aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--config/freeradius2/freeradiusclients.xml6
-rw-r--r--config/freeradius2/freeradiuseapconf.xml18
-rw-r--r--config/freeradius2/freeradiusinterfaces.xml2
-rw-r--r--config/freeradius2/freeradiussettings.xml15
-rw-r--r--config/freeradius2/freeradiussqlconf.xml4
5 files changed, 23 insertions, 22 deletions
diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml
index 215a751e..da1e37a2 100644
--- a/config/freeradius2/freeradiusclients.xml
+++ b/config/freeradius2/freeradiusclients.xml
@@ -138,7 +138,7 @@
<field>
<fielddescr>Client IP Address</fielddescr>
<fieldname>varclientip</fieldname>
- <description><![CDATA[Enter the IP address of the client. This is in general the IP of the NAS (switch,accesspoint).]]></description>
+ <description><![CDATA[Enter the IP address of the RADIUS client. This is the IP of the NAS (switch, access point, firewall, router, etc.).]]></description>
<type>input</type>
<required/>
</field>
@@ -156,14 +156,14 @@
<field>
<fielddescr>Client Shortname</fielddescr>
<fieldname>varclientshortname</fieldname>
- <description><![CDATA[Enter shortname of the client. This is in general the hostname of the NAS (switch,accesspoint).]]></description>
+ <description><![CDATA[Enter a short name for the client. This is generally the hostname of the NAS.]]></description>
<type>input</type>
<required/>
</field>
<field>
<fielddescr>Client Shared Secret</fielddescr>
<fieldname>varclientsharedsecret</fieldname>
- <description><![CDATA[Enter the shared secret of the client here. This is the shared secret (password) which the NAS (switch or accesspoint) needs to communicate with the RADIUS server.]]></description>
+ <description><![CDATA[Enter the shared secret of the RADIUS client here. This is the shared secret (password) which the NAS (switch or accesspoint) needs to communicate with the RADIUS server.]]></description>
<type>password</type>
<required/>
</field>
diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml
index 8f8e4dc7..8400fe6e 100644
--- a/config/freeradius2/freeradiuseapconf.xml
+++ b/config/freeradius2/freeradiuseapconf.xml
@@ -105,7 +105,7 @@
<field>
<fielddescr>Disable weak EAP types</fielddescr>
<fieldname>vareapconfdisableweakeaptypes</fieldname>
- <description><![CDATA[Here you disable the weak EAP types MD5, GTC and LEAP. You should do this if you want that only stronger EAP types like TLS, TTLS, PEAP, MSCHAPv2 should be allowed. This option does not affect the "tunneled EAP sessions".]]></description>
+ <description><![CDATA[Here you can disable the weak EAP types MD5, GTC and LEAP. Check this to only allow stronger EAP types like TLS, TTLS, PEAP, MSCHAPv2 should be allowed. This option does not affect the "tunneled EAP sessions".]]></description>
<type>checkbox</type>
</field>
<field>
@@ -134,7 +134,7 @@
<field>
<fielddescr>Ignore Unknown EAP Types</fielddescr>
<fieldname>vareapconfignoreunknowneaptypes</fieldname>
- <description><![CDATA[If the RADIUS does not know the EAP type it rejects it. If set to "yes" an other module <b>must</b> be configured to proxy the request to a further RADIUS server. (Default: no)]]></description>
+ <description><![CDATA[If the RADIUS server does not know the EAP type, it rejects it. If set to "yes" another module <b>must</b> be configured to proxy the request to a further RADIUS server. (Default: no)]]></description>
<type>select</type>
<default_value>no</default_value>
<options>
@@ -165,19 +165,19 @@
<type>listtopic</type>
</field>
<field>
- <fielddescr>Choose Cert-Manager</fielddescr>
+ <fielddescr>Choose Cert Manager</fielddescr>
<fieldname>vareapconfchoosecertmanager</fieldname>
<description><![CDATA[Choose your Cert manager. By default it is the freeradius cert manager because the server needs some default certs to start service. For more information take al look at "Certificates"-Tab.<br>
- To use the firewall's built-in Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br>
- <b>uncheked</b>: FreeRADIUS Cert-Manager (not recommended) (Default: unchecked)<br>
- <b>cheked</b>: Firewall Cert-Manager (recommended)]]></description>
+ To use the firewall's built-in Certificate Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br>
+ <b>unchecked</b>: FreeRADIUS Cert Manager (not recommended) (Default: unchecked)<br>
+ <b>checked</b>: Firewall Cert Manager (recommended)]]></description>
<type>checkbox</type>
<enablefields>ssl_ca_cert,ssl_ca_crl,ssl_server_cert</enablefields>
</field>
<field>
<fielddescr>Private Key Password</fielddescr>
<fieldname>vareapconfprivatekeypassword</fieldname>
- <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by the firewall's built-in Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description>
+ <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by the firewall's built-in Cert Manager are not protected so you must leave this field empty.]]></description>
<type>password</type>
<default_value>whatever</default_value>
</field>
@@ -334,7 +334,7 @@
<field>
<fielddescr>Max Entries</fielddescr>
<fieldname>vareapconfcachemaxentries</fieldname>
- <description><![CDATA[The maximum number of entries in the cache. Set to "0" for "infinite". This could be set to the number of users who are logged in... which can be a LOT. (Default: 255)]]></description>
+ <description><![CDATA[The maximum number of entries in the cache. Set to "0" for "infinite." (Default: 255)]]></description>
<type>input</type>
<default_value>255</default_value>
</field>
@@ -470,7 +470,7 @@
<field>
<fielddescr>Microsoft Statement of Health (SoH) Support</fielddescr>
<fieldname>vareapconfpeapsohenable</fieldname>
- <description><![CDATA[You can accept/reject clients if they have not actual windows updates and more. You need to change server-file for your needs. It cannot be changed from GUI and will be deleted after package (re)installation. (/usr/local/etc/raddb/sites-available/soh). (Default: no)]]></description>
+ <description><![CDATA[You can accept/reject clients based on Microsoft's Statement of Health, such as if they are missing Windows updates, don't have a firewall enabled, antivirus not in line with policy, etc. You need to change server-file for your needs. It cannot be changed from GUI and will be deleted after package reinstallation. (/usr/local/etc/raddb/sites-available/soh). (Default: no)]]></description>
<type>select</type>
<default_value>Disable</default_value>
<options>
diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml
index 1233f72f..61f52ffd 100644
--- a/config/freeradius2/freeradiusinterfaces.xml
+++ b/config/freeradius2/freeradiusinterfaces.xml
@@ -175,7 +175,7 @@
<field>
<fielddescr>Description</fielddescr>
<fieldname>description</fieldname>
- <description><![CDATA[Enter any description you like for this interface.]]></description>
+ <description><![CDATA[Optionally enter a description here for your reference.]]></description>
<type>input</type>
</field>
</fields>
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 99af4d4a..d77a0bdf 100644
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -8,7 +8,8 @@
/* ========================================================================== */
/*
freeradiussettings.xml
- part of pfSense (http://www.pfSense.com)
+ part of pfSense (https://www.pfsense.org)
+ Copyright (C) 2014 Electric Sheep Fencing, LP
Copyright (C) 2013 Alexander Wilke <nachtfalkeaw@web.de>
All rights reserved.
@@ -162,7 +163,7 @@
<field>
<fielddescr>Logging Destination of RADIUS</fielddescr>
<fieldname>varsettingslogdir</fieldname>
- <description><![CDATA[Choose the destination where freeRADIUS should log. This will log if service started or failed but no authentication information. (Default: radius.log)]]></description>
+ <description><![CDATA[Choose the destination where freeRADIUS will log. This will log general service information, but no authentication information. (Default: radius.log)]]></description>
<type>select</type>
<default_value>syslog</default_value>
<options>
@@ -316,7 +317,7 @@
<field>
<fielddescr>Enable Mobile-One-Time-Password</fielddescr>
<fieldname>varsettingsmotpenable</fieldname>
- <description><![CDATA[This enables the possibility to authenticate against an username and an one-time-password. The client which generates OTP can be installed on various mobile device plattforms like Android and more. (Default: unchecked)]]></description>
+ <description><![CDATA[This enables the possibility to authenticate using a username and one-time-password. The client which generates OTP can be installed on various mobile device plattforms like Android and more. (Default: unchecked)]]></description>
<type>checkbox</type>
<enablefields>varsettingsmotptimespan,varsettingsmotppasswordattempts,varsettingsmotpchecksumtype,varsettingsmotptokenlength</enablefields>
</field>
@@ -330,14 +331,14 @@
<field>
<fielddescr>Number of invalid password attempts</fielddescr>
<fieldname>varsettingsmotppasswordattempts</fieldname>
- <description><![CDATA[After this the user will be locked out until the admin unlocks the user. (Default: 5)]]></description>
+ <description><![CDATA[After this many failed attempts, the user will be locked out until an admin unlocks the user. (Default: 5)]]></description>
<type>input</type>
<default_value>5</default_value>
</field>
<field>
<fielddescr>Hash algorithm</fielddescr>
<fieldname>varsettingsmotpchecksumtype</fieldname>
- <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits as password. Perhaps there are some other/hardware tokens which use other hash types so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: md5)]]></description>
+ <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits as password. Perhaps there are some other/hardware tokens which use other hash types so you can perhaps adjust this here. This <b>must</b> be equal on both sides! (Default: md5)]]></description>
<type>select</type>
<default_value>md5</default_value>
<options>
@@ -349,12 +350,12 @@
<field>
<fielddescr>Token Password length</fielddescr>
<fieldname>varsettingsmotptokenlength</fieldname>
- <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits 1 to 6 as password. Perhaps there are some other/hardware tokens which use other digits so you can perhaps adjust this here. But this <b>must</b> be equal on bothe sites! (Default: 1-6)]]></description>
+ <description><![CDATA[We build a hash of "EPOCHTIME+INIT-SECRET+PIN" and then use the digits 1 to 6 as password. Perhaps there are some other/hardware tokens which use other digits so you can perhaps adjust this here. This <b>must</b> be equal on both sides! (Default: 1-6)]]></description>
<type>input</type>
<default_value>1-6</default_value>
</field>
<field>
- <name>MISCELLANEOUS CONFIGURATION</name>
+ <name>Miscellaneous Configuration</name>
<type>listtopic</type>
</field>
<field>
diff --git a/config/freeradius2/freeradiussqlconf.xml b/config/freeradius2/freeradiussqlconf.xml
index ccad7faa..c45f423d 100644
--- a/config/freeradius2/freeradiussqlconf.xml
+++ b/config/freeradius2/freeradiussqlconf.xml
@@ -331,7 +331,7 @@
<field>
<fielddescr>Read Clients from Database</fielddescr>
<fieldname>varsqlconfreadclients</fieldname>
- <description><![CDATA[Set to <b>yes</b> to read radius clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
+ <description><![CDATA[Set to <b>yes</b> to read RADIUS clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
<type>select</type>
<default_value>yes</default_value>
<options>
@@ -599,7 +599,7 @@
<field>
<fielddescr>Read Clients from Database</fielddescr>
<fieldname>varsqlconf2readclients</fieldname>
- <description><![CDATA[Set to <b>yes</b> to read radius clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
+ <description><![CDATA[Set to <b>yes</b> to read RADIUS clients from the database ('nas' table). Clients will only be read on server startup. (Default: yes)]]></description>
<type>select</type>
<default_value>yes</default_value>
<options>