstrippednames']:'no');
+ $varsettingsmaxrequests = ($varsettings['varsettingsmaxrequests']?$varsettings['varsettingsmaxrequests']:'1024');
+ $varsettingsmaxrequesttime = ($varsettings['varsettingsmaxrequesttime']?$varsettings['varsettingsmaxrequesttime']:'30');
+ $varsettingscleanupdelay = ($varsettings['varsettingscleanupdelay']?$varsettings['varsettingscleanupdelay']:'5');
+ $varsettingshostnamelookups = ($varsettings['varsettingshostnamelookups']?$varsettings['varsettingshostnamelookups']:'no');
+ $varsettingsallowcoredumps = ($varsettings['varsettingsallowcoredumps']?$varsettings['varsettingsallowcoredumps']:'no');
+ $varsettingsregularexpressions = ($varsettings['varsettingsregularexpressions']?$varsettings['varsettingsregularexpressions']:'yes');
+ $varsettingsextendedexpressions = ($varsettings['varsettingsextendedexpressions']?$varsettings['varsettingsextendedexpressions']:'yes');
// Variables: Logging options
+ $varsettingslogdir = ($varsettings['varsettingslogdir']?$varsettings['varsettingslogdir']:'syslog');
$varsettingsauth = ($varsettings['varsettingsauth']?$varsettings['varsettingsauth']:'yes');
- $varsettingsauthbadpass = ($varsettings['varsettingsauthbadpass']?$varsettings['varsettingsauthbadpass']:'yes');
- $varsettingsauthgoodpass = ($varsettings['varsettingsauthgoodpass']?$varsettings['varsettingsauthgoodpass']:'files');
- $varsettingshostnamelookups = ($varsettings['varsettingshostnamelookups']?$varsettings['varsettingshostnamelookups']:'no');
- $varsettingsallowcoredumps = ($varsettings['varsettingsallowcoredumps']?$varsettings['varsettingsallowcoredumps']:'no');
- $varsettingsregularexpressions = ($varsettings['varsettingsregularexpressions']?$varsettings['varsettingsregularexpressions']:'no');
- $varsettingsextendedexpressions = ($varsettings['varsettingsextendedexpressions']?$varsettings['varsettingsextendedexpressions']:'no');
+ $varsettingsauthbadpass = ($varsettings['varsettingsauthbadpass']?$varsettings['varsettingsauthbadpass']:'no');
+ $varsettingsauthgoodpass = ($varsettings['varsettingsauthgoodpass']?$varsettings['varsettingsauthgoodpass']:'no');
+ $varsettingsstrippednames = ($varsettings['varsettingsstrippednames']?$varsettings['varsettingsstrippednames']:'no');
// Variables: Security
$varsettingsmaxattributes = ($varsettings['varsettingsmaxattributes']?$varsettings['varsettingsmaxattributes']:'200');
@@ -76,12 +76,24 @@ function freeradius_settings_resync() {
$varsettingsmaxqueuesize = ($varsettings['varsettingsmaxqueuesize']?$varsettings['varsettingsmaxqueuesize']:'65536');
$varsettingsmaxrequestsperserver = ($varsettings['varsettingsmaxrequestsperserver']?$varsettings['varsettingsmaxrequestsperserver']:'0');
- // These lines are uncommented in fuction "freeradius_settings_resync" to INCLUDE / enable eap.conf
+ // For more details look at "freeradius_sqlconf_resync"
$sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0];
- $varsqlconfenable = ($sqlconf['varsqlconfenable']?$sqlconf['varsqlconfenable']:'#\$INCLUDE sql.conf');
- $varsqlconfenablecounter = ($sqlconf['varsqlconfenablecounter']?$sqlconf['varsqlconfenablecounter']:'#\$INCLUDE sql/mysql/counter.conf');
-
+ $varsqlconfincludeenable = ($sqlconf['varsqlconfincludeenable']?$sqlconf['varsqlconfincludeenable']:'Disable');
+
+ // Dis-/Enable SQL in "instatiate" section in "freeradius_settings_resync" and radiusd.conf
+ if ($sqlconf['varsqlconfincludeenable'] == 'Enable') {
+ $varsqlconfinclude = '\$INCLUDE sql.conf';
+ $varsqlconfincludecounter = '\$INCLUDE sql/mysql/counter.conf';
+ $varsqlconfinstantiate = 'sql';
+ }
+
+ if ($sqlconf['varsqlconfincludeenable'] == 'Disable') {
+ $varsqlconfinclude = '#\$INCLUDE sql.conf';
+ $varsqlconfincludecounter = '#\$INCLUDE sql/mysql/counter.conf';
+ $varsqlconfinstantiate = '#sql';
+ }
+
$conf = <<<EOD
prefix = /usr/local
@@ -214,19 +226,12 @@ thread pool {
modules {
\$INCLUDE \${confdir}/modules/
\$INCLUDE eap.conf
+ ### Dis-/Enable sql.conf INCLUDE
+ $varsqlconfinclude
- ### Original line
- ### Enable sql.conf INCLUDE
- ###\$INCLUDE sql.conf
- $varsqlconfenable
-
-
- ### Original line
- ### Enable sql/mysql/counter.conf INCLUDE
- #\$INCLUDE sql/mysql/counter.conf
- $varsqlconfenablecounter
-
-
+ ### Dis-/Enable sql/mysql/counter.conf INCLUDE
+ $varsqlconfincludecounter
+
#\$INCLUDE sqlippool.conf
}
@@ -237,10 +242,8 @@ instantiate {
#daily
expiration
logintime
- #redundant redundant_sql {
- # sql1
- # sql2
- #}
+ ### Dis-/Enable sql instatiate
+ $varsqlconfinstantiate
}
\$INCLUDE policy.conf
\$INCLUDE sites-enabled/
@@ -258,61 +261,96 @@ function freeradius_users_resync() {
global $config;
$conf = '';
-$users = $config['installedpackages']['freeradius']['config'];
-if (is_array($users) && !empty($users)) {
-foreach ($users as $user) {
-$username = $user['username'];
-$password = $user['password'];
-$multiconnect = $user['multiconnect'];
-$ip = $user['ip'];
-$subnetmask = $user['subnetmask'];
-$gateway = $user['gateway'];
-$userexpiration=$user['expiration'];
-$sessiontime=$user['sessiontime'];
-$onlinetime=$user['onlinetime'];
-$vlanid=$user['vlanid'];
-$additionaloptions=$user['additionaloptions'];
-$atrib='';
-$head="$username Cleartext-Password := ".'"'.$password.'"';
- if ($multiconnect <> '') {
- $head .=", Simultaneous-Use := $multiconnect";
- }
- if ($userexpiration <> '') {
- $head .=", Expiration := ".'"'.$userexpiration.'"';
- }
- if ($subnetmask<> '') {
- $head .=", Framed-IP-Netmask = $subnetmask";
- }
- if ($gateway<> '') {
- $head .=", Framed-Route = $gateway";
- }
- if ($onlinetime <> '') {
- $head .=", Login-Time := ". '"' . $onlinetime .'"';
- }
- if ($ip <> '') {
- if ($atrib <> '') { $atrib .=","; }
- $atrib .="\r\n\tFramed-IP-Address = $ip";
- }
- if ($sessiontime <> '') {
- if ($atrib <> '') { $atrib .=","; }
- $atrib .="\r\n\tSession-Timeout := $sessiontime";
- }
- if ($vlanid <> '') {
- if ($atrib <> '') { $atrib .=","; }
- $atrib .="\r\n\tTunnel-Type = VLAN,\r\n\tTunnel-Medium-Type = IEEE-802,\r\n\tTunnel-Private-Group-ID = \"$vlanid\"";
- }
- if ($additionaloptions <> '') {
- if ($atrib <> '') { $atrib .=","; }
- $atrib .="\r\n\t$additionaloptions";
- }
-
- $conf .= <<<EOD
-$head
-$atrib
+// Empty variables
+
+$arrusers = $config['installedpackages']['freeradius']['config'];
+
+if (is_array($arrusers) && !empty($arrusers)) {
+ foreach ($arrusers as $users) {
+
+ // Variables for users file defined parameters
+ $varusersusername = $users['varusersusername'];
+ $varuserspassword = $users['varuserspassword'];
+ $varuserssimultaneousconnect = ($users['varuserssimultaneousconnect']?$users['varuserssimultaneousconnect']:'1');
+ $varusersframedipaddress = $users['varusersframedipaddress'];
+ $varusersframedipnetmask = $users['varusersframedipnetmask'];
+ $varusersframedroute = $users['varusersframedroute'];
+ $varusersexpiration=$users['varusersexpiration'];
+ $varuserssessiontimeout=$users['varuserssessiontimeout'];
+ $varuserslogintime=$users['varuserslogintime'];
+ $varusersvlanid=$users['varusersvlanid'];
+
+ // Clear variables for next user foreach additional options
+ $varuserstopadditionaloptions = '';
+ $varusersadditionaloptionstop = '';
+
+
+ if(!empty($users['varuserstopadditionaloptions'])) {
+ $varuserstopadditionaloptions = explode("|", ($users['varuserstopadditionaloptions']));
+ foreach ($varuserstopadditionaloptions as $toptmp) {
+ $varusersadditionaloptionstop .= $toptmp . "\n";
+ }
+ }
+
+ // Clear variables for next user foreach additional options
+ $varusersbottomadditionaloptions = '';
+ $varusersadditionaloptionsbottom = '';
+
+ if(!empty($users['varusersbottomadditionaloptions'])) {
+ $varusersbottomadditionaloptions = explode("|", ($users['varusersbottomadditionaloptions']));
+ $varusersadditionaloptionsbottom .= '';
+ foreach ($varusersbottomadditionaloptions as $bottomtmp) {
+ $varusersadditionaloptionsbottom .= $bottomtmp . "\n\t";
+ }
+ }
+
+
+
+ // Empty variable
+ $varusersmainoptions = '';
+
+ // Add the user attributes to each user.
+ $varusersmainoptions = '"' . $varusersusername . '"' . " Cleartext-Password := " . '"' . $varuserspassword .'"';
+
+ if ($varuserssimultaneousconnect != '') {
+ $varusersmainoptions .= "\n\tSimultaneous-Use := $varuserssimultaneousconnect";
+ }
+ if ($varusersexpiration != '') {
+ $varusersmainoptions .= ",\n\tExpiration := " . '"' . $varusersexpiration . '"';
+ }
+ if ($varuserslogintime != '') {
+ $varusersmainoptions .= ",\n\tLogin-Time := " . '"' . $varuserslogintime . '"';
+ }
+ if ($varuserssessiontimeout != '') {
+ $varusersmainoptions .= ",\n\tSession-Timeout := $varuserssessiontimeout";
+ }
+ if ($varusersframedipaddress != '') {
+ $varusersmainoptions .= ",\n\tFramed-IP-Address = $varusersframedipaddress";
+ }
+ if ($varusersframedipnetmask != '') {
+ $varusersmainoptions .= ",\n\tFramed-IP-Netmask = $varusersframedipnetmask";
+ }
+ if ($varusersframedroute != '') {
+ $varusersmainoptions .= ",\n\tFramed-Route = " . '"' . $varusersframedroute . '"';
+ }
+ if ($varusersvlanid != '') {
+ $varusersmainoptions .= ",\n\tTunnel-Type = VLAN,\n\tTunnel-Medium-Type = IEEE-802,\n\tTunnel-Private-Group-ID = " . '"' . $varusersvlanid . '"';
+ }
+ if ($varusersadditionaloptionsbottom != '') {
+ $varusersmainoptions .= ",\n\t$varusersadditionaloptionsbottom";
+ }
+ // Cosmetic fix - This is just to make a blank new line after each user entry
+ $varusersmainoptions .= "\n\n";
+
+
+ $conf .= <<<EOD
+$varusersadditionaloptionstop
+$varusersmainoptions
EOD;
-}
-}
+ } //end foreach
+} // end if
+
$filename = RADDB . '/users';
conf_mount_rw();
file_put_contents($filename, $conf);
@@ -463,6 +501,9 @@ if ($vareapconfchoosecertmanager == 'pfsensecertmgr') {
$vareapconfprivatekeyfile = 'server_key.pem';
$vareapconfcertificatefile = 'server_cert.pem';
$vareapconfcafile = 'ca_cert.pem';
+ // generate new DH and RANDOM file
+ exec("cd /usr/local/etc/raddb/certs && openssl dhparam -out dh 1024");
+ exec("cd /usr/local/etc/raddb/certs && dd if=/dev/urandom of=./random count=10");
}
// This is for freeradius cert manager
@@ -624,11 +665,7 @@ function freeradius_sqlconf_resync() {
$varsqlconfreadclients = ($sqlconf['varsqlconfreadclients']?$sqlconf['varsqlconfreadclients']:'yes');
$varsqlconfnastable = ($sqlconf['varsqlconfnastable']?$sqlconf['varsqlconfnastable']:'nas');
- // These lines are uncommented in fuction "freeradius_settings_resync" to INCLUDE / enable eap.conf
- // $sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0];
- // $varsqlconfenable = ($sqlconf['varsqlconfenable']?$sqlconf['varsqlconfenable']:'#\$INCLUDE sql.conf');
- // $varsqlconfenablecounter = ($sqlconf['varsqlconfenablecounter']?$sqlconf['varsqlconfenablecounter']:'#\$INCLUDE sql/mysql/counter.conf');
-
+ // For more information look at "freeradius_settings_resync"
$conf .= <<<EOD
@@ -676,6 +713,55 @@ function freeradius_serverdefault_resync() {
global $config;
$conf = '';
+ // Get Variables from freeradiussqlconf.xml
+ $sqlconf = $config['installedpackages']['freeradiussqlconf']['config'][0];
+ $varsqlconfenableauthorize = ($sqlconf['varsqlconfenableauthorize']?$sqlconf['varsqlconfenableauthorize']:'Disable');
+ $varsqlconfenableaccounting = ($sqlconf['varsqlconfenableaccounting']?$sqlconf['varsqlconfenableaccounting']:'Disable');
+ $varsqlconfenablesession = ($sqlconf['varsqlconfenablesession']?$sqlconf['varsqlconfenablesession']:'Disable');
+ $varsqlconfenablepostauth = ($sqlconf['varsqlconfenablepostauth']?$sqlconf['varsqlconfenablepostauth']:'Disable');
+
+
+ // Disable all sql sections if sql is global disabled
+ // if ($sqlconf['varsqlconfincludeenable'] == 'Disable') {
+ // $varsqlconfauthorize = '#sql';
+ // $varsqlconfaccounting = '#sql';
+ // $varsqlconfsession = 'radutmp';
+ // $varsqlconfpostauth = '#sql';
+ // }
+
+ // authorize section
+ if (($sqlconf['varsqlconfincludeenable'] == 'Enable') && ($sqlconf['varsqlconfenableauthorize'] == 'Enable')) {
+ $varsqlconfauthorize = 'sql';
+ }
+ else {
+ $varsqlconfauthorize = '#sql';
+ }
+
+ // accounting section
+ if (($sqlconf['varsqlconfincludeenable'] == 'Enable') && ($sqlconf['varsqlconfenableaccounting'] == 'Enable')) {
+ $varsqlconfaccounting = 'sql';
+ }
+ else {
+ $varsqlconfaccounting = '#sql';
+ }
+
+ // session section
+ if (($sqlconf['varsqlconfincludeenable'] == 'Enable') && ($sqlconf['varsqlconfenablesession'] == 'Enable')) {
+ $varsqlconfsession = 'sql';
+ }
+ else {
+ $varsqlconfsession = 'radutmp';
+ }
+
+ // post-auth section
+ if (($sqlconf['varsqlconfincludeenable'] == 'Enable') && ($sqlconf['varsqlconfenablepostauth'] == 'Enable')) {
+ $varsqlconfpostauth = 'sql';
+ }
+ else {
+ $varsqlconfpostauth = '#sql';
+ }
+
+
$conf .= <<<EOD
######################################################################
@@ -854,7 +940,7 @@ authorize {
# is meant to mirror the "users" file.
#
# See "Authorization Queries" in sql.conf
-# sql
+ $varsqlconfauthorize
#
# If you are using /etc/smbpasswd, and are also doing
@@ -1083,7 +1169,7 @@ accounting {
# Log traffic to an SQL database.
#
# See "Accounting queries" in sql.conf
-# sql
+ $varsqlconfaccounting
#
# If you receive stop packets with zero session length,
@@ -1127,11 +1213,8 @@ accounting {
# or rlm_sql module can handle this.
# The rlm_sql module is *much* faster
session {
- radutmp
-
- #
- # See "Simultaneous Use Checking Queries" in sql.conf
-# sql
+ ### choose radutmp or sql
+ $varsqlconfsession
}
@@ -1152,7 +1235,7 @@ post-auth {
# After authenticating the user, do another SQL query.
#
# See "Authentication Logging Queries" in sql.conf
-# sql
+ $varsqlconfpostauth
#
# Instead of sending the query to the SQL server,
diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index e55720ac..d6ecd41d 100644
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -9,7 +9,7 @@
/*
freeradius.xml
part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
+ Copyright (C) 2011 - 2012 to Alexander Wilke <nachtfalkeaw@web.de>
All rights reserved.
Based on m0n0wall (http://m0n0.ch/wall)
@@ -40,9 +40,7 @@
POSSIBILITY OF SUCH DAMAGE.
*/
/* ========================================================================== */
-]]>
-
- </copyright>
+]]> </copyright>
<description><![CDATA[Describe your package here]]></description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
@@ -141,7 +139,7 @@
<adddeleteeditpagefields>
<columnitem>
<fielddescr>Username</fielddescr>
- <fieldname>username</fieldname>
+ <fieldname>varusersusername</fieldname>
</columnitem>
<columnitem>
<fielddescr>Description</fielddescr>
@@ -149,31 +147,27 @@
</columnitem>
<columnitem>
<fielddescr>IP Address</fielddescr>
- <fieldname>ip</fieldname>
- </columnitem>
- <columnitem>
- <fielddescr>Subnet Mask</fielddescr>
- <fieldname>subnetmask</fieldname>
+ <fieldname>varusersframedipaddress</fieldname>
</columnitem>
<columnitem>
<fielddescr>Simultaneous Connections</fielddescr>
- <fieldname>multiconnect</fieldname>
+ <fieldname>varuserssimultaneousconnect</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Expiration Time</fielddescr>
- <fieldname>expiration</fieldname>
+ <fielddescr>Expiration Date</fielddescr>
+ <fieldname>varusersexpiration</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Session Time</fielddescr>
- <fieldname>sessiontime</fieldname>
+ <fielddescr>Session Timeout</fielddescr>
+ <fieldname>varuserssessiontimeout</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Online Time</fielddescr>
- <fieldname>onlinetime</fieldname>
+ <fielddescr>Possible Login Times</fielddescr>
+ <fieldname>varuserslogintime</fieldname>
</columnitem>
<columnitem>
<fielddescr>VLAN ID</fielddescr>
- <fieldname>vlanid</fieldname>
+ <fieldname>varusersvlanid</fieldname>
</columnitem>
</adddeleteeditpagefields>
<fields>
@@ -183,22 +177,23 @@
</field>
<field>
<fielddescr>Username</fielddescr>
- <fieldname>username</fieldname>
- <description><![CDATA[Enter the username.]]></description>
+ <fieldname>varusersusername</fieldname>
+ <description><![CDATA[Enter the username. Whitespace is possible.]]></description>
<type>input</type>
<required/>
</field>
<field>
<fielddescr>Password</fielddescr>
- <fieldname>password</fieldname>
+ <fieldname>varuserspassword</fieldname>
<description><![CDATA[Enter the password for this username.]]></description>
<type>password</type>
<required/>
</field>
<field>
<fielddescr>Number of simultaneous connections</fielddescr>
- <fieldname>multiconnect</fieldname>
- <description><![CDATA[The maximum of simultaneous connections with this username.]]></description>
+ <fieldname>varuserssimultaneousconnect</fieldname>
+ <description><![CDATA[The maximum of simultaneous connections with this username. (Default: 1)]]></description>
+ <default_value>1</default_value>
<required/>
<type>input</type>
</field>
@@ -208,7 +203,7 @@
</field>
<field>
<fielddescr>IP Address</fielddescr>
- <fieldname>ip</fieldname>
+ <fieldname>varusersframedipaddress</fieldname>
<description><![CDATA[<b>Framed-IP-Address</b> must be supported by NAS.<br>
If you want this user to be assigned a specific IP address from radius, enter the IP address here.<br>
Continuous IP address is available with "+" suffix (e.g. 192.168.1.5+). Could be useful for simultaneous connections.<br>
@@ -217,26 +212,26 @@
</field>
<field>
<fielddescr>Subnet Mask</fielddescr>
- <fieldname>subnetmask</fieldname>
+ <fieldname>varusersframedipnetmask</fieldname>
<description><![CDATA[<b>Framed-IP-Netmask</b> must be supported by NAS. (e.g. 255.255.255.0)]]></description>
<type>input</type>
</field>
<field>
<fielddescr>Gateway</fielddescr>
- <fieldname>gateway</fieldname>
+ <fieldname>varusersframedroute</fieldname>
<description><![CDATA[<b>Framed-Route</b> must be supported by NAS. Format is: Subnet Gateway Metric (e.g. 192.168.10.0 192.168.10.1 1).]]></description>
<type>input</type>
</field>
<field>
<fielddescr>VLAN ID</fielddescr>
- <fieldname>vlanid</fieldname>
- <description><![CDATA[
- Enter the VLAN ID (integer from 1-4095) or the VLAN name that this username should be assigned to.<br>
- Must be supported by the NAS.<br>
- This setting can be used for a NAS that supports the following RADIUS parameters:<br><br>
- Tunnel-Type = VLAN<br>
- Tunnel-Medium-Type = IEEE-802<br>
- Tunnel-Private-Group-ID = "<b>THIS IS YOUR INPUT</b>"]]></description>
+ <fieldname>varusersvlanid</fieldname>
+ <description><![CDATA[Enter the VLAN ID (integer from 1-4095) or the VLAN name that this username should be assigned to.<br>
+ Must be supported by the NAS.<br>
+ This setting can be used for a NAS that supports the following RADIUS parameters:<br><br>
+
+ Tunnel-Type = VLAN<br>
+ Tunnel-Medium-Type = IEEE-802<br>
+ Tunnel-Private-Group-ID = "<b>THIS IS YOUR INPUT</b>"]]></description>
<type>input</type>
</field>
<field>
@@ -244,20 +239,20 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Expiration Time</fielddescr>
- <fieldname>expiration</fieldname>
+ <fielddescr>Expiration Date</fielddescr>
+ <fieldname>varusersexpiration</fieldname>
<description><![CDATA[Enter the date when this account should expire. Format is: Mmm dd yyyy (e.g. Jan 01 2012).]]></description>
<type>input</type>
</field>
<field>
- <fielddescr>Session Time</fielddescr>
- <fieldname>sessiontime</fieldname>
+ <fielddescr>Session Timeout</fielddescr>
+ <fieldname>varuserssessiontimeout</fieldname>
<description><![CDATA[Enter the time this user has until relogin in seconds.]]></description>
<type>input</type>
</field>
<field>
- <fielddescr>Online time</fielddescr>
- <fieldname>onlinetime</fieldname>
+ <fielddescr>Possible Login Times</fielddescr>
+ <fieldname>varuserslogintime</fieldname>
<description><![CDATA[Enter the time when this user should have access. If no time is entered it means "always".<br>
Every time string contains a day (Mo,Tu,We,Th,Fr,Sa,Su) or all weekdays which is from monday till friday (Wk).<br><br>
<b>Wk0855-2305,Sa,Su2230-0230</b><br><br>
@@ -275,25 +270,29 @@
<type>input</type>
</field>
<field>
- <fielddescr>Additional RADIUS Options</fielddescr>
- <fieldname>additionaloptions</fieldname>
+ <fielddescr>Additional RADIUS Options on the TOP of this entry</fielddescr>
+ <fieldname>varuserstopadditionaloptions</fieldname>
<description><![CDATA[This is for experts only and should be treat with care!<br>
- You may append (after all options from above) custom RADIUS options to this user account (separated by commas).<br>
+ You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br>
+ To put a command in a new line use ar vertical bar (|).<br><br>
+ Example: DEFAULT Auth-Type = System<br><br>
<b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br>
Verify your changes by checking users file (/usr/local/etc/raddb/users).]]></description>
<type>textarea</type>
- <rows>10</rows>
+ <rows>4</rows>
<cols>75</cols>
</field>
<field>
- <fielddescr>Output</fielddescr>
- <fieldname>usersoutput</fieldname>
+ <fielddescr>Additional RADIUS Options at the END of this user entry</fielddescr>
+ <fieldname>varusersbottomadditionaloptions</fieldname>
<description><![CDATA[This is for experts only and should be treat with care!<br>
- You may append (after all options from above) custom RADIUS options to this user account (separated by commas).<br>
+ You may append custom RADIUS options to this user account. If the syntax needs it, you have to set quotes and commas.<br>
+ To put a command in a new line use ar vertical bar (|).<br><br>
+ Example: Service-Type == Login-User,|Login-Service == Telnet,|Login-IP-Host == 192.168.1.2<br><br>
<b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br>
Verify your changes by checking users file (/usr/local/etc/raddb/users).]]></description>
<type>textarea</type>
- <rows>10</rows>
+ <rows>4</rows>
<cols>75</cols>
</field>
</fields>
diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml
index 9cdf656a..27ab3753 100644
--- a/config/freeradius2/freeradiuscerts.xml
+++ b/config/freeradius2/freeradiuscerts.xml
@@ -2,46 +2,45 @@
<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
<packagegui>
- <copyright>
- <![CDATA[
+ <copyright>
+<![CDATA[
/* $Id$ */
/* ========================================================================== */
/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
+ freeradiuscerts.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2011 - 2012 to Alexander Wilke <nachtfalkeaw@web.de>
+ All rights reserved.
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
/* ========================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* ========================================================================== */
- ]]>
- </copyright>
+]]> </copyright>
<description><![CDATA[Describe your package here]]></description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml
index 1e72cf2b..c9562ab4 100644
--- a/config/freeradius2/freeradiusclients.xml
+++ b/config/freeradius2/freeradiusclients.xml
@@ -3,45 +3,44 @@
<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
<packagegui>
<copyright>
- <![CDATA[
+<![CDATA[
/* $Id$ */
/* ========================================================================== */
/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
+ freeradiusclients.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2011 - 2012 to Alexander Wilke <nachtfalkeaw@web.de>
+ All rights reserved.
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
/* ========================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* ========================================================================== */
- ]]>
- </copyright>
+]]> </copyright>
<description><![CDATA[Describe your package here]]></description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml
index 495a61ee..5722ba50 100644
--- a/config/freeradius2/freeradiuseapconf.xml
+++ b/config/freeradius2/freeradiuseapconf.xml
@@ -2,46 +2,45 @@
<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
<packagegui>
- <copyright>
- <![CDATA[
+ <copyright>
+<![CDATA[
/* $Id$ */
/* ========================================================================== */
/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
+ freeradiuseapconf.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2011 - 2012 to Alexander Wilke <nachtfalkeaw@web.de>
+ All rights reserved.
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
/* ========================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* ========================================================================== */
- ]]>
- </copyright>
+]]> </copyright>
<description><![CDATA[Describe your package here]]></description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml
index 0bebf057..1697e5ca 100644
--- a/config/freeradius2/freeradiusinterfaces.xml
+++ b/config/freeradius2/freeradiusinterfaces.xml
@@ -3,45 +3,44 @@
<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
<packagegui>
<copyright>
- <![CDATA[
+<![CDATA[
/* $Id$ */
/* ========================================================================== */
/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
+ freeradiusinterfaces.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2011 - 2012 to Alexander Wilke <nachtfalkeaw@web.de>
+ All rights reserved.
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
/* ========================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* ========================================================================== */
- ]]>
- </copyright>
+]]> </copyright>
<description><![CDATA[Describe your package here]]></description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 689e4b16..7becfed3 100644
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -2,46 +2,45 @@
<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
<packagegui>
- <copyright>
- <![CDATA[
+ <copyright>
+<![CDATA[
/* $Id$ */
/* ========================================================================== */
/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
+ freeradiussettings.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2011 - 2012 to Alexander Wilke <nachtfalkeaw@web.de>
+ All rights reserved.
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
/* ========================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* ========================================================================== */
- ]]>
- </copyright>
+]]> </copyright>
<description><![CDATA[Describe your package here]]></description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
@@ -164,7 +163,7 @@
<fieldname>varsettingslogdir</fieldname>
<description><![CDATA[Choose the destination where freeRADIUS should log. Logging must be enabled.(Default: radius.log)]]></description>
<type>select</type>
- <default_value>files</default_value>
+ <default_value>syslog</default_value>
<options>
<option><name>/var/log/radius.log</name><value>files</value></option>
<option><name>System Logs -> System</name><value>syslog</value></option>
@@ -177,7 +176,7 @@
<fieldname>varsettingsauth</fieldname>
<description><![CDATA[Choose if you want to enable logging. (Default: Disabled)]]></description>
<type>select</type>
- <default_value>no</default_value>
+ <default_value>yes</default_value>
<options>
<option><name>Disable</name><value>no</value></option>
<option><name>Enable</name><value>yes</value></option>
diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml
index fa4f99e0..82d0b4e1 100644
--- a/config/freeradius2/freeradiussqlconf.xml
+++ b/config/freeradius2/freeradiussqlconf.xml
@@ -2,46 +2,45 @@
<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd">
<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?>
<packagegui>
- <copyright>
- <![CDATA[
+ <copyright>
+<![CDATA[
/* $Id$ */
/* ========================================================================== */
/*
- authng.xml
- part of pfSense (http://www.pfSense.com)
- Copyright (C) 2007 to whom it may belong
- All rights reserved.
+ freeradiussqlconf.xml
+ part of pfSense (http://www.pfSense.com)
+ Copyright (C) 2011 - 2012 to Alexander Wilke <nachtfalkeaw@web.de>
+ All rights reserved.
- Based on m0n0wall (http://m0n0.ch/wall)
- Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
- All rights reserved.
- */
+ Based on m0n0wall (http://m0n0.ch/wall)
+ Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
+ All rights reserved.
+ */
/* ========================================================================== */
/*
- Redistribution and use in source and binary forms, with or without
- modification, are permitted provided that the following conditions are met:
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions are met:
- 1. Redistributions of source code must retain the above copyright notice,
- this list of conditions and the following disclaimer.
+ 1. Redistributions of source code must retain the above copyright notice,
+ this list of conditions and the following disclaimer.
- 2. Redistributions in binary form must reproduce the above copyright
- notice, this list of conditions and the following disclaimer in the
- documentation and/or other materials provided with the distribution.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
- THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
- INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
- AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
- OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
- SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
- INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
- CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
- ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
- POSSIBILITY OF SUCH DAMAGE.
- */
+ THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
+ INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
+ AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
+ OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ POSSIBILITY OF SUCH DAMAGE.
+ */
/* ========================================================================== */
- ]]>
- </copyright>
+]]> </copyright>
<description><![CDATA[Describe your package here]]></description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
@@ -91,27 +90,63 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Enable SQL Configuration</fielddescr>
- <fieldname>varsqlconfenable</fieldname>
- <description><![CDATA[You need to enable this so that eap.conf will be included in radiusd.conf. (Default: Disable)<br>
- $INCLUDE sql.conf]]></description>
+ <fielddescr>Enable SQL Support</fielddescr>
+ <fieldname>varsqlconfincludeenable</fieldname>
+ <description><![CDATA[Enable this if you like to connect freeRADIUS to a SQL database. (Default: Disable)<br>
+ You <b>must enable at least</b> one of the following options: Authorization, Accounting, Session, Post-Auth.]]></description>
<type>select</type>
- <default_value>#\$INCLUDE sql.conf</default_value>
+ <default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>#\$INCLUDE sql.conf</value></option>
- <option><name>Enable</name><value>$INCLUDE sql.conf</value></option>
+ <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Enable</name><value>Enable</value></option>
</options>
</field>
<field>
- <fielddescr>Enable MySQL Counter</fielddescr>
- <fieldname>varsqlconfenablecounter</fieldname>
- <description><![CDATA[You need to enable this so that eap.conf will be included in radiusd.conf. (Default: Disable)<br>
- $INCLUDE sql/mysql/counter.conf]]></description>
+ <fielddescr>Enable SQL Authorization</fielddescr>
+ <fieldname>varsqlconfenableauthorize</fieldname>
+ <description><![CDATA[Enable this if usernames and passwords are stored on a SQL database.<br>
+ SQL support must be enabled for this to work. (Default: Disable)]]></description>
<type>select</type>
- <default_value>#\$INCLUDE sql/mysql/counter.conf</default_value>
+ <default_value>Disable</default_value>
<options>
- <option><name>Disbale</name><value>#\$INCLUDE sql/mysql/counter.conf</value></option>
- <option><name>Enable</name><value>$INCLUDE sql/mysql/counter.conf</value></option>
+ <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Enable</name><value>Enable</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Enable SQL Accounting</fielddescr>
+ <fieldname>varsqlconfenableaccounting</fieldname>
+ <description><![CDATA[Enable this if accounting packets should be logged to a SQL database.<br>
+ SQL support must be enabled for this to work. (Default: Disable)]]></description>
+ <type>select</type>
+ <default_value>Disable</default_value>
+ <options>
+ <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Enable</name><value>Enable</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Enable SQL Session</fielddescr>
+ <fieldname>varsqlconfenablesession</fieldname>
+ <description><![CDATA[Enable this to use the "rlm_sql" module (fast) to check for simultaneous connections instead of "radutmp" (slow).<br>
+ SQL support must be enabled for this to work. (Default: Disable)]]></description>
+ <type>select</type>
+ <default_value>Disable</default_value>
+ <options>
+ <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Enable</name><value>Enable</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Enable SQL Post-Auth</fielddescr>
+ <fieldname>varsqlconfenablepostauth</fieldname>
+ <description><![CDATA[Enable this if you like to store post-authentication data on a SQL database.<br>
+ SQL support must be enabled for this to work. (Default: Disable)]]></description>
+ <type>select</type>
+ <default_value>Disable</default_value>
+ <options>
+ <option><name>Disbale</name><value>Disable</value></option>
+ <option><name>Enable</name><value>Enable</value></option>
</options>
</field>
<field>