diff options
-rwxr-xr-x | config/freeradius2/freeradius.inc | 326 | ||||
-rwxr-xr-x[-rw-r--r--] | config/freeradius2/freeradius.xml | 11 | ||||
-rwxr-xr-x | config/freeradius2/freeradiusclients.xml | 156 | ||||
-rwxr-xr-x | config/freeradius2/freeradiusinterfaces.xml | 151 | ||||
-rwxr-xr-x | config/freeradius2/freeradiussettings.xml | 204 | ||||
-rw-r--r-- | pkg_config.8.xml | 4 | ||||
-rw-r--r-- | pkg_config.8.xml.amd64 | 4 |
7 files changed, 585 insertions, 271 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index 2408e91c..d5e49883 100755 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -6,10 +6,9 @@ define('RADDB', '/usr/local/etc/raddb'); function freeradius_deinstall_command() { exec("cd /var/db/pkg && pkg_delete `ls | grep freeradius`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep python`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep perl`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep libltdl`"); - exec("cd /var/db/pkg && pkg_delete `ls | grep gdbm`"); + exec("rm -rf /usr/local/etc/raddb/"); + exec("rm -rf /var/log/raddb/"); + exec("rm -rf /var/log/radacct/"); } function freeradius_install_command() { @@ -26,7 +25,8 @@ function freeradius_install_command() { exec("chown -R root:wheel /usr/local/etc/raddb"); exec("chown -R root:wheel /usr/local/lib/freeradius-2.1.12"); - exec("chown -R root:wheel /var/run/radiusd"); + exec("chown -R root:wheel /var/log/raddb"); + exec("chown -R root:wheel /var/log/radacct"); closedir($handle); @@ -44,22 +44,23 @@ function freeradius_install_command() { function freeradius_settings_resync() { global $config; - $settings = $config['installedpackages']['freeradiussettings']['config'][0]; - $iface = ($settings['interface'] ? $settings['interface'] : 'LAN'); - $iface = convert_friendly_interface_to_real_interface_name($iface); - $iface_ip = find_interface_ip($iface); - $interface_ip = $settings['interface_ip']; - $port = ($settings['port'] != '' ? $settings['port'] : 0); - $radiuslogging = $settings['radiuslogging']; - $radiuslogbadpass = $settings['radiuslogbadpass']; - $radiusloggoodpass = $settings['radiusloggoodpass']; - $max_requests_var = $settings['max_requests_var']; - $max_request_time_var = $settings['max_request_time_var']; - $cleanup_delay_var = $settings['cleanup_delay_var']; - $logdir_var = $settings['logdir_var']; - - // FreeRADIUS's configuration is huge - // This is the standard default config file, trimmed down a bit. Somebody might want to implement more options. It should be as simple as editing this, then also providing the settings in each file that was included here (or maybe just put the config inlined here). + $conf = ''; + + // Definition variables for freeradiussettings + $varsettings = $config['installedpackages']['freeradiussettings']['config'][0]; + $varsettingsmaxrequesttime = $varsettings['varsettingsmaxrequesttime']; + $varsettingscleanupdelay = $varsettings['varsettingscleanupdelay']; + $varsettingsmaxrequests = $varsettings['varsettingsmaxrequests']; + $varsettingslogdir = $varsettings['varsettingslogdir']; + $varsettingsstrippednames = $varsettings['varsettingsstrippednames']; + $varsettingsauth = $varsettings['varsettingsauth']; + $varsettingsauthbadpass = $varsettings['varsettingsauthbadpass']; + $varsettingsauthgoodpass = $varsettings['varsettingsauthgoodpass']; + $varsettingshostnamelookups = $varsettings['varsettingshostnamelookups']; + $varsettingsallowcoredumps = $varsettings['varsettingsallowcoredumps']; + $varsettingsregularexpressions = $varsettings['varsettingsregularexpressions']; + $varsettingsextendedexpressions = $varsettings['varsettingsextendedexpressions']; + $conf = <<<EOD prefix = /usr/local exec_prefix = \${prefix} @@ -73,72 +74,84 @@ confdir = \${raddbdir} run_dir = \${localstatedir}/run libdir = \${exec_prefix}/lib/freeradius-2.1.12 pidfile = \${run_dir}/radiusd.pid -#user = nobody -#group = nobody -max_request_time = $max_request_time_var -delete_blocked_requests = no -cleanup_delay = $cleanup_delay_var -max_requests = $max_requests_var -hostname_lookups = no -allow_core_dumps = no -regular_expressions = yes -extended_expressions = yes -usercollide = no -lower_user = no -lower_pass = no -nospace_user = no -nospace_pass = no -checkrad = \${sbindir}/checkrad +#chroot = /path/to/chroot/directory +#user = freeradius +#group = freeradius +############################################################################### +### Is not present in freeradius 2.x radiusd.conf anymore but it was in 1.x ### +### delete_blocked_requests = no ### +### usercollide = no ### +### lower_user = no ### +### lower_pass = no ### +### nospace_user = no ### +### nospace_pass = no ### +############################################################################### -log { - destination = $logdir_var - file = \${logdir}/radius.log - syslog_facility = daemon - stripped_names = no - auth = $radiuslogging - auth_badpass = $radiuslogbadpass - auth_goodpass = $radiusloggoodpass -# msg_goodpass = "" -# msg_badpass = "" -} - +max_request_time = $varsettingsmaxrequesttime +cleanup_delay = $varsettingscleanupdelay +max_requests = $varsettingsmaxrequests +hostname_lookups = $varsettingshostnamelookups +allow_core_dumps = $varsettingsallowcoredumps +regular_expressions = $varsettingsregularexpressions +extended_expressions = $varsettingsextendedexpressions -listen { - type = auth - ipaddr = $interface_ip - port = $port -} +EOD; +$arrinterfaces = $config['installedpackages']['freeradiusinterfaces']['config']; + if (is_array($arrinterfaces)) { + foreach ($arrinterfaces as $item) { + $varinterfaceip = $item['varinterfaceip']; + $varinterfaceport = $item['varinterfaceport']; + $varinterfacetype = $item['varinterfacetype']; + $varinterfaceipversion = $item['varinterfaceipversion']; + $description = $item['description']; + $conf .= <<<EOD listen { - type = acct - ipaddr = $interface_ip - port = 1813 + type = $varinterfacetype + $varinterfaceipversion = $varinterfaceip + port = $varinterfaceport } - -security { - max_attributes = 200 - reject_delay = 1 - status_server = no +EOD; + } // end foreach + } // end if +$conf .= <<<EOD + +log { + destination = $varsettingslogdir + file = \${logdir}/radius.log + syslog_facility = daemon + stripped_names = $varsettingsstrippednames + auth = $varsettingsauth + auth_badpass = $varsettingsauthbadpass + auth_goodpass = $varsettingsauthgoodpass + ###msg_goodpass = "" + ###msg_badpass = "" } - -proxy_requests = yes +checkrad = \${sbindir}/checkrad +security { + ###max_attributes = 200 + ###reject_delay = 1 + ###status_server = no ###raddb/sites-available/status ###wohl nur fuer Experten - erstmal weglassen + } + ###proxy_requests = yes ###auf "yes" lassen. Sorgt fuer weniger Probleme und kostet wenig/nichts (RAM) \$INCLUDE \${confdir}/proxy.conf - -\$INCLUDE \${confdir}/clients.conf - +\$INCLUDE \${confdir}/clients.conf ###Jegliche Konfiguration wird in der clients.conf durchgeführt +thread pool { + ###start_servers = 5 + ###max_servers = 32 + ###min_spare_servers = 3 + ###max_spare_servers = 10 + ###max_queue_size = 65536 + ###max_requests_per_server = 0 + } + + #snmp = no #\$INCLUDE \${confdir}/snmp.conf - -thread pool { - start_servers = 5 - max_servers = 32 - min_spare_servers = 3 - max_spare_servers = 10 - max_requests_per_server = 0 -} + modules { pap { @@ -219,6 +232,7 @@ modules { realm ntdomain { format = prefix + ### There is "\\\" in freeradius.inc file and output is "\\" in radiusd.conf delimiter = "\\\" ignore_default = no ignore_null = no @@ -464,63 +478,66 @@ post-proxy { } EOD; - conf_mount_rw(); + exec("chown -R root:wheel /var/log/raddb"); + exec("chown -R root:wheel /var/log/radacct"); + + conf_mount_rw(); file_put_contents(RADDB . '/radiusd.conf', $conf); conf_mount_ro(); restart_service("freeradius"); } function freeradius_users_resync() { - global $config; +global $config; - $conf = ''; - $users = $config['installedpackages']['freeradius']['config']; - if (is_array($users)) { - foreach ($users as $user) { - $username = $user['username']; - $password = $user['password']; - $multiconnect = $user['multiconnect']; - $ip = $user['ip']; - $subnetmask = $user['subnetmask']; - $gateway = $user['gateway']; - $userexpiration=$user['expiration']; - $sessiontime=$user['sessiontime']; - $onlinetime=$user['onlinetime']; - $vlanid=$user['vlanid']; - $additionaloptions=$user['additionaloptions']; - $atrib=''; - $head="$username User-Password == ".'"'.$password.'"'; - if ($multiconnect <> '') { - $head .=", Simultaneous-Use := $multiconnect"; - } - if ($userexpiration <> '') { - $head .=", Expiration := ".'"'.$userexpiration.'"'; - } - if ($subnetmask<> '') { - $head .=", Framed-IP-Netmask = $subnetmask"; - } - if ($gateway<> '') { - $head .=", Framed-Route = $gateway"; - } - if ($onlinetime <> '') { - $head .=", Login-Time := ". '"' . $onlinetime .'"'; - } - if ($ip <> '') { - if ($atrib <> '') { $atrib .=","; } - $atrib .="\r\n\tFramed-IP-Address = $ip"; - } - if ($sessiontime <> '') { - if ($atrib <> '') { $atrib .=","; } - $atrib .="\r\n\tSession-Timeout := $sessiontime"; - } - if ($vlanid <> '') { - if ($atrib <> '') { $atrib .=","; } - $atrib .="\r\n\tTunnel-Type = VLAN,\r\n\tTunnel-Medium-Type = IEEE-802,\r\n\tTunnel-Private-Group-ID = \"$vlanid\""; - } - if ($additionaloptions <> '') { - if ($atrib <> '') { $atrib .=","; } - $atrib .="\r\n\t$additionaloptions"; - } +$conf = ''; +$users = $config['installedpackages']['freeradius']['config']; +if (is_array($users)) { + foreach ($users as $user) { + $username = $user['username']; + $password = $user['password']; + $multiconnect = $user['multiconnect']; + $ip = $user['ip']; + $subnetmask = $user['subnetmask']; + $gateway = $user['gateway']; + $userexpiration=$user['expiration']; + $sessiontime=$user['sessiontime']; + $onlinetime=$user['onlinetime']; + $vlanid=$user['vlanid']; + $additionaloptions=$user['additionaloptions']; + $atrib=''; + $head="$username User-Password == ".'"'.$password.'"'; + if ($multiconnect <> '') { + $head .=", Simultaneous-Use := $multiconnect"; + } + if ($userexpiration <> '') { + $head .=", Expiration := ".'"'.$userexpiration.'"'; + } + if ($subnetmask<> '') { + $head .=", Framed-IP-Netmask = $subnetmask"; + } + if ($gateway<> '') { + $head .=", Framed-Route = $gateway"; + } + if ($onlinetime <> '') { + $head .=", Login-Time := ". '"' . $onlinetime .'"'; + } + if ($ip <> '') { + if ($atrib <> '') { $atrib .=","; } + $atrib .="\r\n\tFramed-IP-Address = $ip"; + } + if ($sessiontime <> '') { + if ($atrib <> '') { $atrib .=","; } + $atrib .="\r\n\tSession-Timeout := $sessiontime"; + } + if ($vlanid <> '') { + if ($atrib <> '') { $atrib .=","; } + $atrib .="\r\n\tTunnel-Type = VLAN,\r\n\tTunnel-Medium-Type = IEEE-802,\r\n\tTunnel-Private-Group-ID = \"$vlanid\""; + } + if ($additionaloptions <> '') { + if ($atrib <> '') { $atrib .=","; } + $atrib .="\r\n\t$additionaloptions"; + } $conf .= <<<EOD $head @@ -528,7 +545,8 @@ function freeradius_users_resync() { EOD; } - } +} + $filename = RADDB . '/users'; conf_mount_rw(); file_put_contents($filename, $conf); @@ -542,16 +560,43 @@ function freeradius_clients_resync() { global $config; $conf = ''; - $clients = $config['installedpackages']['freeradiusclients']['config']; - if (is_array($clients) && !empty($clients)) { - foreach ($clients as $item) { - $client = $item['client']; - $secret = $item['sharedsecret']; - $shortname = $item['shortname']; + $arrclients = $config['installedpackages']['freeradiusclients']['config']; + if (is_array($arrclients) && !empty($arrclients)) { + foreach ($arrclients as $item) { + $varclientip = $item['varclientip']; + $varclientsharedsecret = $item['varclientsharedsecret']; + $varclientipversion = $item['varclientipversion']; + $varclientshortname = $item['varclientshortname']; + $varclientproto = $item['varclientproto']; + $varrequiremessageauthenticator = $item['varrequiremessageauthenticator']; + $varclientnastype = $item['varclientnastype']; + $varclientmaxconnections = $item['varclientmaxconnections']; $conf .= <<<EOD -client $client { - secret = $secret - shortname = $shortname + +client $varclientshortname { + $varclientipversion = $varclientip + + ### udp or tcp - udp is default + proto = $varclientproto + secret = $varclientsharedsecret + + ### RFC5080: User Message-Authenticator in Access-Request. But older sqitches, accesspoints, NAS do not include that. Default: no + require_message_authenticator = $varrequiremessageauthenticator + + ### Takes only effect if you use TCP as protocol. This is the mirror of "max_requests" from "Settings" tab. Default 16 + max_connections = $varclientmaxconnections + shortname = $varclientshortname + + ### Optional: Used by checkrad.pl for simultaneous use checks. Default: other + nastype = $varclientnastype + + ### Optional: will be used in future releases + #login = !root + #password = someadminpas + + ### Additional configuration needed. See: raddb/sites-available/originate-coa + #virtual_server = home1 + #coa_server = coa } EOD; @@ -559,10 +604,11 @@ EOD; } else { $conf .= <<<EOD - client 127.0.0.1 { - secret = pfsense - shortname = localhost - } +client pfsense { + ipaddr = 127.0.0.1 + secret = pfsense + shortname = pfsense +} EOD; } @@ -572,4 +618,4 @@ EOD; conf_mount_ro(); restart_service("freeradius"); } -?> +?>
\ No newline at end of file diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index 79787e56..40685657 100644..100755 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -69,10 +69,14 @@ <active/> </tab> <tab> - <text>Clients</text> + <text>NAS / Clients</text> <url>/pkg.php?xml=freeradiusclients.xml</url> </tab> <tab> + <text>Interfaces</text> + <url>/pkg.php?xml=freeradiusinterfaces.xml</url> + </tab> + <tab> <text>Settings</text> <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> </tab> @@ -129,6 +133,11 @@ <additional_files_needed> <prefix>/usr/local/pkg/</prefix> <chmod>0775</chmod> + <item>http://www.pfsense.org/packages/config/freeradius2/freeradiusinterfaces.xml</item> + </additional_files_needed> + <additional_files_needed> + <prefix>/usr/local/pkg/</prefix> + <chmod>0775</chmod> <item>http://www.pfsense.org/packages/config/freeradius2/freeradius.inc</item> </additional_files_needed> <fields> diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml index ce6abfdb..6719c6b4 100755 --- a/config/freeradius2/freeradiusclients.xml +++ b/config/freeradius2/freeradiusclients.xml @@ -2,8 +2,8 @@ <!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ /* ========================================================================== */ /* @@ -40,38 +40,62 @@ POSSIBILITY OF SUCH DAMAGE. */ /* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>freeradiusclients</name> <version>none</version> <title>FreeRADIUS: Clients</title> <include_file>/usr/local/pkg/freeradius.inc</include_file> <tabs> - <tab> - <text>Users</text> - <url>/pkg.php?xml=freeradius.xml</url> - </tab> - <tab> - <text>Clients</text> - <url>/pkg.php?xml=freeradiusclients.xml</url> + <tab> + <text>Users</text> + <url>/pkg.php?xml=freeradius.xml</url> + </tab> + <tab> + <text>NAS / Clients</text> + <url>/pkg.php?xml=freeradiusclients.xml</url> <active/> - </tab> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> - </tab> - </tabs> + </tab> + <tab> + <text>Interfaces</text> + <url>/pkg.php?xml=freeradiusinterfaces.xml</url> + </tab> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> + </tab> + </tabs> <adddeleteeditpagefields> <columnitem> - <fielddescr>Client</fielddescr> - <fieldname>client</fieldname> + <fielddescr>Client IP Address</fielddescr> + <fieldname>varclientip</fieldname> </columnitem> <columnitem> - <fielddescr>Shortname</fielddescr> - <fieldname>shortname</fieldname> + <fielddescr>Client IP Version</fielddescr> + <fieldname>varclientipversion</fieldname> + </columnitem> + <columnitem> + <fielddescr>Client Shortname</fielddescr> + <fieldname>varclientshortname</fieldname> + </columnitem> + <columnitem> + <fielddescr>Client Protocol</fielddescr> + <fieldname>varclientproto</fieldname> + </columnitem> + <columnitem> + <fielddescr>Client NAS Type</fielddescr> + <fieldname>varclientnastype</fieldname> + </columnitem> + <columnitem> + <fielddescr>Require Message Authenticator</fielddescr> + <fieldname>varrequiremessageauthenticator</fieldname> + </columnitem> + <columnitem> + <fielddescr>Max Connections</fielddescr> + <fieldname>varclientmaxconnections</fieldname> </columnitem> <columnitem> <fielddescr>Description</fielddescr> @@ -80,30 +104,92 @@ </adddeleteeditpagefields> <fields> <field> - <fielddescr>Client</fielddescr> - <fieldname>client</fieldname> - <description>Enter the client's IP address.</description> + <fielddescr>Client IP Address</fielddescr> + <fieldname>varclientip</fieldname> + <description>Enter the IP address of the client. This is in general the IP of the NAS (switch,accesspoint).</description> <type>input</type> <required/> </field> <field> - <fielddescr>Shortname</fielddescr> - <fieldname>shortname</fieldname> - <description>Enter the client's shortname.</description> + <fielddescr>Client IP Version</fielddescr> + <fieldname>varclientipversion</fieldname> + <type>select</type> + <default_value>ipaddr</default_value> + <options> + <option><name>IPv4</name><value>ipaddr</value></option> + <option><name>IPv6</name><value>ipv6addr</value></option> + </options> + <required/> + </field> + <field> + <fielddescr>Client Shortname</fielddescr> + <fieldname>varclientshortname</fieldname> + <description>Enter shortname of the client. This is in general the IP of the NAS (switch,accesspoint).</description> <type>input</type> <required/> </field> <field> - <fielddescr>Shared Secret</fielddescr> - <fieldname>sharedsecret</fieldname> - <description>Enter the client's shared secret here</description> + <fielddescr>Client Shared Secret</fielddescr> + <fieldname>varclientsharedsecret</fieldname> + <description>Enter the shared secret of the client here. This is the shared secret (password) which the NAS (switch or accesspoint) needs to communicate with the RADIUS server.</description> <type>password</type> <required/> </field> <field> + <fielddescr>Client Protocol</fielddescr> + <fieldname>varclientproto</fieldname> + <description>Enter the protocol the client uses. (Default: udp)</description> + <type>select</type> + <default_value>udp</default_value> + <options> + <option><name>UDP</name><value>udp</value></option> + <option><name>TCP</name><value>tcp</value></option> + </options> + <required/> + </field> + <field> + <fielddescr>Client NAS Type</fielddescr> + <fieldname>varclientnastype</fieldname> + <description>Enter the NAS type of the client. This is used by checkrad.pl for simultaneous use checks. (Default: other)</description> + <type>select</type> + <default_value>other</default_value> + <options> + <option><name>CISCO Systems</name><value>cisco</value></option> + <option><name>Computone PowerRack</name><value>computone</value></option> + <option><name>Livingston PortMaster</name><value>livingston</value></option> + <option><name>Ascend Max 4000 family</name><value>max40xx</value></option> + <option><name>Multitech CommPlete Server</name><value>multitech</value></option> + <option><name>3Com/USR NetServer</name><value>netserver</value></option> + <option><name>Cyclades PathRAS</name><value>pathras</value></option> + <option><name>Patton 2800 family</name><value>patton</value></option> + <option><name>Cistron PortSlave</name><value>portslave</value></option> + <option><name>3Com/USR TotalControl</name><value>tc</value></option> + <option><name>3Com/USR Hiper Arc Total Control</name><value>usrhiper</value></option> + <option><name>other</name><value>other</value></option> + </options> + </field> + <field> + <fielddescr>Require Message Authenticator</fielddescr> + <fieldname>varrequiremessageauthenticator</fieldname> + <description>RFC5080 requires Message-Authenticator in Access-Request. But older NAS (switches or accesspoints) do not include that. (Default: no)</description> + <type>select</type> + <default_value>no</default_value> + <options> + <option><name>No</name><value>no</value></option> + <option><name>Yes</name><value>yes</value></option> + </options> + </field> + <field> + <fielddescr>Max Connections</fielddescr> + <fieldname>varclientmaxconnections</fieldname> + <description>Takes only effect if you use TCP as protocol. This is the mirror of "Max Requests Server" from "Settings" tab. (Default 16)</description> + <type>input</type> + <default_value>16</default_value> + </field> + <field> <fielddescr>Description</fielddescr> <fieldname>description</fieldname> - <description>Enter the description of the user here</description> + <description>Enter any description you like for this client.</description> <type>input</type> </field> </fields> @@ -113,4 +199,4 @@ <custom_php_resync_config_command> freeradius_clients_resync(); </custom_php_resync_config_command> -</packagegui> +</packagegui>
\ No newline at end of file diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml new file mode 100755 index 00000000..f2de1008 --- /dev/null +++ b/config/freeradius2/freeradiusinterfaces.xml @@ -0,0 +1,151 @@ +<?xml version="1.0" encoding="utf-8" ?> +<!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> +<?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> +<packagegui> + <copyright> + <![CDATA[ +/* $Id$ */ +/* ========================================================================== */ +/* + authng.xml + part of pfSense (http://www.pfSense.com) + Copyright (C) 2007 to whom it may belong + All rights reserved. + + Based on m0n0wall (http://m0n0.ch/wall) + Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>. + All rights reserved. + */ +/* ========================================================================== */ +/* + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are met: + + 1. Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, + INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE + AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, + OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + POSSIBILITY OF SUCH DAMAGE. + */ +/* ========================================================================== */ + ]]> + </copyright> + <description>Describe your package here.</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> + <name>freeradiusinterfaces</name> + <version>none</version> + <title>FreeRADIUS: Interfaces</title> + <include_file>/usr/local/pkg/freeradius.inc</include_file> + <tabs> + <tab> + <text>Users</text> + <url>/pkg.php?xml=freeradius.xml</url> + </tab> + <tab> + <text>NAS / Clients</text> + <url>/pkg.php?xml=freeradiusclients.xml</url> + </tab> + <tab> + <text>Interfaces</text> + <url>/pkg.php?xml=freeradiusinterfaces.xml</url> + <active/> + </tab> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> + </tab> + </tabs> + <adddeleteeditpagefields> + <columnitem> + <fielddescr>Listening Interface</fielddescr> + <fieldname>varinterfaceip</fieldname> + </columnitem> + <columnitem> + <fielddescr>Port</fielddescr> + <fieldname>varinterfaceport</fieldname> + </columnitem> + <columnitem> + <fielddescr>Interface Type</fielddescr> + <fieldname>varinterfacetype</fieldname> + </columnitem> + <columnitem> + <fielddescr>IP Version</fielddescr> + <fieldname>varinterfaceipversion</fieldname> + </columnitem> + <columnitem> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + </columnitem> + </adddeleteeditpagefields> + <fields> + <field> + <fielddescr>Listening Interface</fielddescr> + <fieldname>varinterfaceip</fieldname> + <description>Enter the IP address of the listening interface. e.g. 192.168.100.1 (Default: *)</description> + <type>input</type> + <default_value>*</default_value> + <required/> + </field> + <field> + <fielddescr>Port</fielddescr> + <fieldname>varinterfaceport</fieldname> + <description>Enter the port number of the listening interface. e.g. 1812 (Default: 1812)</description> + <type>input</type> + <default_value>1812</default_value> + <required/> + </field> + <field> + <fielddescr>Interface Type</fielddescr> + <fieldname>varinterfacetype</fieldname> + <description>Enter the type of the listening interface. (Default: auth)</description> + <type>select</type> + <default_value>auth</default_value> + <options> + <option><name>Auth</name><value>auth</value></option> + <option><name>Acct</name><value>acct</value></option> + <option><name>Proxy</name><value>proxy</value></option> + <option><name>Detail</name><value>detail</value></option> + <option><name>Status</name><value>status</value></option> + <option><name>CoA</name><value>coa</value></option> + </options> + <required/> + </field> + <field> + <fielddescr>IP Version</fielddescr> + <fieldname>varinterfaceipversion</fieldname> + <description>Enter the IP version of the listening interface. (Default: IPv4)</description> + <type>select</type> + <default_value>ipaddr</default_value> + <options> + <option><name>IPv4</name><value>ipaddr</value></option> + <option><name>IPv6</name><value>ipv6addr</value></option> + </options> + <required/> + </field> + <field> + <fielddescr>Description</fielddescr> + <fieldname>description</fieldname> + <description>Enter any description you like for this interface.</description> + <type>input</type> + </field> + </fields> + <custom_delete_php_command> + freeradius_settings_resync(); + </custom_delete_php_command> + <custom_php_resync_config_command> + freeradius_settings_resync(); + </custom_php_resync_config_command> +</packagegui> diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index 0ea8ae50..bab82e72 100755 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -2,8 +2,8 @@ <!DOCTYPE packagegui SYSTEM "./schema/packages.dtd"> <?xml-stylesheet type="text/xsl" href="./xsl/package.xsl"?> <packagegui> - <copyright> - <![CDATA[ + <copyright> + <![CDATA[ /* $Id$ */ /* ========================================================================== */ /* @@ -40,136 +40,158 @@ POSSIBILITY OF SUCH DAMAGE. */ /* ========================================================================== */ - ]]> - </copyright> - <description>Describe your package here</description> - <requirements>Describe your package requirements here</requirements> - <faq>Currently there are no FAQ items provided.</faq> + ]]> + </copyright> + <description>Describe your package here</description> + <requirements>Describe your package requirements here</requirements> + <faq>Currently there are no FAQ items provided.</faq> <name>freeradiussettings</name> <version>none</version> <title>FreeRADIUS: Settings</title> <aftersaveredirect>pkg_edit.php?xml=freeradiussettings.xml&id=0</aftersaveredirect> <include_file>/usr/local/pkg/freeradius.inc</include_file> <tabs> - <tab> - <text>Users</text> - <url>/pkg.php?xml=freeradius.xml</url> - </tab> - <tab> - <text>Clients</text> - <url>/pkg.php?xml=freeradiusclients.xml</url> - </tab> - <tab> - <text>Settings</text> - <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> + <tab> + <text>Users</text> + <url>/pkg.php?xml=freeradius.xml</url> + </tab> + <tab> + <text>NAS / Clients</text> + <url>/pkg.php?xml=freeradiusclients.xml</url> + </tab> + <tab> + <text>Interfaces</text> + <url>/pkg.php?xml=freeradiusinterfaces.xml</url> + </tab> + <tab> + <text>Settings</text> + <url>/pkg_edit.php?xml=freeradiussettings.xml&id=0</url> <active/> - </tab> - </tabs> + </tab> + </tabs> <fields> <field> - <fielddescr>Listening Interface(s)</fielddescr> - <fieldname>interface_ip</fieldname> - <description>Enter the desired listening interface IP here ( 192.168.1.0 ) or use "*" (without "") for any interface.</description> - <type>input</type> - <default_value>*</default_value> - <required/> + <fielddescr>Logging Destination of RADIUS</fielddescr> + <fieldname>varsettingslogdir</fieldname> + <description>Choose the destination where freeRADIUS should log. Logging must be enabled.(Default: radius.log)</description> + <type>select</type> + <default_value>files</default_value> + <options> + <option><name>/var/log/radius.log</name><value>files</value></option> + <option><name>System Logs -> System</name><value>syslog</value></option> + <option><name>stdout</name><value>stdout</value></option> + <option><name>stderr</name><value>stderr</value></option> + </options> </field> <field> - <fielddescr>Port</fielddescr> - <fieldname>port</fieldname> - <description>Enter the port the RADIUS server will listen on. Leave blank to default to the system default, i.e., 1812.</description> - <type>input</type> - <default_value>1812</default_value> + <fielddescr>RADIUS Logging</fielddescr> + <fieldname>varsettingsauth</fieldname> + <description>Choose if you want to enable logging. (Default: Disabled)</description> + <type>select</type> + <default_value>no</default_value> + <options> + <option><name>Disable</name><value>no</value></option> + <option><name>Enable</name><value>yes</value></option> + </options> + </field> + <field> + <fielddescr>Log Bad Authentication Attempts</fielddescr> + <fieldname>varsettingsauthbadpass</fieldname> + <description>Choose if you want to log bad authentication attempts. Logging must be enabled. (Default: no)</description> + <type>select</type> + <default_value>no</default_value> + <options> + <option><name>no</name><value>no</value></option> + <option><name>Log</name><value>yes</value></option> + </options> + </field> + <field> + <fielddescr>Log good authentication attempts?</fielddescr> + <fieldname>varsettingsauthgoodpass</fieldname> + <description>Choose if you want to log good authentication attempts. Logging must be enabled. (Default: no)</description> + <type>select</type> + <default_value>no</default_value> + <options> + <option><name>no</name><value>no</value></option> + <option><name>Log</name><value>yes</value></option> + </options> </field> <field> - <fielddescr>Maximum requests server</fielddescr> - <fieldname>max_requests_var</fieldname> - <description>The maximum number of requests the RADIUS server can handle. Default is 1024. It should be 256 * number of clients e.g.: 4 Switches * 256 = 1024.</description> + <fielddescr>Log Stripped Names</fielddescr> + <fieldname>varsettingsstrippednames</fieldname> + <description>Choose if you want to log the full User-Name attribute as it was found in the request. Logging must be enabled. (Default: no)</description> + <type>select</type> + <default_value>no</default_value> + <options> + <option><name>no</name><value>no</value></option> + <option><name>Log</name><value>yes</value></option> + </options> + </field> + <field> + <fielddescr>Maximum Requests Server</fielddescr> + <fieldname>varsettingsmaxrequests</fieldname> + <description>The maximum number of requests the server could handle at a time until "Cleanup Delay" deletes them. Useful range 256 * NAS. If it is set to low it will make the server busy. A higher value is better (but increased RAM usage) but it shouldn't be higher than 1000 * NAS. (Default: 1024)</description> <type>input</type> <default_value>1024</default_value> </field> <field> - <fielddescr>Max request time</fielddescr> - <fieldname>max_request_time_var</fieldname> - <description>The maximum time (in seconds) to handle a request. Default is 30. Useful range of values: 5 to 120.</description> + <fielddescr>Max Request Timeout</fielddescr> + <fieldname>varsettingsmaxrequesttime</fieldname> + <description>The maximum time to handle a request in seconds. (Default: 30)</description> <type>input</type> <default_value>30</default_value> </field> <field> - <fielddescr>Cleanup delay</fielddescr> - <fieldname>cleanup_delay_var</fieldname> - <description>The time to wait (in seconds) before cleaning up a reply which was sent to the NAS. Default is 5. Useful range of values: 2 to 10.</description> + <fielddescr>Cleanup Delay</fielddescr> + <fieldname>varsettingscleanupdelay</fieldname> + <description>The time to wait before cleaning up a reply which was sent to the NAS in seconds. (Default: 5)</description> <type>input</type> <default_value>5</default_value> </field> <field> - <fielddescr>Radius Logging Destination</fielddescr> - <fieldname>logdir_var</fieldname> - <description>Logging to "syslog" or "/var/log/radius.log" ?</description> + <fielddescr>NAS Hostname Lookup</fielddescr> + <fieldname>varsettingshostnamelookups</fieldname> + <description>Log the names of NAS instead of IP addresses. Turning this on can result in lock ups of the RADIUS Server. (Default: no)</description> <type>select</type> - <default_value>/var/log</default_value> + <default_value>no</default_value> <options> - <option> - <name>radius.log</name> - <value>files</value> - </option> - <option> - <name>syslog</name> - <value>syslog</value> - </option> + <option><name>Disable</name><value>no</value></option> + <option><name>Enable</name><value>yes</value></option> </options> - </field> + </field> <field> - <fielddescr>Radius Logging</fielddescr> - <fieldname>radiuslogging</fieldname> - <description>Enable logging?</description> + <fielddescr>Allow Core Dumps</fielddescr> + <fieldname>varsettingsallowcoredumps</fieldname> + <description>Only turn this on if you need to debug the RADIUS server! (Default: no)</description> <type>select</type> <default_value>no</default_value> <options> - <option> - <name>no</name> - <value>no</value> - </option> - <option> - <name>yes</name> - <value>yes</value> - </option> + <option><name>Disable</name><value>no</value></option> + <option><name>Enable</name><value>yes</value></option> </options> - </field> + </field> <field> - <fielddescr>Log bad authentication attempts?</fielddescr> - <fieldname>radiuslogbadpass</fieldname> - <description>Specifies whether to log bad authentication attempts to the radius.log file. Radius Logging must be enabled for this to work.</description> + <fielddescr>Regular Expressions</fielddescr> + <fieldname>varsettingsregularexpressions</fieldname> + <description>Allows regular expressions. (Default: yes)</description> <type>select</type> - <default_value>no</default_value> + <default_value>yes</default_value> <options> - <option> - <name>no</name> - <value>no</value> - </option> - <option> - <name>yes</name> - <value>yes</value> - </option> + <option><name>Disable</name><value>no</value></option> + <option><name>Enable</name><value>yes</value></option> </options> </field> <field> - <fielddescr>Log good authentication attempts?</fielddescr> - <fieldname>radiusloggoodpass</fieldname> - <description>Specifies whether to log good authentication attempts to the radius.log file. Radius Logging must be enabled for this to work.</description> + <fielddescr>Extended Expressions</fielddescr> + <fieldname>varsettingsextendedexpressions</fieldname> + <description>Allows extended expressions. (Default: yes)</description> <type>select</type> - <default_value>no</default_value> + <default_value>yes</default_value> <options> - <option> - <name>no</name> - <value>no</value> - </option> - <option> - <name>yes</name> - <value>yes</value> - </option> + <option><name>Disable</name><value>no</value></option> + <option><name>Enable</name><value>yes</value></option> </options> - </field> + </field> </fields> <custom_delete_php_command> freeradius_settings_resync(); @@ -177,4 +199,4 @@ <custom_php_resync_config_command> freeradius_settings_resync(); </custom_php_resync_config_command> -</packagegui> +</packagegui>
\ No newline at end of file diff --git a/pkg_config.8.xml b/pkg_config.8.xml index 31aad164..0ae10e34 100644 --- a/pkg_config.8.xml +++ b/pkg_config.8.xml @@ -759,11 +759,11 @@ <name>freeradius2</name> <website>http://www.freeradius.org/</website> <descr><![CDATA[!!! EXPERIMENTAL !!!<br> - freeRADIUS 2.1.12 - The package is based on freeradius 1.1.8 package.<br> + freeRADIUS 2.1.12<br> DO NOT USE ON PRODUCTIVE SYSTEMS AND NOT TOGETHER WITH freeradius. Both packages are using the same config files]]></descr> <pkginfolink>http://forum.pfsense.org/index.php/topic,43675.0.html</pkginfolink> <category>System</category> - <version>2.1.12 pkg v0.3</version> + <version>2.1.12 pkg v0.8</version> <status>Alpha</status> <required_version>2.0</required_version> <maintainer>Nachtfalke</maintainer> diff --git a/pkg_config.8.xml.amd64 b/pkg_config.8.xml.amd64 index 637cd1bf..6f046a47 100644 --- a/pkg_config.8.xml.amd64 +++ b/pkg_config.8.xml.amd64 @@ -801,11 +801,11 @@ <name>freeradius2</name> <website>http://www.freeradius.org/</website> <descr><![CDATA[!!! EXPERIMENTAL !!!<br> - freeRADIUS 2.1.12 - The package is based on freeradius 1.1.8 package.<br> + freeRADIUS 2.1.12<br> DO NOT USE ON PRODUCTION SYSTEMS AND NOT TOGETHER WITH freeradius. Both packages are using the same config files]]></descr> <pkginfolink>http://forum.pfsense.org/index.php/topic,43675.0.html</pkginfolink> <category>System</category> - <version>2.1.12 pkg v0.3</version> + <version>2.1.12 pkg v0.8</version> <status>Alpha</status> <required_version>2.0</required_version> <maintainer>Nachtfalke</maintainer> |