aboutsummaryrefslogtreecommitdiffstats
path: root/config/freeradius2
diff options
context:
space:
mode:
Diffstat (limited to 'config/freeradius2')
-rwxr-xr-xconfig/freeradius2/freeradius.xml141
-rwxr-xr-xconfig/freeradius2/freeradiusclients.xml13
-rwxr-xr-xconfig/freeradius2/freeradiusinterfaces.xml23
-rwxr-xr-xconfig/freeradius2/freeradiussettings.xml126
4 files changed, 165 insertions, 138 deletions
diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml
index 40685657..c58f35d7 100755
--- a/config/freeradius2/freeradius.xml
+++ b/config/freeradius2/freeradius.xml
@@ -46,7 +46,7 @@
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>freeradius</name>
- <version>1.1.2</version>
+ <version>2.1.12</version>
<title>FreeRADIUS: Users</title>
<include_file>/usr/local/pkg/freeradius.inc</include_file>
<menu>
@@ -92,7 +92,7 @@
<fieldname>description</fieldname>
</columnitem>
<columnitem>
- <fielddescr>IP address</fielddescr>
+ <fielddescr>IP Address</fielddescr>
<fieldname>ip</fieldname>
</columnitem>
<columnitem>
@@ -100,19 +100,19 @@
<fieldname>subnetmask</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Multiple Connection</fielddescr>
+ <fielddescr>Simultaneous Connections</fielddescr>
<fieldname>multiconnect</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Expiration</fielddescr>
+ <fielddescr>Expiration Time</fielddescr>
<fieldname>expiration</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Session time</fielddescr>
+ <fielddescr>Session Time</fielddescr>
<fieldname>sessiontime</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Online time</fielddescr>
+ <fielddescr>Online Time</fielddescr>
<fieldname>onlinetime</fieldname>
</columnitem>
<columnitem>
@@ -142,6 +142,10 @@
</additional_files_needed>
<fields>
<field>
+ <name>GENERAL CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
+ <field>
<fielddescr>Username</fielddescr>
<fieldname>username</fieldname>
<description>Enter the username.</description>
@@ -156,102 +160,93 @@
<required/>
</field>
<field>
+ <fielddescr>Number of simultaneous connections</fielddescr>
+ <fieldname>multiconnect</fieldname>
+ <description>The maximum of simultaneous connections with this username.</description>
+ <required/>
+ <type>input</type>
+ </field>
+ <field>
+ <name>NETWORK CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>IP Address</fielddescr>
<fieldname>ip</fieldname>
- <fielddescr>IP address</fielddescr>
- <description><![CDATA[Framed-IP-Address. If you want this user to be assigned a specific IP address from radius, enter the IP
-address here. Continuous IP address is available with "+" suffix(example:192.168.1.5+. It may help for assigning the
-different IP address to multiple simultaneous connections). IMPORTANT, you MUST enter an IP address here if you checked
-"RADIUS issued IP" on vpn pptp or vpn pppoe configuration.]]></description>
+ <description><![CDATA[<b>Framed-IP-Address</b> must be supported by NAS.<br>
+ If you want this user to be assigned a specific IP address from radius, enter the IP address here.<br>
+ Continuous IP address is available with "+" suffix (e.g. 192.168.1.5+). Could be useful for simultaneous connections.<br>
+ <b>IMPORTANT:</b> You must enter an IP address here if you checked "RADIUS issued IP" on VPN PPTP or VPN PPPoE configuration.]]></description>
<type>input</type>
</field>
<field>
- <fieldname>subnetmask</fieldname>
- <fielddescr>subnetmask</fielddescr>
- <description>Framed-IP-Netmask. Needs support of the NAS (Switch) Example: 255.255.255.0</description>
+ <fielddescr>Subnet Mask</fielddescr>
+ <fieldname>subnetmask</fieldname>
+ <description><![CDATA[<b>Framed-IP-Netmask</b> must be supported by NAS. (e.g. 255.255.255.0)]]></description>
<type>input</type>
</field>
<field>
- <fieldname>gateway</fieldname>
- <fielddescr>gateway</fielddescr>
- <description>Framed-Route. Needs support of the NAS (Switch). Order is: Subnet Gateway Metric Example: 192.168.10.0 192.168.10.1 1</description>
+ <fielddescr>Gateway</fielddescr>
+ <fieldname>gateway</fieldname>
+ <description><![CDATA[<b>Framed-Route</b> must be supported by NAS. Format is: Subnet Gateway Metric (e.g. 192.168.10.0 192.168.10.1 1).]]></description>
<type>input</type>
</field>
<field>
- <fieldname>multiconnect</fieldname>
- <fielddescr>Number of Multiple connection</fielddescr>
- <description>The available number of multiple simultaneous connections with this username.</description>
- <required/>
+ <fielddescr>VLAN ID</fielddescr>
+ <fieldname>vlanid</fieldname>
+ <description><![CDATA[
+ Enter the VLAN ID (integer from 1-4095) or the VLAN name that this username should be assigned to.<br>
+ Must be supported by the NAS.<br>
+ This setting can be used for a NAS that supports the following RADIUS parameters:<br><br>
+ Tunnel-Type = VLAN<br>
+ Tunnel-Medium-Type = IEEE-802<br>
+ Tunnel-Private-Group-ID = "<b>THIS IS YOUR INPUT</b>"]]>
+ </description>
<type>input</type>
+ </field>
+ <field>
+ <name>TIME CONFIGURATION</name>
+ <type>listtopic</type>
</field>
<field>
- <fieldname>expiration</fieldname>
- <fielddescr>Expiration</fielddescr>
- <description>You may enter the date that this account will stop working here.use Mmm dd yyyy example: 01 Jan 2007 will be Jan 01 2007</description>
+ <fielddescr>Expiration Time</fielddescr>
+ <fieldname>expiration</fieldname>
+ <description>Enter the date when this account should expire. Format is: Mmm dd yyyy (e.g. Jan 01 2012).</description>
<type>input</type>
</field>
<field>
- <fieldname>sessiontime</fieldname>
- <fielddescr>Session time</fielddescr>
- <description>Time this user has until relogin in seconds</description>
+ <fielddescr>Session Time</fielddescr>
+ <fieldname>sessiontime</fieldname>
+ <description>Enter the time this user has until relogin in seconds.</description>
<type>input</type>
</field>
<field>
- <fieldname>onlinetime</fieldname>
<fielddescr>Online time</fielddescr>
- <description><![CDATA[A time string may be a list of simple time strings separated with vertical bars `|' or commas `,'.
-
-Each simple time string must begin either with a day-of-week abbreviation (one of `Su', `Mo', `Tu', `We', `Th', `Fr', `Sa'), or `Wk' for any day from Monday to Friday inclusive, or `Any' or `Al' for any day.
-
-Following the day may be a range of hours separated with a hyphen, using 24-hour time. The range of hours may cross 0; for example `2300-0700' means any time except 7 AM to 11 PM. If no time is given, calls may be made at any time on the specified day(s).
-
-The time string may also be the single word `Never', which does not match any time.
-
-Here are a few sample time strings with an explanation of what they mean.
-
-`Wk2305-0855,Sa,Su2305-1655'
-
- This means weekdays before 8:55 AM or after 11:05 PM, any time Saturday, or Sunday before 4:55 PM or after 11:05 PM. These are approximately the times during which night rates apply to phone calls in the U.S.A. Note that this time string uses, for example, `2305' rather than `2300'; this will ensure a cheap rate even if the computer clock is running up to five minutes ahead of the real time.
-
-`Wk0905-2255,Su1705-2255'
-
- This means weekdays from 9:05 AM to 10:55 PM, or Sunday from 5:05 PM to 10:55 PM. This is approximately the opposite of the previous example.
-
-`Any'
-
- This means any day. Since no time is specified, it means any time on any day.]]></description>
+ <fieldname>onlinetime</fieldname>
+ <description><![CDATA[Enter the time when this user should have access. If no time is entered it means "always".<br>
+ Every time string contains a day (Mo,Tu,We,Th,Fr,Sa,Su) or all weekdays which is from monday till friday (Wk).<br><br>
+ <b>Wk0855-2305,Sa,Su2230-0230</b><br><br>
+ This means weekdays after 8:55 AM and before 11:05 PM | any time on saturday | sunday after 10:30 PM and before 02:30 AM.]]></description>
<type>input</type>
</field>
<field>
- <fieldname>description</fieldname>
- <fielddescr>Description</fielddescr>
- <description>You may enter a description here for your reference (not parsed).</description>
- <type>input</type>
- </field>
+ <name>MISCELLANEOUS CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
<field>
- <fieldname>vlanid</fieldname>
- <fielddescr>VLAN ID</fielddescr>
- <description><![CDATA[
- Enter the VLAN ID (integer from 1-4095) OR the VLAN name that this user/device should be assigned. In general, this parameter is used in conjunction with switches and access points that support mac-based authentication.<br><br>
-
- This setting can be used for switches/wireless access points that support the following radius parameters:<br>
- Tunnel-Type = VLAN<br>
- Tunnel-Medium-Type = IEEE-802<br>
- Tunnel-Private-Group-ID = "insert vlan identifier here"<br><br>
-
- This was implemented and tested with HP Procurve Switches (3500yl, and 2626). HP Procurve switches support using either the VLAN ID or the VLAN name, while other switches will only work using the VLAN ID.
- ]]>
- </description>
+ <fielddescr>Description</fielddescr>
+ <fieldname>description</fieldname>
+ <description>Enter any description for this user you like.</description>
<type>input</type>
</field>
<field>
- <fieldname>additionaloptions</fieldname>
<fielddescr>Additional RADIUS Options</fielddescr>
- <description><![CDATA[
- Experts only.<br>
- You may append extra custom RADIUS options to this user account (separated by commas).<br>
- IMPORTANT: If you don't format this field correctly, FreeRADIUS may not properly start because the users file will contain a syntax error.
- ]]>
+ <fieldname>additionaloptions</fieldname>
+ <description><![CDATA[This is for experts only and should be treat with care!<br>
+ You may append (after all options from above) custom RADIUS options to this user account (separated by commas).<br>
+ <b>IMPORTANT:</b> If you don't format this field correctly freeRADIUS will not start because of syntax errors.<br>
+ Verify your changes by checking users file (/usr/local/etc/raddb/users).]]>
</description>
<type>textarea</type>
<rows>10</rows>
diff --git a/config/freeradius2/freeradiusclients.xml b/config/freeradius2/freeradiusclients.xml
index 6719c6b4..2b5d9d0c 100755
--- a/config/freeradius2/freeradiusclients.xml
+++ b/config/freeradius2/freeradiusclients.xml
@@ -86,7 +86,7 @@
<fieldname>varclientproto</fieldname>
</columnitem>
<columnitem>
- <fielddescr>Client NAS Type</fielddescr>
+ <fielddescr>Client Type</fielddescr>
<fieldname>varclientnastype</fieldname>
</columnitem>
<columnitem>
@@ -104,6 +104,10 @@
</adddeleteeditpagefields>
<fields>
<field>
+ <name>GENERAL CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
+ <field>
<fielddescr>Client IP Address</fielddescr>
<fieldname>varclientip</fieldname>
<description>Enter the IP address of the client. This is in general the IP of the NAS (switch,accesspoint).</description>
@@ -136,6 +140,10 @@
<required/>
</field>
<field>
+ <name>MISCELLANEOUS CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
+ <field>
<fielddescr>Client Protocol</fielddescr>
<fieldname>varclientproto</fieldname>
<description>Enter the protocol the client uses. (Default: udp)</description>
@@ -145,10 +153,9 @@
<option><name>UDP</name><value>udp</value></option>
<option><name>TCP</name><value>tcp</value></option>
</options>
- <required/>
</field>
<field>
- <fielddescr>Client NAS Type</fielddescr>
+ <fielddescr>Client Type</fielddescr>
<fieldname>varclientnastype</fieldname>
<description>Enter the NAS type of the client. This is used by checkrad.pl for simultaneous use checks. (Default: other)</description>
<type>select</type>
diff --git a/config/freeradius2/freeradiusinterfaces.xml b/config/freeradius2/freeradiusinterfaces.xml
index f2de1008..c00cd6b1 100755
--- a/config/freeradius2/freeradiusinterfaces.xml
+++ b/config/freeradius2/freeradiusinterfaces.xml
@@ -11,7 +11,7 @@
part of pfSense (http://www.pfSense.com)
Copyright (C) 2007 to whom it may belong
All rights reserved.
-
+
Based on m0n0wall (http://m0n0.ch/wall)
Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
All rights reserved.
@@ -42,7 +42,7 @@
/* ========================================================================== */
]]>
</copyright>
- <description>Describe your package here.</description>
+ <description>Describe your package here</description>
<requirements>Describe your package requirements here</requirements>
<faq>Currently there are no FAQ items provided.</faq>
<name>freeradiusinterfaces</name>
@@ -70,7 +70,7 @@
</tabs>
<adddeleteeditpagefields>
<columnitem>
- <fielddescr>Listening Interface</fielddescr>
+ <fielddescr>Interface IP Address</fielddescr>
<fieldname>varinterfaceip</fieldname>
</columnitem>
<columnitem>
@@ -92,9 +92,13 @@
</adddeleteeditpagefields>
<fields>
<field>
- <fielddescr>Listening Interface</fielddescr>
+ <name>GENERAL CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Interface IP Address</fielddescr>
<fieldname>varinterfaceip</fieldname>
- <description>Enter the IP address of the listening interface. e.g. 192.168.100.1 (Default: *)</description>
+ <description><![CDATA[Enter the IP address of the listening interface. e.g. 192.168.100.1 (Default: *)]]></description>
<type>input</type>
<default_value>*</default_value>
<required/>
@@ -102,7 +106,12 @@
<field>
<fielddescr>Port</fielddescr>
<fieldname>varinterfaceport</fieldname>
- <description>Enter the port number of the listening interface. e.g. 1812 (Default: 1812)</description>
+ <description><![CDATA[Enter the port number of the listening interface. Different interface types need different ports.<br>
+ You could use this as an example:<br>
+ auth = 1812<br>
+ acct = 1813<br>
+ proxy = 1814<br>
+ <b>IMPORTANT:</b> For <b>every interface type</b> listening on the <b>same IP address</b> you need <b>different ports</b>.]]></description>
<type>input</type>
<default_value>1812</default_value>
<required/>
@@ -148,4 +157,4 @@
<custom_php_resync_config_command>
freeradius_settings_resync();
</custom_php_resync_config_command>
-</packagegui>
+</packagegui> \ No newline at end of file
diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml
index 286cc1fd..e918c249 100755
--- a/config/freeradius2/freeradiussettings.xml
+++ b/config/freeradius2/freeradiussettings.xml
@@ -71,61 +71,8 @@
</tabs>
<fields>
<field>
- <fielddescr>Logging Destination of RADIUS</fielddescr>
- <fieldname>varsettingslogdir</fieldname>
- <description>Choose the destination where freeRADIUS should log. Logging must be enabled.(Default: radius.log)</description>
- <type>select</type>
- <default_value>files</default_value>
- <options>
- <option><name>/var/log/radius.log</name><value>files</value></option>
- <option><name>System Logs -> System</name><value>syslog</value></option>
- <option><name>stdout</name><value>stdout</value></option>
- <option><name>stderr</name><value>stderr</value></option>
- </options>
- </field>
- <field>
- <fielddescr>RADIUS Logging</fielddescr>
- <fieldname>varsettingsauth</fieldname>
- <description>Choose if you want to enable logging. (Default: Disabled)</description>
- <type>select</type>
- <default_value>no</default_value>
- <options>
- <option><name>Disable</name><value>no</value></option>
- <option><name>Enable</name><value>yes</value></option>
- </options>
- </field>
- <field>
- <fielddescr>Log Bad Authentication Attempts</fielddescr>
- <fieldname>varsettingsauthbadpass</fieldname>
- <description>Choose if you want to log bad authentication attempts. Logging must be enabled. (Default: no)</description>
- <type>select</type>
- <default_value>no</default_value>
- <options>
- <option><name>no</name><value>no</value></option>
- <option><name>Log</name><value>yes</value></option>
- </options>
- </field>
- <field>
- <fielddescr>Log good authentication attempts?</fielddescr>
- <fieldname>varsettingsauthgoodpass</fieldname>
- <description>Choose if you want to log good authentication attempts. Logging must be enabled. (Default: no)</description>
- <type>select</type>
- <default_value>no</default_value>
- <options>
- <option><name>no</name><value>no</value></option>
- <option><name>Log</name><value>yes</value></option>
- </options>
- </field>
- <field>
- <fielddescr>Log Stripped Names</fielddescr>
- <fieldname>varsettingsstrippednames</fieldname>
- <description>Choose if you want to log the full User-Name attribute as it was found in the request. Logging must be enabled. (Default: no)</description>
- <type>select</type>
- <default_value>no</default_value>
- <options>
- <option><name>no</name><value>no</value></option>
- <option><name>Log</name><value>yes</value></option>
- </options>
+ <name>GENERAL CONFIGURATION</name>
+ <type>listtopic</type>
</field>
<field>
<fielddescr>Maximum Requests Server</fielddescr>
@@ -193,6 +140,71 @@
</options>
</field>
<field>
+ <name>LOGGING CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
+ <field>
+ <fielddescr>Logging Destination of RADIUS</fielddescr>
+ <fieldname>varsettingslogdir</fieldname>
+ <description>Choose the destination where freeRADIUS should log. Logging must be enabled.(Default: radius.log)</description>
+ <type>select</type>
+ <default_value>files</default_value>
+ <options>
+ <option><name>/var/log/radius.log</name><value>files</value></option>
+ <option><name>System Logs -> System</name><value>syslog</value></option>
+ <option><name>stdout</name><value>stdout</value></option>
+ <option><name>stderr</name><value>stderr</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>RADIUS Logging</fielddescr>
+ <fieldname>varsettingsauth</fieldname>
+ <description>Choose if you want to enable logging. (Default: Disabled)</description>
+ <type>select</type>
+ <default_value>no</default_value>
+ <options>
+ <option><name>Disable</name><value>no</value></option>
+ <option><name>Enable</name><value>yes</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Log Bad Authentication Attempts</fielddescr>
+ <fieldname>varsettingsauthbadpass</fieldname>
+ <description>Choose if you want to log bad authentication attempts. Logging must be enabled. (Default: no)</description>
+ <type>select</type>
+ <default_value>no</default_value>
+ <options>
+ <option><name>no</name><value>no</value></option>
+ <option><name>Log</name><value>yes</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Log good authentication attempts?</fielddescr>
+ <fieldname>varsettingsauthgoodpass</fieldname>
+ <description>Choose if you want to log good authentication attempts. Logging must be enabled. (Default: no)</description>
+ <type>select</type>
+ <default_value>no</default_value>
+ <options>
+ <option><name>no</name><value>no</value></option>
+ <option><name>Log</name><value>yes</value></option>
+ </options>
+ </field>
+ <field>
+ <fielddescr>Log Stripped Names</fielddescr>
+ <fieldname>varsettingsstrippednames</fieldname>
+ <description>Choose if you want to log the full User-Name attribute as it was found in the request. Logging must be enabled. (Default: no)</description>
+ <type>select</type>
+ <default_value>no</default_value>
+ <options>
+ <option><name>no</name><value>no</value></option>
+ <option><name>Log</name><value>yes</value></option>
+ </options>
+ </field>
+ <field>
+ <name>SECURITY CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
+ <field>
<fielddescr>Maximum Number of Attributes</fielddescr>
<fieldname>varsettingsmaxattributes</fieldname>
<description>The maximum number of attributes permitted in a RADIUS packet. Packets which have more than this number of attributes in them will be dropped. (Default: 200)</description>
@@ -207,6 +219,10 @@
<default_value>1</default_value>
</field>
<field>
+ <name>THREAD POOL CONFIGURATION</name>
+ <type>listtopic</type>
+ </field>
+ <field>
<fielddescr>Number of Threads After Start</fielddescr>
<fieldname>varsettingsstartservers</fieldname>
<description>The thread pool is a long-lived group of threads which take turns (round-robin) handling any incoming requests. (Default: 5)</description>