diff options
Diffstat (limited to 'config/freeradius2')
-rw-r--r-- | config/freeradius2/freeradius.inc | 109 | ||||
-rw-r--r-- | config/freeradius2/freeradius.xml | 12 | ||||
-rw-r--r-- | config/freeradius2/freeradiusauthorizedmacs.xml | 10 | ||||
-rw-r--r-- | config/freeradius2/freeradiuscerts.xml | 2 | ||||
-rw-r--r-- | config/freeradius2/freeradiuseapconf.xml | 14 | ||||
-rw-r--r-- | config/freeradius2/freeradiusmodulesldap.xml | 8 | ||||
-rw-r--r-- | config/freeradius2/freeradiussettings.xml | 2 | ||||
-rw-r--r-- | config/freeradius2/freeradiussync.xml | 27 |
8 files changed, 113 insertions, 71 deletions
diff --git a/config/freeradius2/freeradius.inc b/config/freeradius2/freeradius.inc index ac65ed88..35566e22 100644 --- a/config/freeradius2/freeradius.inc +++ b/config/freeradius2/freeradius.inc @@ -149,7 +149,15 @@ function freeradius_install_command() { function freeradius_settings_resync() { global $config; $conf = ''; - + + // We do some checks of some folders which will be deleted after reboot on nanobsd systems + if (!file_exists("/var/log/radacct/")) { exec("mkdir /var/log/radacct"); } + if (!file_exists("/var/log/radacct/datacounter/")) { exec("mkdir /var/log/radacct/datacounter && mkdir /var/log/radacct/datacounter/daily && mkdir /var/log/radacct/datacounter/weekly && mkdir /var/log/radacct/datacounter/monthly && mkdir /var/log/radacct/datacounter/forever"); } + if (!file_exists("/var/log/radacct/timecounter/")) { exec("mkdir /var/log/radacct/timecounter"); } + if (!file_exists("/var/log/radutmp")) { exec("touch /var/log/radutmp"); } + if (!file_exists("/var/log/radwtmp")) { exec("touch /var/log/radwtmp"); } + if (!file_exists("/var/log/radacct/")) { exec("chown -R root:wheel /var/log/radacct"); } + $varsettings = $config['installedpackages']['freeradiussettings']['config'][0]; // Variables: General configuration @@ -2457,7 +2465,7 @@ else { return; } // Read-only because of embedded systems -conf_mount_r0(); +conf_mount_ro(); } //end of function // ##### The following part is based on the code of pfblocker ##### @@ -2472,22 +2480,24 @@ function freeradius_sync_on_changes() { return; } - log_error("freeRADIUS is starting XMLRPC process (freeradius_do_xmlrpc_sync)."); + log_error("FreeRADIUS: Starting XMLRPC process (freeradius_do_xmlrpc_sync)."); // if checkbox is checked get IP and password of the destination hosts foreach ($config['installedpackages']['freeradiussync']['config'] as $rs ){ foreach($rs['row'] as $sh){ - $sync_to_ip = $sh['varsyncipaddress']; - $password = $sh['varsyncpassword']; - if($password && $sync_to_ip) - freeradius_do_xmlrpc_sync($sync_to_ip, $password); + $varsyncprotocol = $sh['varsyncprotocol']; + $sync_to_ip = $sh['varsyncipaddress']; + $password = $sh['varsyncpassword']; + $varsyncport = $sh['varsyncport']; + if($password && $sync_to_ip && $varsyncport && $varsyncprotocol) + freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol); } } - log_error("freeRADIUS has finished XMLRPC process (freeradius_do_xmlrpc_sync)."); + log_error("FreeRADIUS: Finished XMLRPC process (freeradius_do_xmlrpc_sync)."); } /* Do the actual XMLRPC sync */ -function freeradius_do_xmlrpc_sync($sync_to_ip, $password) { +function freeradius_do_xmlrpc_sync($sync_to_ip, $password, $varsyncport, $varsyncprotocol) { global $config, $g; if(!$password) @@ -2496,20 +2506,16 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password) { if(!$sync_to_ip) return; + if(!$varsyncport) + return; + + if(!$varsyncprotocol) + return; + // Check and choose correct protocol type, port number and IP address - $xmlrpc_sync_neighbor = $sync_to_ip; - if($config['system']['webgui']['protocol'] != "") { - $synchronizetoip = $config['system']['webgui']['protocol']; - $synchronizetoip .= "://"; - } - $port = $config['system']['webgui']['port']; - /* if port is empty lets rely on the protocol selection */ - if($port == "") { - if($config['system']['webgui']['protocol'] == "http") - $port = "80"; - else - $port = "443"; - } + $synchronizetoip .= "$varsyncprotocol" . '://'; + $port = "$varsyncport"; + $synchronizetoip .= $sync_to_ip; /* xml will hold the sections to sync */ @@ -2526,27 +2532,27 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password) { /* set a few variables needed for sync code borrowed from filter.inc */ $url = $synchronizetoip; - log_error("Beginning freeRADIUS XMLRPC sync with {$url}:{$port}."); + log_error("FreeRADIUS: Beginning FreeRADIUS XMLRPC sync with {$url}:{$port}."); $method = 'pfsense.merge_installedpackages_section_xmlrpc'; $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials('admin', $password); if($g['debug']) $cli->setDebug(1); - /* send our XMLRPC message and timeout after 250 seconds */ - $resp = $cli->send($msg, "250"); + /* send our XMLRPC message and timeout after 150 seconds */ + $resp = $cli->send($msg, "150"); if(!$resp) { - $error = "A communications error occurred while freeRADIUS was attempting XMLRPC sync with {$url}:{$port}."; - log_error($error); + $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port}."; + log_error("FreeRADIUS: $error"); file_notice("sync_settings", $error, "freeradius Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while freeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); - log_error($error); + $resp = $cli->send($msg, "150"); + $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + log_error("FreeRADIUS: $error"); file_notice("sync_settings", $error, "freeradius Settings Sync", ""); } else { - log_error("freeRADIUS XMLRPC has synced data successfully with {$url}:{$port}."); + log_error("FreeRADIUS: XMLRPC has synced data successfully with {$url}:{$port}."); } /* tell freeradius to reload our settings on the destionation sync host. */ @@ -2561,23 +2567,23 @@ function freeradius_do_xmlrpc_sync($sync_to_ip, $password) { XML_RPC_encode($execcmd) ); - log_error("freeRADIUS XMLRPC is reloading data on {$url}:{$port}."); + log_error("FreeRADIUS XMLRPC is reloading data on {$url}:{$port}."); $msg = new XML_RPC_Message($method, $params); $cli = new XML_RPC_Client('/xmlrpc.php', $url, $port); $cli->setCredentials('admin', $password); - $resp = $cli->send($msg, "250"); + $resp = $cli->send($msg, "150"); if(!$resp) { - $error = "A communications error occurred while freeRADIUS was attempting XMLRPC sync with {$url}:{$port} (pfsense.exec_php)."; + $error = "A communications error occurred while FreeRADIUS was attempting XMLRPC sync with {$url}:{$port} (exec_php)."; log_error($error); file_notice("sync_settings", $error, "freeradius Settings Sync", ""); } elseif($resp->faultCode()) { $cli->setDebug(1); - $resp = $cli->send($msg, "250"); - $error = "An error code was received while freeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); + $resp = $cli->send($msg, "150"); + $error = "An error code was received while FreeRADIUS XMLRPC was attempting to sync with {$url}:{$port} - Code " . $resp->faultCode() . ": " . $resp->faultString(); log_error($error); file_notice("sync_settings", $error, "freeradius Settings Sync", ""); } else { - log_error("freeRADIUS XMLRPC has reloaded data successfully on {$url}:{$port} (pfsense.exec_php)."); + log_error("FreeRADIUS: XMLRPC has reloaded data successfully on {$url}:{$port} (exec_php)."); } } @@ -2592,7 +2598,7 @@ function freeradius_all_after_XMLRPC_resync() { freeradius_authorizedmacs_resync(); freeradius_clients_resync(); - log_error("freeRADIUS has finished XMLRPC process. It should be OK. For more information look at the host which started sync."); + log_error("FreeRADIUS: Finished XMLRPC process. It should be OK. For more information look at the host which started sync."); exec("/usr/local/etc/rc.d/radiusd onerestart"); } @@ -4013,15 +4019,25 @@ function freeradius_datacounter_auth_resync() { #!/bin/sh ### USAGE: datacounter_auth.sh USERNAME TIMERANGE ### We need this parameters from freeradius users file and ../raddb/modules/datacounter_acct -USERNAME=`echo -n "\\$1" | sed 's/[^0-9a-zA-Z._-]/X/g' ` +USERNAME=`echo -n "\\$1" | sed 's/[^0-9a-zA-Z._:-]/X/g' ` TIMERANGE=`echo -n "\\$2" | sed 's/[^a-z]//g' ` + +### This is to make sure there is a used-octets file after the cronjob resetted the counter +if [ -e "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME" ] && [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" ]; then + echo 0 > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" +fi + +### The next two lines are just for getting values for logging output +MAXOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"`/1024/1024)) +USEDOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`/1024/1024)) + ### We check if MAX-OCTETS-USERNAME is greater than USED-OCTETS-USERNAME and accept or reject the user if [ `cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"` -gt `cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"` ]; then + logger -f /var/log/system.log "FreeRADIUS: Used amount of \$TIMERANGE traffic by \$USERNAME is \$USEDOCTETSUSERNAMEMB of \$MAXOCTETSUSERNAMEMB MB! The user was accepted!!!" exit 0 else - MAXOCTETSUSERNAMEMB=$((`cat "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME"`/1024/1024)) - logger -f /var/log/system.log "FreeRADIUS: Credentials are probably correct but the user \$USERNAME has reached the \$TIMERANGE Amount of Upload and Download Traffic which is \$MAXOCTETSUSERNAMEMB MB! The user was rejected!!!" + logger -f /var/log/system.log "FreeRADIUS: Credentials are probably correct but the user \$USERNAME has reached the \$TIMERANGE Amount of Upload and Download Traffic which is \$USEDOCTETSUSERNAMEMB of \$MAXOCTETSUSERNAMEMB MB! The user was rejected!!!" exit 99 fi EOD; @@ -4042,7 +4058,7 @@ function freeradius_datacounter_acct_resync() { #!/bin/sh ### USAGE: datacounter_acct.sh USERNAME TIMERANGE ACCTINPUTOCTETS ACCTOUTPUTOCTETS ### We need this from an Accounting-Request packet to count the octets -USERNAME=`echo -n "\\$1" | sed 's/[^0-9a-zA-Z._-]/X/g' ` +USERNAME=`echo -n "\\$1" | sed 's/[^0-9a-zA-Z.:_-]/X/g' ` TIMERANGE=`echo -n "\\$2" | sed 's/[^a-z]//g' ` ACCTINPUTOCTETS=`echo -n "\\$3" | sed 's/[^0-9]/0/g' ` ACCTOUTPUTOCTETS=`echo -n "\\$4" | sed 's/[^0-9]/0/g' ` @@ -4055,12 +4071,19 @@ if [ ! \$ACCTOUTPUTOCTETS ]; then ACCTOUTPUTOCTETS=0 fi -### We only write this to file if username exists +### We only write this to the file if username exists ### If all counters are activated (daily, weekly, monthly, forever) we need to check which is active for the user if [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/max-octets-\$USERNAME" ]; then exit 0 else + ### If no used-octets file exist then we assume that it was deleted by cron job and we need to create a new file starting from zero + if [ ! -e "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" ]; then + echo 0 > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" + fi +### The following two lines (chose the one or the other) are a bad workaround to make accounting accurate with stop/start accounting on pfsense 2.0.1 - it only works if the session will not be interrupted (host disconnects) +### USEDOCTETS=\$((\$ACCTINPUTOCTETS+\$ACCTOUTPUTOCTETS)) USEDOCTETS=\$((\$ACCTINPUTOCTETS+\$ACCTOUTPUTOCTETS+`cat "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME"`)) + echo "\$USEDOCTETS" > "/var/log/radacct/datacounter/\$TIMERANGE/used-octets-\$USERNAME" exit 0 fi diff --git a/config/freeradius2/freeradius.xml b/config/freeradius2/freeradius.xml index fbd47013..4cdea6c3 100644 --- a/config/freeradius2/freeradius.xml +++ b/config/freeradius2/freeradius.xml @@ -209,13 +209,13 @@ <field> <fielddescr>Username</fielddescr> <fieldname>varusersusername</fieldname> - <description><![CDATA[Enter the username. Whitespace is possible. If you do not want to use username/password but custom options then leave this empty.]]></description> + <description><![CDATA[Enter the username. Whitespace is possible. If you do not want to use username/password but custom options then leave this field empty.]]></description> <type>input</type> </field> <field> <fielddescr>Password</fielddescr> <fieldname>varuserspassword</fieldname> - <description><![CDATA[Enter the password for this username. If you do not want to use username/password but custom options then leave this empty.]]></description> + <description><![CDATA[Enter the password for this username. If you do not want to use username/password but custom options then leave this field empty.]]></description> <type>password</type> </field> <field> @@ -256,13 +256,13 @@ <field> <fielddescr>Number of simultaneous connections</fielddescr> <fieldname>varuserssimultaneousconnect</fieldname> - <description><![CDATA[The maximum of simultaneous connections with this username. If you leave this field empty than there is no limit. If you are using FreeRADIUS with CaptivePortal you should leave this empty.]]></description> + <description><![CDATA[The maximum of simultaneous connections with this username. If you leave this field empty than there is no limit. If you are using FreeRADIUS with CaptivePortal you should leave this empty. Read the documentation!]]></description> <type>input</type> </field> <field> <fielddescr>Redirection URL</fielddescr> <fieldname>varuserswisprredirectionurl</fieldname> - <description><![CDATA[Enter the URL the user should be redirected to after successfull login. (e.g.: http://www.pfsense.org)]]></description> + <description><![CDATA[Enter the URL the user should be redirected to after successfull login. (e.g.: http://www.google.com)]]></description> <type>input</type> </field> <field> @@ -360,13 +360,13 @@ <field> <fielddescr>Amount of Download and Upload Traffic</fielddescr> <fieldname>varusersmaxtotaloctets</fieldname> - <description><![CDATA[Enter the amount of download and upload traffic (summarized) for this user in <b>MegaByte (MB)</b>. There is a bug in CaptivePortal which counts the traffic six times faster than in reality. So if a user should have 1MB of traffic you must calculate 6*1MB.]]></description> + <description><![CDATA[Enter the amount of download and upload traffic (summarized) for this user in <b>MegaByte (MB)</b>. There is a bug in CP which counts the real traffic six times faster. To set a real limit of 100MB you have to enter 600MB here.]]></description> <type>input</type> </field> <field> <fielddescr>Time Period</fielddescr> <fieldname>varusersmaxtotaloctetstimerange</fieldname> - <description><![CDATA[Select the time period for the amount of download and upload traffic.]]></description> + <description><![CDATA[Select the time period for the amount of download and upload traffic. This does not automatically reset the counter. You need to setup a cronjob (with cron package) which will reset the counter. Read the documentation!]]></description> <type>select</type> <default_value>daily</default_value> <options> diff --git a/config/freeradius2/freeradiusauthorizedmacs.xml b/config/freeradius2/freeradiusauthorizedmacs.xml index f9d9abe9..02bf2d2b 100644 --- a/config/freeradius2/freeradiusauthorizedmacs.xml +++ b/config/freeradius2/freeradiusauthorizedmacs.xml @@ -205,7 +205,7 @@ <field> <fielddescr>MAC Address</fielddescr> <fieldname>varmacsaddress</fieldname> - <description><![CDATA[Enter the MAC address.Format must be: 0a-1b-2c-4d-5f-fa<br>If you do not want to use MAC address but custom options then leave this empty.]]></description> + <description><![CDATA[Enter the MAC address.Format must be: 0a-1b-2c-4d-5f-fa<br>If you do not want to use MAC address but custom options then leave this field empty.]]></description> <type>input</type> </field> <field> @@ -215,13 +215,13 @@ <field> <fielddescr>Redirection URL</fielddescr> <fieldname>varmacsswisprredirectionurl</fieldname> - <description><![CDATA[Enter the URL the MAC should be redirected to after successfull login. (e.g.: http://www.pfsense.org)]]></description> + <description><![CDATA[Enter the URL the MAC should be redirected to after successfull login. (e.g.: http://www.google.com)]]></description> <type>input</type> </field> <field> <fielddescr>Number of simultaneous connections</fielddescr> <fieldname>varmacssimultaneousconnect</fieldname> - <description><![CDATA[The maximum of simultaneous connections with this MAC address. If you leave this field empty than there is no limit. If you are using FreeRADIUS with CaptivePortal you should leave this empty.]]></description> + <description><![CDATA[The maximum of simultaneous connections with this MAC address. If you leave this field empty than there is no limit. If you are using FreeRADIUS with CaptivePortal you should leave this empty. Read the documentation!]]></description> <default_value></default_value> <type>input</type> </field> @@ -319,13 +319,13 @@ <field> <fielddescr>Amount of Download and Upload Traffic</fielddescr> <fieldname>varmacsmaxtotaloctets</fieldname> - <description><![CDATA[Enter the amount of download and upload traffic (summarized) for this MAC in <b>MegaByte (MB)</b>. There is a bug in CaptivePortal which counts the traffic six times faster than in reality. So if a user should have 1MB of traffic you must calculate 6*1MB.]]></description> + <description><![CDATA[Enter the amount of download and upload traffic (summarized) for this MAC in <b>MegaByte (MB)</b>. There is a bug in CP which counts the real traffic six times faster. To set a real limit of 100MB you have to enter 600MB here.]]></description> <type>input</type> </field> <field> <fielddescr>Time Period</fielddescr> <fieldname>varmacsmaxtotaloctetstimerange</fieldname> - <description><![CDATA[Select the time period for the amount of download and upload traffic.]]></description> + <description><![CDATA[Select the time period for the amount of download and upload traffic. This does not automatically reset the counter. You need to setup a cronjob (with cron package) which will reset the counter. Read the documentation!]]></description> <type>select</type> <default_value>daily</default_value> <options> diff --git a/config/freeradius2/freeradiuscerts.xml b/config/freeradius2/freeradiuscerts.xml index e3f6365d..21f18643 100644 --- a/config/freeradius2/freeradiuscerts.xml +++ b/config/freeradius2/freeradiuscerts.xml @@ -124,7 +124,7 @@ This page uses the freeradius2 built-in script called "bootstrap" to create CA and certs. The disatvantage of this script is that nothing of your changes will be saved in the global config.xml file. So after a systemcrash or reinstallation of freeradius2 package all your CA and certs will be lost. If you have a backup of all these files on an USB stick or another server than you can copy them back in the freeradius certs folder.<br><br> - <b>The better way is to use the pfsense built-in Cert Manager (SYSTEM-> Cert Manager).</b> The CA-Cert and Server-Cert you created there you just have to choose in EAP. + <b>The better way is to use the firewall's built-in Cert Manager (SYSTEM-> Cert Manager).</b> The CA-Cert and Server-Cert you created there you just have to choose in EAP. The advantage of this is that all your CA and certs will be saved in global config.xml and can be restored.]]></description> <type>input</type> <required/> diff --git a/config/freeradius2/freeradiuseapconf.xml b/config/freeradius2/freeradiuseapconf.xml index b5358c37..ac761523 100644 --- a/config/freeradius2/freeradiuseapconf.xml +++ b/config/freeradius2/freeradiuseapconf.xml @@ -164,26 +164,26 @@ <type>listtopic</type> </field> <field> - <fielddescr>Choose pfSense Cert-Manager</fielddescr> + <fielddescr>Choose Cert-Manager</fielddescr> <fieldname>vareapconfchoosecertmanager</fieldname> <description><![CDATA[Choose your Cert manager. By default it is the freeradius cert manager because the server needs some default certs to start service. For more information take al look at "Certificates"-Tab.<br> - To use the pfsense Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br> + To use the firewall's built-in Cert Manager you have to create a CA and an Server Certificate first. (SYSTEM -> Cert Manager).<br><br> <b>uncheked</b>: FreeRADIUS Cert-Manager (not recommended) (Default: unchecked)<br> - <b>cheked</b>: pfSense Cert-Manager (recommended)]]></description> + <b>cheked</b>: Firewall Cert-Manager (recommended)]]></description> <type>checkbox</type> <enablefields>ssl_ca_cert,ssl_server_cert,vareapconfenableclientp12</enablefields> </field> <field> <fielddescr>Private Key Password</fielddescr> <fieldname>vareapconfprivatekeypassword</fieldname> - <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by pfSense Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description> + <description><![CDATA[By default the certificates created by freeradius are protected with an "input/ouput" password from reading the certificate. The certificates created by the firewall's built-in Cert Manager are not protected so you must leave this field empty. (Default: whatever)]]></description> <type>password</type> <default_value>whatever</default_value> </field> <field> <fielddescr>SSL CA Certificate</fielddescr> <fieldname>ssl_ca_cert</fieldname> - <description><![CDATA[Choose the SSL CA Certficate here which you created with the pfSense Cert Manager.<br> + <description><![CDATA[Choose the SSL CA Certficate here which you created with the firewall's Cert Manager.<br> Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> <type>select_source</type> <source><![CDATA[freeradius_get_ca_certs()]]></source> @@ -193,7 +193,7 @@ <field> <fielddescr>SSL Server Certificate</fielddescr> <fieldname>ssl_server_cert</fieldname> - <description><![CDATA[Choose the SSL Server Certficate here which you created with the pfSense Cert Manager.<br> + <description><![CDATA[Choose the SSL Server Certficate here which you created with the firewall's Cert Manager.<br> Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> <type>select_source</type> <source><![CDATA[freeradius_get_server_certs()]]></source> @@ -210,7 +210,7 @@ <field> <fielddescr>SSL Client Certificate</fielddescr> <fieldname>ssl_client_cert</fieldname> - <description><![CDATA[Choose the SSL Client Certficate here which you created with the pfSense Cert Manager.<br> + <description><![CDATA[Choose the SSL Client Certficate here which you created with the firewall's Cert Manager.<br> Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> <type>select_source</type> <source><![CDATA[freeradius_get_server_certs()]]></source> diff --git a/config/freeradius2/freeradiusmodulesldap.xml b/config/freeradius2/freeradiusmodulesldap.xml index f6619afd..0fa98493 100644 --- a/config/freeradius2/freeradiusmodulesldap.xml +++ b/config/freeradius2/freeradiusmodulesldap.xml @@ -354,7 +354,7 @@ <field> <fielddescr>SSL CA Certificate</fielddescr> <fieldname>ssl_ca_cert1</fieldname> - <description><![CDATA[Choose the SSL CA Certficate here which you created with the pfSense Cert Manager.<br> + <description><![CDATA[Choose the SSL CA Certficate here which you created with the firewall's Cert Manager.<br> Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> <type>select_source</type> <source><![CDATA[freeradius_get_ca_certs()]]></source> @@ -364,7 +364,7 @@ <field> <fielddescr>SSL Server Certificate</fielddescr> <fieldname>ssl_server_cert1</fieldname> - <description><![CDATA[Choose the SSL Server Certficate here which you created with the pfSense Cert Manager.<br> + <description><![CDATA[Choose the SSL Server Certficate here which you created with the firewall's Cert Manager.<br> Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> <type>select_source</type> <source><![CDATA[freeradius_get_server_certs()]]></source> @@ -665,7 +665,7 @@ <field> <fielddescr>SSL CA Certificate</fielddescr> <fieldname>ssl_ca_cert2</fieldname> - <description><![CDATA[Choose the SSL CA Certficate here which you created with the pfSense Cert Manager.<br> + <description><![CDATA[Choose the SSL CA Certficate here which you created with the firewall's Cert Manager.<br> Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> <type>select_source</type> <source><![CDATA[freeradius_get_ca_certs()]]></source> @@ -675,7 +675,7 @@ <field> <fielddescr>SSL Server Certificate</fielddescr> <fieldname>ssl_server_cert2</fieldname> - <description><![CDATA[Choose the SSL Server Certficate here which you created with the pfSense Cert Manager.<br> + <description><![CDATA[Choose the SSL Server Certficate here which you created with the firewall's Cert Manager.<br> Choose "none" if you do not use any kind of certificates or the freeradius Cert Manager. (Default: none)]]></description> <type>select_source</type> <source><![CDATA[freeradius_get_server_certs()]]></source> diff --git a/config/freeradius2/freeradiussettings.xml b/config/freeradius2/freeradiussettings.xml index afa890d4..4bc98723 100644 --- a/config/freeradius2/freeradiussettings.xml +++ b/config/freeradius2/freeradiussettings.xml @@ -323,7 +323,7 @@ <field> <fielddescr>OTP Lifetime</fielddescr> <fieldname>varsettingsmotptimespan</fieldname> - <description><![CDATA[Enter the lifetime of the OTP. 1=10, 2=20s, 3=30s (Default: 2)]]></description> + <description><![CDATA[Enter the lifetime of the OTP. 1=10s, 2=20s, 3=30s (Default: 2)]]></description> <type>input</type> <default_value>2</default_value> </field> diff --git a/config/freeradius2/freeradiussync.xml b/config/freeradius2/freeradiussync.xml index 27f4fe80..334a98f3 100644 --- a/config/freeradius2/freeradiussync.xml +++ b/config/freeradius2/freeradiussync.xml @@ -118,7 +118,8 @@ POSSIBILITY OF SUCH DAMAGE. <fielddescr>Automatically sync freeRADIUS configuration changes?</fielddescr> <fieldname>varsyncenablexmlrpc</fieldname> <description><![CDATA[All changes will be synced immediately to the IPs listed below if this option is checked.<br> - <b>Important:</b> Only <b>Users</b>, <b>MACs</b> and <b>NAS / Clients</b> will be synced.]]></description> + Only <b>Users</b>, <b>MACs</b> and <b>NAS / Clients</b> will be synced.<br> + <b>Important:</b> Only sync from host A to B, A to C but <b>do not</B> enable XMLRPC sync <b>to</b> A. This will result in a loop!]]></description> <type>checkbox</type> </field> <field> @@ -127,14 +128,32 @@ POSSIBILITY OF SUCH DAMAGE. <type>rowhelper</type> <rowhelper> <rowhelperfield> - <fielddescr>Destination IP Address</fielddescr> + <fielddescr>GUI Protocol</fielddescr> + <fieldname>varsyncprotocol</fieldname> + <description><![CDATA[Choose the protocol of the destination host. Probably <b>http</b> or <b>https</b>]]></description> + <type>select</type> + <default_value>HTTP</default_value> + <options> + <option><name>HTTP</name><value>http</value></option> + <option><name>HTTPS</name><value>https</value></option> + </options> + </rowhelperfield> + <rowhelperfield> + <fielddescr>GUI IP-Address</fielddescr> <fieldname>varsyncipaddress</fieldname> <description><![CDATA[IP Address of the destination host.]]></description> <type>input</type> - <size>20</size> + <size>15</size> + </rowhelperfield> + <rowhelperfield> + <fielddescr>GUI Port</fielddescr> + <fieldname>varsyncport</fieldname> + <description><![CDATA[Choose the port of the destination host.]]></description> + <type>input</type> + <size>3</size> </rowhelperfield> <rowhelperfield> - <fielddescr>Destination Admin Password</fielddescr> + <fielddescr>GUI Admin Password</fielddescr> <fieldname>varsyncpassword</fieldname> <description><![CDATA[Password of the user "admin" on the destination host.]]></description> <type>password</type> |